artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b1a3815) | patch
Pledge before authentication when possible
authorkn <kn@openbsd.org>
Wed, 20 Jan 2021 07:30:51 +0000 (07:30 +0000)
committerkn <kn@openbsd.org>
Wed, 20 Jan 2021 07:30:51 +0000 (07:30 +0000)
commitf553ed3cbd0a46607da126d798f48f798014a836
tree28aba701a56de6cad245bf43b9087e5610916f15tree | snapshot
parentb1a381546f9dc2215d80971fa40bd4aad7153408commit | diff
Pledge before authentication when possible

Generally, pleding before parsing the file seems hardly possible due to
unveil() being involved.

Pledging in case of the winning rule being a "persist" one is not possible
either due to TIOC{SET,CHK}VERAUTH not being allowed in the "tty" pledge.

But if "persist" is not used, we can pledge before authentication
without having to hoist or chang anything.

Feedback deraadt tedu
OK tdeu
usr.bin/doas/doas.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim