in pledge_namei(), move PLEDGE_EXEC check sooner: it doesn't depend of path

processing.

1 files changed, 6 insertions, 6 deletions

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 659fdd7deda..add2926b8cb 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.84 2015/10/28 12:17:20 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.85 2015/10/28 13:36:38 semarie Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -541,6 +541,11 @@ pledge_namei(struct proc *p, char *origpath)
 	if (p->p_pledgenote == PLEDGE_COREDUMP)
 		return (0);			/* Allow a coredump */
 
+	/* Doing a permitted execve() */
+	if ((p->p_pledgenote & PLEDGE_EXEC) &&
+	    (p->p_p->ps_pledge & PLEDGE_EXEC))
+		return (0);
+
 	error = canonpath(origpath, path, sizeof(path));
 	if (error)
 		return (pledge_fail(p, error, p->p_pledgenote));
@@ -573,11 +578,6 @@ pledge_namei(struct proc *p, char *origpath)
 	    ((p->p_p->ps_pledge & PLEDGE_CPATH) == 0))
 		return (pledge_fail(p, EPERM, PLEDGE_CPATH));
 
-	/* Doing a permitted execve() */
-	if ((p->p_pledgenote & PLEDGE_EXEC) &&
-	    (p->p_p->ps_pledge & PLEDGE_EXEC))
-		return (0);
-
 	/* Whitelisted read/write paths */
 	switch (p->p_pledge_syscall) {
 	case SYS_open: