diff options
| author |   semarie <semarie@openbsd.org> | 2015-10-20 06:40:00 +0000 |
|---|---|---|
| committer | semarie <semarie@openbsd.org> | 2015-10-20 06:40:00 +0000 |
| commit | 9edc603d532065ffbf5fbddc3275fc67c61646cb (patch) | |
| tree | ec322fe263c988a3e1ed0f061443b0f45f377412 /usr.bin/script/script.c | |
| parent | allow SO_ERROR all the time (diff) | |
| download | wireguard-openbsd-9edc603d532065ffbf5fbddc3275fc67c61646cb.tar.xz wireguard-openbsd-9edc603d532065ffbf5fbddc3275fc67c61646cb.zip | |
clear whitelisted-paths view in pledge.
the following diff adds a clear view of whitelisted-paths in pledge.
before, whitelisting "/usr/local/bin" path would make only "/usr/local/bin"
VNODE was present and let "/usr/local", "/usr", and "/" been ENOENT. It was a
somehow odd filesystem hierarchy, and it breaks realpath(3).
with this diff, the directories that are one of the parents of a
whitelisted-directory become visible to stat(2) related syscalls, but only
with restricted permissions: stat(2) will lie a bit, and saying they owned by
root:wheel and mode is --x--x--x. Note that only stat(2) is affected by this
"view", and the owner/mode aren't effectively changed: it is just a "lie".
while here, refactor a bit pledge_namei() in order to avoid multiple for-loop
on whitelisted-path array.
ok deraadt@
Diffstat (limited to 'usr.bin/script/script.c')
0 files changed, 0 insertions, 0 deletions