| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
should not create random files in the root partition.
OK beck@
|
| |
|
|
|
| |
with somewhat random filemodes.
OK beck@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Issue spotted by Benjamin Baier <programmer@netzbasis.de> with relative
path lookups from openat(2). Lacking a current working directory unveil,
operations using the *at functions could fail when not crossing an unveil,
since an initial covering unveil was not found.
This corrects this so we walk up from the directory vnode to find a
covering unveil at the start of non AT_FDCWD lookups, and adds regress
for this case.
ok bluhm@
|
| | |
|
| |
|
|
| |
we should eventually fix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UNVEIL_INSPECT is a hack we added to get chrome/glib working. It silently
adds permission for stat(2), access(2), and readlink(2) to be used on
all path components of any unveil'ed path. robert@ has sucessfully now
fixed chrome/glib to not require exessive TOC vs TOU stat(2) and access(2)
calls on the paths it uses, so that this no longer needed there.
readlink(2) is the sole call that is now permitted by UNVEIL_INSPECT,
and this is only needed so that realpath(3) can work. Going forward we will
likely make a realpath(2), after which we can completely deprecate
UNVEIL_INSPECT.
ok deraadt@
|
| |
|
|
|
|
|
| |
instead
From Pamela Mosiejczuk, many thanks!
OK phessler@ deraadt@
|
| |
|
|
|
|
|
|
|
| |
1) Correctly notice covering unveil when using .. - fix crash noticed by visa@
2) Notice when v_mount is NULL to not crash when unveil vnodes are on a
forcibly unmounted filesystem, noticed by yasuoka@
3) Add a flag to ni_data so that failures from unveil flag mismatches in covering
unveils return the correct EACCESS instead of ENOENT (noticed by brynet@)
ok deraadt@
|
| |
|
|
|
| |
unveil matches when .. is used correctly. Also adds regress based
upon his test program for the same issue.
|
| |
|
|
|
|
|
| |
unveil for each unveil in the process at unveil() time, and refactoring the
handling of current directory and ISDOTDOT to be much more sensible.
Worked out at ns2k18 with guenther@.
ok deraadt@
|
| | |
|
| |
|
|
| |
(problem noticed by semarie@ - fix forthcoming)
|
| |
|
|
|
|
| |
with . veiled without the right flags for an operation, since these
come out of namei differently and . is the bane of the special
LOCKPARENT corner cases - this tests a panic found by anton@
|
| |
|
|
| |
descending match
|
| | |
|
| | |
|
| |
|
|
|
|
| |
specific pledge(2) calls
ok beck@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
on flag mismatch, ENOENT for files with no unveil flags at all
|
| |
|
claudio
beck
phessler
robert