Allow read/write access to /dev/tty when using "tty" pledge.

Without this change, you need "rpath" and "wpath" to open /dev/tty.  Some
applications explicitly open /dev/tty, but deraadt@ found the most
common use is indirectly via readpassphrase().

tweak and ok deraadt@
pre-tweak ok millert@, semarie@

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 0779155..5ae8213 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.49 2015/10/18 00:04:43 deraadt Exp $        */
+/*     $OpenBSD: kern_pledge.c,v 1.50 2015/10/18 01:07:19 doug Exp $   */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -610,6 +610,13 @@ pledge_namei(struct proc *p, char *origpath)
                    sizeof("/usr/share/nls/") - 1) == 0 &&
                    strcmp(path + strlen(path) - 9, "/libc.cat") == 0)
                        return (0);
+
+               /* Allow opening r/w on /dev/tty when "tty" is specified. */
+               if ((p->p_p->ps_pledge & PLEDGE_TTY) &&
+                   (p->p_pledgenote & ~(TMN_RPATH | TMN_WPATH)) == 0 &&
+                   strcmp(path, "/dev/tty") == 0) {
+                       return (0);
+               }
                break;
        case SYS_readlink:
                /* Allow /etc/malloc.conf for malloc(3). */