add a missed check for PLEDGE_RPATH when reading a file.

author semarie <semarie@openbsd.org>

Sun, 11 Oct 2015 16:19:48 +0000 (16:19 +0000)

committer semarie <semarie@openbsd.org>

Sun, 11 Oct 2015 16:19:48 +0000 (16:19 +0000)
author semarie <semarie@openbsd.org>
Sun, 11 Oct 2015 16:19:48 +0000 (16:19 +0000)
committer semarie <semarie@openbsd.org>
Sun, 11 Oct 2015 16:19:48 +0000 (16:19 +0000)
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c

index 037ec1b..cf6dbcc 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.14 2015/10/11 16:01:06 deraadt Exp $        */
+/*     $OpenBSD: kern_pledge.c,v 1.15 2015/10/11 16:19:48 semarie Exp $        */
  
  /*
   * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -600,6 +600,11 @@ pledge_namei(struct proc *p, char *origpath)
                 break;
         }
  
+       /* ensure PLEDGE_RPATH request for doing read */        
+       if ((p->p_pledgenote & TMN_RPATH) &&
+           (p->p_p->ps_pledge & PLEDGE_RPATH) == 0)
+               return (pledge_fail(p, EPERM, PLEDGE_RPATH));
+
         /*
          * If a whitelist is set, compare canonical paths.  Anything
          * not on the whitelist gets ENOENT.
author	semarie <semarie@openbsd.org>
	Sun, 11 Oct 2015 16:19:48 +0000 (16:19 +0000)
committer	semarie <semarie@openbsd.org>
	Sun, 11 Oct 2015 16:19:48 +0000 (16:19 +0000)