From: deraadt Date: Sat, 17 Sep 2022 12:40:52 +0000 (+0000) Subject: bind() to AF_UNIX will now require unveil "w". "w" may seem a little odd X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5d1fc17a5ca82ba2a342da4d66b9d678367f73c5;p=openbsd bind() to AF_UNIX will now require unveil "w". "w" may seem a little odd (and it may seem it should be "r" to get access to the file to collect the underlying socket, which is fully r/w in a non-file way). But this matches the POSIX spec that the file be 'writeable'. The regress test and daemons have been updated for this behaviour. Gap discovered by martijn, long discussions with benno --- diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index d805504aa20..54be4fa5516 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.187 2022/09/14 22:28:52 deraadt Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.188 2022/09/17 12:40:52 deraadt Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -802,6 +802,7 @@ unp_connect(struct socket *so, struct mbuf *nam, struct proc *p) NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, soun->sun_path, p); nd.ni_pledge = PLEDGE_UNIX; + nd.ni_unveil = UNVEIL_WRITE; unp->unp_flags |= UNP_CONNECTING;