Have not come up with a great pattern for flock() yet. flock() is permitted

by "getpw" because libc getpw*/getgr* use open() of /var/run/ypbind.lock plus
flock() to detect YP running.  The kernel observes this dance to "open up" the
YP door (ugliness should drive us to rewrite this mechanism from SunOS later).

however, flock is also used independently.  Current users are
    htpasswd mail skeyinit tmux authpf pwd_mkdb ldapd smtpd ypbind
    login_token mail.local lockspool
Let's enable flock() for "cpath", and see if that helps these programs,
otherwise we'll try "wpath" next.

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index bf11c19..ed5fbf7 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.4 2015/10/09 05:30:03 deraadt Exp $ */
+/*     $OpenBSD: kern_pledge.c,v 1.5 2015/10/09 17:18:20 deraadt Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -217,7 +217,8 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = {
        [SYS_setsockopt] = PLEDGE_INET | PLEDGE_UNIX,
        [SYS_getsockopt] = PLEDGE_INET | PLEDGE_UNIX,
 
-       [SYS_flock] = PLEDGE_GETPW,
+       /* XXX getpw for the ypbind.lock; all other flock users have cpath */
+       [SYS_flock] = PLEDGE_GETPW | PLEDGE_CPATH,
 };
 
 static const struct {