connect() to an AF_UNIX socket is really read/write, so tell pledge this

is a RPATH|WPATH operation. Discussed with doug and millert
author: deraadt <deraadt@openbsd.org> 2015-10-17 23:15:10 +0000
committer: deraadt <deraadt@openbsd.org> 2015-10-17 23:15:10 +0000
commit: fbfb0ddb58e641f3eca70dd27b7023432b3b18b5 (patch)
tree: 40d82b372847ad361b887167a7f92a96a8e449bc
parent: Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc" (diff)
download: wireguard-openbsd-fbfb0ddb58e641f3eca70dd27b7023432b3b18b5.tar.xz
wireguard-openbsd-fbfb0ddb58e641f3eca70dd27b7023432b3b18b5.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index 2eae3077063..c3632bde276 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_usrreq.c,v 1.87 2015/10/09 01:10:27 deraadt Exp $	*/
+/*	$OpenBSD: uipc_usrreq.c,v 1.88 2015/10/17 23:15:10 deraadt Exp $	*/
 /*	$NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $	*/
 
 /*
@@ -492,7 +492,7 @@ unp_connect(struct socket *so, struct mbuf *nam, struct proc *p)
 	else if (memchr(soun->sun_path, '\0', sizeof(soun->sun_path)) == NULL)
 		return (EINVAL);
 
-	p->p_pledgenote = TMN_RPATH;
+	p->p_pledgenote = TMN_RPATH | TMN_WPATH;
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, soun->sun_path, p);
 	if ((error = namei(&nd)) != 0)
 		return (error);
author	deraadt <deraadt@openbsd.org>	2015-10-17 23:15:10 +0000
committer	deraadt <deraadt@openbsd.org>	2015-10-17 23:15:10 +0000
commit	fbfb0ddb58e641f3eca70dd27b7023432b3b18b5 (patch)
tree	40d82b372847ad361b887167a7f92a96a8e449bc
parent	Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc" (diff)
download	wireguard-openbsd-fbfb0ddb58e641f3eca70dd27b7023432b3b18b5.tar.xz wireguard-openbsd-fbfb0ddb58e641f3eca70dd27b7023432b3b18b5.zip