From: deraadt <deraadt@openbsd.org>
Date: Sun, 2 Jul 2023 11:16:03 +0000 (+0000)
Subject: PS_CHROOT flag must also be copied when forking.  This will block
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b40ba3323ce10dc9107b9230446840ce179ef8bd;p=openbsd

PS_CHROOT flag must also be copied when forking.  This will block
a ypconnect(2) from reading inside an incorrectly configured space.
ok kettenis
---

diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c
index 6c28078ebc9..97c9c4b7c5c 100644
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_fork.c,v 1.247 2023/04/25 18:14:06 claudio Exp $	*/
+/*	$OpenBSD: kern_fork.c,v 1.248 2023/07/02 11:16:03 deraadt Exp $	*/
 /*	$NetBSD: kern_fork.c,v 1.29 1996/02/09 18:59:34 christos Exp $	*/
 
 /*
@@ -241,7 +241,8 @@ process_new(struct proc *p, struct process *parent, int flags)
 	unveil_copy(parent, pr);
 
 	pr->ps_flags = parent->ps_flags &
-	    (PS_SUGID | PS_SUGIDEXEC | PS_PLEDGE | PS_EXECPLEDGE | PS_WXNEEDED);
+	    (PS_SUGID | PS_SUGIDEXEC | PS_PLEDGE | PS_EXECPLEDGE |
+	    PS_WXNEEDED | PS_CHROOT);
 	if (parent->ps_session->s_ttyvp != NULL)
 		pr->ps_flags |= parent->ps_flags & PS_CONTROLT;