diff options
author | reyk <reyk@openbsd.org> | 2018-07-13 10:26:57 +0000 |
---|---|---|
committer | reyk <reyk@openbsd.org> | 2018-07-13 10:26:57 +0000 |
commit | a882c86a5b5b202cf1ed6c410d93fd52b778cf4e (patch) | |
tree | f7b8a3d470d8da7c3ef76f089d71deece389ed3a /usr.sbin/vmd/vmd.h | |
parent | Make the default failure for unveil while disabled return success (diff) | |
download | wireguard-openbsd-a882c86a5b5b202cf1ed6c410d93fd52b778cf4e.tar.xz wireguard-openbsd-a882c86a5b5b202cf1ed6c410d93fd52b778cf4e.zip |
Check the disk/kernel/cdrom file permissions after openening the fd.
This prevents time of TOCTOU attacks for instances.
OK mlarkin@
Diffstat (limited to 'usr.sbin/vmd/vmd.h')
-rw-r--r-- | usr.sbin/vmd/vmd.h | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/usr.sbin/vmd/vmd.h b/usr.sbin/vmd/vmd.h index 7da53185887..bf670f5eb95 100644 --- a/usr.sbin/vmd/vmd.h +++ b/usr.sbin/vmd/vmd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vmd.h,v 1.76 2018/07/13 08:42:49 reyk Exp $ */ +/* $OpenBSD: vmd.h,v 1.77 2018/07/13 10:26:57 reyk Exp $ */ /* * Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org> @@ -149,6 +149,9 @@ struct vmop_create_params { #define VMOP_CREATE_CDROM 0x20 #define VMOP_CREATE_INSTANCE 0x40 + /* same flags; check for access to these resources */ + unsigned int vmc_checkaccess; + /* userland-only part of the create params */ unsigned int vmc_ifflags[VMM_MAX_NICS_PER_VM]; #define VMIFF_UP 0x01 @@ -321,7 +324,7 @@ void vm_remove(struct vmd_vm *, const char *); int vm_register(struct privsep *, struct vmop_create_params *, struct vmd_vm **, uint32_t, uid_t); int vm_checkperm(struct vmd_vm *, struct vmop_owner *, uid_t); -int vm_checkaccess(const char *, uid_t, int); +int vm_checkaccess(int, unsigned int, uid_t, int); int vm_opentty(struct vmd_vm *); void vm_closetty(struct vmd_vm *); void switch_remove(struct vmd_switch *); |