AF_UNIX bind() must use UNVEIL_CREATE for namei() because it is creating

a file in the filesystem.  Spotted by martijn.  A review of AF_UNIX
binding programs has been done by benno, and we think it is worth commiting
this semantic change now and watching for fallout.

diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index e3f5094..d805504 100644 (file)
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uipc_usrreq.c,v 1.186 2022/09/13 09:05:47 mvs Exp $   */
+/*     $OpenBSD: uipc_usrreq.c,v 1.187 2022/09/14 22:28:52 deraadt Exp $       */
 /*     $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $        */
 
 /*
@@ -734,6 +734,7 @@ unp_bind(struct unpcb *unp, struct mbuf *nam, struct proc *p)
        NDINIT(&nd, CREATE, NOFOLLOW | LOCKPARENT, UIO_SYSSPACE,
            soun->sun_path, p);
        nd.ni_pledge = PLEDGE_UNIX;
+       nd.ni_unveil = UNVEIL_CREATE;
 
        KERNEL_LOCK();
 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */