summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_pledge.c
diff options
context:
space:
mode:
authordlg <dlg@openbsd.org>2020-01-23 01:02:34 +0000
committerdlg <dlg@openbsd.org>2020-01-23 01:02:34 +0000
commit9d40f0717a4d4bbca3fa50f5d9453d32322ed2bc (patch)
treeb669567296e25335da2538550b0500f9f721b394 /sys/kern/kern_pledge.c
parentthe pppx(4) driver also provides pppac(4) interfaces (diff)
downloadwireguard-openbsd-9d40f0717a4d4bbca3fa50f5d9453d32322ed2bc.tar.xz
wireguard-openbsd-9d40f0717a4d4bbca3fa50f5d9453d32322ed2bc.zip
add /etc/protocols to the magic unveil whitelist that the dns pledge has
"i get it" deraadt@
Diffstat (limited to 'sys/kern/kern_pledge.c')
-rw-r--r--sys/kern/kern_pledge.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 0961a50c2f1..9f436df4893 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_pledge.c,v 1.256 2019/12/08 23:08:59 deraadt Exp $ */
+/* $OpenBSD: kern_pledge.c,v 1.257 2020/01/23 01:02:34 dlg Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -667,7 +667,7 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *origpath)
}
}
- /* DNS needs /etc/{resolv.conf,hosts,services}. */
+ /* DNS needs /etc/{resolv.conf,hosts,services,protocols}. */
if ((ni->ni_pledge == PLEDGE_RPATH) &&
(p->p_p->ps_pledge & PLEDGE_DNS)) {
if (strcmp(path, "/etc/resolv.conf") == 0) {
@@ -682,6 +682,10 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *origpath)
ni->ni_cnd.cn_flags |= BYPASSUNVEIL;
return (0);
}
+ if (strcmp(path, "/etc/protocols") == 0) {
+ ni->ni_cnd.cn_flags |= BYPASSUNVEIL;
+ return (0);
+ }
}
if ((ni->ni_pledge == PLEDGE_RPATH) &&
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.