diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-02 05:30:30 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-02 05:30:30 +0000 |
| commit | 2dd4ad61788d7502d7e35eaad41b7bb33da52ba8 (patch) | |
| tree | dc8804fa5466af2dd0898912150bea9c13b3fe1c | |
| parent | Add ktracing of argv and envp to execve(2), with envp not traced by default (diff) | |
| download | wireguard-openbsd-2dd4ad61788d7502d7e35eaad41b7bb33da52ba8.tar.xz wireguard-openbsd-2dd4ad61788d7502d7e35eaad41b7bb33da52ba8.zip | |
Actually, open of /etc/spwd.db must be handled by returning EPERM, not
dropping through to to the kill path. The best way to understand this
is id(1). It calls getpwuid, which tries /etc/spwd.db before
/etc/pwd.db ...
| -rw-r--r-- | sys/kern/kern_tame.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c index 3d2aa0bca50..0966c380698 100644 --- a/sys/kern/kern_tame.c +++ b/sys/kern/kern_tame.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_tame.c,v 1.50 2015/10/02 02:13:59 deraadt Exp $ */ +/* $OpenBSD: kern_tame.c,v 1.51 2015/10/02 05:30:30 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -501,6 +501,8 @@ tame_namei(struct proc *p, char *origpath) /* getpw* and friends need a few files */ if ((p->p_tamenote == TMN_RPATH) && (p->p_p->ps_tame & TAME_GETPW)) { + if (strcmp(path, "/etc/spwd.db") == 0) + return (EPERM); if (strcmp(path, "/etc/pwd.db") == 0) return (0); if (strcmp(path, "/etc/group") == 0) |