diff options
author | mestre <mestre@openbsd.org> | 2016-04-26 13:30:12 +0000 |
---|---|---|
committer | mestre <mestre@openbsd.org> | 2016-04-26 13:30:12 +0000 |
commit | d79ad1b7d9f60f10562f4ce10f07702d29ba559c (patch) | |
tree | c21f10353d6c16f65c545be776c8929ca34c7f9f /usr.sbin/user | |
parent | Restore intro comment to sr_hotspare_rebuild(), which was erroneously (diff) | |
download | wireguard-openbsd-d79ad1b7d9f60f10562f4ce10f07702d29ba559c.tar.xz wireguard-openbsd-d79ad1b7d9f60f10562f4ce10f07702d29ba559c.zip |
Add pledge(2) promises independently on each user(8)'s functions as follows:
useradd: stdio rpath wpath cpath fattr flock proc exec getpw id
usermod: stdio rpath wpath cpath fattr flock proc exec getpw id
userdel: stdio rpath wpath cpath fattr flock proc exec getpw id
userinfo: stdio getpw
groupadd: stdio rpath wpath cpath fattr flock getpw
groupmod: stdio rpath wpath cpath fattr flock
groupdel: stdio rpath wpath cpath fattr flock
groupinfo: stdio getpw
This was extensively tested by me and tim@ who found some issues on my first
versions. deraadt@ prodded me to commit this now to check who uses it in order
to report back any fallbacks with the diff, if you find any please inform us.
Diffstat (limited to 'usr.sbin/user')
-rw-r--r-- | usr.sbin/user/user.c | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/usr.sbin/user/user.c b/usr.sbin/user/user.c index 9ece6746761..6b58768e9c0 100644 --- a/usr.sbin/user/user.c +++ b/usr.sbin/user/user.c @@ -1,4 +1,4 @@ -/* $OpenBSD: user.c,v 1.108 2016/03/29 17:21:50 mestre Exp $ */ +/* $OpenBSD: user.c,v 1.109 2016/04/26 13:30:12 mestre Exp $ */ /* $NetBSD: user.c,v 1.69 2003/04/14 17:40:07 agc Exp $ */ /* @@ -1847,6 +1847,11 @@ useradd(int argc, char **argv) usermgmt_usage("useradd"); } } + + if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", + NULL) == -1) + err(1, "pledge"); + if (bigD) { if (defaultfield) { checkeuid(); @@ -1981,6 +1986,11 @@ usermod(int argc, char **argv) usermgmt_usage("usermod"); } } + + if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", + NULL) == -1) + err(1, "pledge"); + if ((u.u_flags & F_MKDIR) && !(u.u_flags & F_HOMEDIR) && !(u.u_flags & F_USERNAME)) { warnx("option 'm' useless without 'd' or 'l' -- ignored"); @@ -2051,6 +2061,11 @@ userdel(int argc, char **argv) if (argc != 1) { usermgmt_usage("userdel"); } + + if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", + NULL) == -1) + err(1, "pledge"); + checkeuid(); if ((pwp = getpwnam(*argv)) == NULL) { warnx("No such user `%s'", *argv); @@ -2109,6 +2124,10 @@ groupadd(int argc, char **argv) if (argc != 1) { usermgmt_usage("groupadd"); } + + if (pledge("stdio rpath wpath cpath fattr flock getpw", NULL) == -1) + err(1, "pledge"); + checkeuid(); if (!valid_group(*argv)) { errx(EXIT_FAILURE, "invalid group name `%s'", *argv); @@ -2153,6 +2172,10 @@ groupdel(int argc, char **argv) warnx("No such group: `%s'", *argv); return EXIT_FAILURE; } + + if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) + err(1, "pledge"); + if (!modify_gid(*argv, NULL)) { err(EXIT_FAILURE, "can't change %s file", _PATH_GROUP); } @@ -2212,6 +2235,10 @@ groupmod(int argc, char **argv) if ((grp = getgrnam(*argv)) == NULL) { errx(EXIT_FAILURE, "can't find group `%s' to modify", *argv); } + + if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) + err(1, "pledge"); + if (!is_local(*argv, _PATH_GROUP)) { errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv); } @@ -2271,6 +2298,10 @@ userinfo(int argc, char **argv) if (argc != 1) { usermgmt_usage("userinfo"); } + + if (pledge("stdio getpw", NULL) == -1) + err(1, "pledge"); + pwp = find_user_info(*argv); if (exists) { exit((pwp) ? EXIT_SUCCESS : EXIT_FAILURE); @@ -2329,6 +2360,10 @@ groupinfo(int argc, char **argv) if (argc != 1) { usermgmt_usage("groupinfo"); } + + if (pledge("stdio getpw", NULL) == -1) + err(1, "pledge"); + grp = find_group_info(*argv); if (exists) { exit((grp) ? EXIT_SUCCESS : EXIT_FAILURE); |