Stricter pledge for bpf. ok deraadt

author natano <natano@openbsd.org>

Tue, 2 May 2017 16:46:00 +0000 (16:46 +0000)

committer natano <natano@openbsd.org>

Tue, 2 May 2017 16:46:00 +0000 (16:46 +0000)
author natano <natano@openbsd.org>
Tue, 2 May 2017 16:46:00 +0000 (16:46 +0000)
committer natano <natano@openbsd.org>
Tue, 2 May 2017 16:46:00 +0000 (16:46 +0000)
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c

index 66a4975..20b1e70 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.207 2017/04/29 08:02:56 mpi Exp $   */
+/*     $OpenBSD: kern_pledge.c,v 1.208 2017/05/02 16:46:00 natano Exp $        */
  
  /*
   * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -1143,7 +1143,9 @@ pledge_ioctl(struct proc *p, long com, struct file *fp)
                 switch (com) {
                 case BIOCGSTATS:        /* bpf: tcpdump privsep on ^C */
                         if (fp->f_type == DTYPE_VNODE &&
-                           fp->f_ops->fo_ioctl == vn_ioctl)
+                           fp->f_ops->fo_ioctl == vn_ioctl &&
+                           vp->v_type == VCHR &&
+                           cdevsw[major(vp->v_rdev)].d_open == bpfopen)
                                 return (0);
                         break;
                 }
author	natano <natano@openbsd.org>
	Tue, 2 May 2017 16:46:00 +0000 (16:46 +0000)
committer	natano <natano@openbsd.org>
	Tue, 2 May 2017 16:46:00 +0000 (16:46 +0000)