diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-11-16 18:29:34 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-11-16 18:29:34 +0000 |
| commit | 859ed624d67a2b720bee220f9d19e4bda36e81f3 (patch) | |
| tree | 5f7554c8e19906368bfe5ad0c6d73d1ce09417d9 | |
| parent | Only perform revoke(2) on tty cdevs. Others paths return ENOTTY. (diff) | |
| download | wireguard-openbsd-859ed624d67a2b720bee220f9d19e4bda36e81f3.tar.xz wireguard-openbsd-859ed624d67a2b720bee220f9d19e4bda36e81f3.zip | |
Permit revoke(2) for a pledge "rpath tty"
ok millert semarie tedu guenther
| -rw-r--r-- | lib/libc/sys/pledge.2 | 11 | ||||
| -rw-r--r-- | sys/kern/kern_pledge.c | 4 | ||||
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 3 |
3 files changed, 14 insertions, 4 deletions
diff --git a/lib/libc/sys/pledge.2 b/lib/libc/sys/pledge.2 index e4031ce6179..4222039ed22 100644 --- a/lib/libc/sys/pledge.2 +++ b/lib/libc/sys/pledge.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pledge.2,v 1.13 2015/11/06 06:46:52 mmcc Exp $ +.\" $OpenBSD: pledge.2,v 1.14 2015/11/16 18:29:34 deraadt Exp $ .\" .\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 6 2015 $ +.Dd $Mdocdate: November 16 2015 $ .Dt PLEDGE 2 .Os .Sh NAME @@ -405,6 +405,13 @@ used by tty devices: .Dv TIOCSETAW and .Dv TIOCSETAF . +.Pp +If +.Va "tty" +is accompanied with +.Va "rpath", +.Xr revoke 2 +is permitted. .It Va "proc" Allows the following process relationship operations: .Pp diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index dcc264362c2..c247848a95d 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.110 2015/11/16 17:41:45 pascal Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.111 2015/11/16 18:29:35 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -267,6 +267,8 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = { [SYS_chroot] = PLEDGE_ID, /* also requires PLEDGE_PROC */ + [SYS_revoke] = PLEDGE_TTY, /* also requires PLEDGE_RPATH */ + /* * Classify as RPATH|WPATH, because of path information leakage. * WPATH due to unknown use of mk*temp(3) on non-/tmp paths.. diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index a9c54315572..e6f2519320d 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.241 2015/11/16 18:25:18 deraadt Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.242 2015/11/16 18:29:35 deraadt Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -2825,6 +2825,7 @@ sys_revoke(struct proc *p, void *v, register_t *retval) struct nameidata nd; NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); + nd.ni_pledge = PLEDGE_RPATH | PLEDGE_TTY; if ((error = namei(&nd)) != 0) return (error); vp = nd.ni_vp; |