From: deraadt Date: Wed, 14 Sep 2022 22:28:52 +0000 (+0000) Subject: AF_UNIX bind() must use UNVEIL_CREATE for namei() because it is creating X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6413b3a4da1698544105c34124b0815b46840c84;p=openbsd AF_UNIX bind() must use UNVEIL_CREATE for namei() because it is creating a file in the filesystem. Spotted by martijn. A review of AF_UNIX binding programs has been done by benno, and we think it is worth commiting this semantic change now and watching for fallout. --- diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index e3f50945593..d805504aa20 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.186 2022/09/13 09:05:47 mvs Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.187 2022/09/14 22:28:52 deraadt Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -734,6 +734,7 @@ unp_bind(struct unpcb *unp, struct mbuf *nam, struct proc *p) NDINIT(&nd, CREATE, NOFOLLOW | LOCKPARENT, UIO_SYSSPACE, soun->sun_path, p); nd.ni_pledge = PLEDGE_UNIX; + nd.ni_unveil = UNVEIL_CREATE; KERNEL_LOCK(); /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */