diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-08-31 16:17:53 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-08-31 16:17:53 +0000 |
| commit | bd6be8810b91231fb9147b98c4f1031816a9e692 (patch) | |
| tree | 38ee2de47a0eebcce2b023032b8d6c09e679b14d | |
| parent | In tame mode, return EPERM for *chown if uid/gid change is not towards (diff) | |
| download | wireguard-openbsd-bd6be8810b91231fb9147b98c4f1031816a9e692.tar.xz wireguard-openbsd-bd6be8810b91231fb9147b98c4f1031816a9e692.zip | |
Consider getfsstat() a RPATH, even though it has no path in it. We may
want to do the same for fstatfs(), after we handle statfs(). These system
calls leak path information, however I am reluctant to add a seperate
catagory.
| -rw-r--r-- | sys/kern/kern_tame.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c index f0c6265f4f1..39cdde0793e 100644 --- a/sys/kern/kern_tame.c +++ b/sys/kern/kern_tame.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_tame.c,v 1.34 2015/08/31 00:51:20 deraadt Exp $ */ +/* $OpenBSD: kern_tame.c,v 1.35 2015/08/31 16:17:53 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -172,6 +172,10 @@ const u_int tame_syscalls[SYS_MAXSYSCALL] = { [SYS_mkdir] = _TM_CPATH, [SYS_mkdirat] = _TM_CPATH, + /* Classify so due to info leak */ + [SYS_getfsstat] = _TM_RPATH, + /* XXX Consider statfs and fstatfs */ + [SYS_utimes] = _TM_FATTR, [SYS_futimes] = _TM_FATTR, [SYS_utimensat] = _TM_FATTR, |