diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-03 05:05:06 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-03 05:05:06 +0000 |
| commit | cd1f0c0d74c37771e73aa9d0ff98ad740c6c63c0 (patch) | |
| tree | a9d807c9b7caeea5fd0a51032ecbd11ccd6188bb | |
| parent | gzip can use tame "stdio wpath cpath fattr". this blocks a lot of (diff) | |
| download | wireguard-openbsd-cd1f0c0d74c37771e73aa9d0ff98ad740c6c63c0.tar.xz wireguard-openbsd-cd1f0c0d74c37771e73aa9d0ff98ad740c6c63c0.zip | |
the chmod & chflags codepaths can use tame "stdio rpath fattr". the
chown codepath obviously cannot use tame -- once tame is activated
the kernel prohibits changing uid/gid on a fd/file.
ok guenther
| -rw-r--r-- | bin/chmod/chmod.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/bin/chmod/chmod.c b/bin/chmod/chmod.c index d0665c19a70..ef9ada68df5 100644 --- a/bin/chmod/chmod.c +++ b/bin/chmod/chmod.c @@ -1,4 +1,4 @@ -/* $OpenBSD: chmod.c,v 1.35 2015/10/03 03:30:04 deraadt Exp $ */ +/* $OpenBSD: chmod.c,v 1.36 2015/10/03 05:05:06 deraadt Exp $ */ /* $NetBSD: chmod.c,v 1.12 1995/03/21 09:02:09 cgd Exp $ */ /* @@ -153,6 +153,9 @@ done: atflags = 0; if (ischflags) { + if (tame("stdio rpath fattr", NULL) == -1) + err(1, "tame"); + flags = *argv; if (*flags >= '0' && *flags <= '7') { errno = 0; @@ -172,6 +175,9 @@ done: oct = 0; } } else if (ischmod) { + if (tame("stdio rpath fattr", NULL) == -1) + err(1, "tame"); + mode = *argv; if (*mode >= '0' && *mode <= '7') { errno = 0; |