diff options
| author |   beck <beck@openbsd.org> | 2018-07-13 09:25:22 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2018-07-13 09:25:22 +0000 |
| commit | 8b23add8c74b86d0da67de43302cf21b97b028be (patch) | |
| tree | f1c0090b4f820a76d34793eb08027661681a4d3c /sys/kern/kern_exec.c | |
| parent | no longer interpret 0.192.168.4 in hosts(5) as 192.168.4/24 (diff) | |
| download | wireguard-openbsd-8b23add8c74b86d0da67de43302cf21b97b028be.tar.xz wireguard-openbsd-8b23add8c74b86d0da67de43302cf21b97b028be.zip | |
Unveiling unveil(2).
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.
Still needs to send the unveil's across forks and execs before
fully enabling.
Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@
Diffstat (limited to 'sys/kern/kern_exec.c')
| -rw-r--r-- | sys/kern/kern_exec.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 7ccbab6a374..98a30c4aee0 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exec.c,v 1.198 2018/06/18 09:15:05 mpi Exp $ */ +/* $OpenBSD: kern_exec.c,v 1.199 2018/07/13 09:25:23 beck Exp $ */ /* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */ /*- @@ -64,6 +64,8 @@ #include <uvm/uvm_extern.h> #include <machine/tcb.h> +void unveil_destroy(struct process *ps); + const struct kmem_va_mode kv_exec = { .kv_wait = 1, .kv_map = &exec_map @@ -532,6 +534,12 @@ sys_execve(struct proc *p, void *v, register_t *retval) } else { atomic_clearbits_int(&pr->ps_flags, PS_PLEDGE); pr->ps_pledge = 0; + /* XXX XXX XXX XXX */ + /* Clear our unveil paths out so the child + * starts afresh + */ + unveil_destroy(pr); + pr->ps_uvdone = 0; } /* |