-/* $OpenBSD: kern_unveil.c,v 1.46 2021/07/08 13:33:05 claudio Exp $ */
+/* $OpenBSD: kern_unveil.c,v 1.47 2021/07/15 06:57:02 claudio Exp $ */
/*
* Copyright (c) 2017-2019 Bob Beck <beck@openbsd.org>
rw_init(&uv->uv_lock, "unveil");
RBT_INIT(unvname_rbt, &uv->uv_names);
uv->uv_vp = vp;
-
- /*
- * Added vnodes are added with the UNVEIL_INSPECT flag
- * to allow operations such as access and stat. This lets
- * TOCTOU fans that call access on all components of
- * an unveil'ed path before the final operations
- * work.
- */
- uv->uv_flags = UNVEIL_INSPECT;
+ uv->uv_flags = 0;
/* find out what we are covered by */
uv->uv_cover = unveil_find_cover(vp, p);
#ifdef DEBUG_UNVEIL
printf("unveil lacks UNVEIL_READ\n");
#endif
- if (flags != UNVEIL_INSPECT)
+ if (flags & UNVEIL_USERSET)
ni->ni_unveil_eacces = 1;
return 0;
}
#ifdef DEBUG_UNVEIL
printf("unveil lacks UNVEIL_WRITE\n");
#endif
- if (flags != UNVEIL_INSPECT)
+ if (flags & UNVEIL_USERSET)
ni->ni_unveil_eacces = 1;
return 0;
}
#ifdef DEBUG_UNVEIL
printf("unveil lacks UNVEIL_EXEC\n");
#endif
- if (flags != UNVEIL_INSPECT)
+ if (flags & UNVEIL_USERSET)
ni->ni_unveil_eacces = 1;
return 0;
}
#ifdef DEBUG_UNVEIL
printf("unveil lacks UNVEIL_CREATE\n");
#endif
- if (flags != UNVEIL_INSPECT)
+ if (flags & UNVEIL_USERSET)
ni->ni_unveil_eacces = 1;
return 0;
}
-/* $OpenBSD: namei.h,v 1.46 2021/07/08 13:33:05 claudio Exp $ */
+/* $OpenBSD: namei.h,v 1.47 2021/07/15 06:57:02 claudio Exp $ */
/* $NetBSD: namei.h,v 1.11 1996/02/09 18:25:20 christos Exp $ */
/*
#define UNVEIL_CREATE 0x04
#define UNVEIL_EXEC 0x08
#define UNVEIL_USERSET 0x0F
-#define UNVEIL_INSPECT 0x80
#endif /* !_SYS_NAMEI_H_ */
projects / openbsd / commitdiff