From 04b561ef8585cec8dcfdb27978672682cf9edb6a Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 30 Jul 2018 15:16:27 +0000 Subject: [PATCH] rename 2nd argument of unveil from vague "flags" to "permissions"; man page change will follow --- sys/kern/kern_unveil.c | 20 ++++++++++---------- sys/kern/syscalls.master | 4 ++-- sys/kern/vfs_syscalls.c | 15 ++++++++------- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/sys/kern/kern_unveil.c b/sys/kern/kern_unveil.c index 185ab03d03f..42dece28db2 100644 --- a/sys/kern/kern_unveil.c +++ b/sys/kern/kern_unveil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_unveil.c,v 1.8 2018/07/30 00:34:57 deraadt Exp $ */ +/* $OpenBSD: kern_unveil.c,v 1.9 2018/07/30 15:16:27 deraadt Exp $ */ /* * Copyright (c) 2017-2018 Bob Beck @@ -310,25 +310,25 @@ unveil_lookup(struct vnode *vp, struct proc *p) } int -unveil_parseflags(const char *cflags, uint64_t *flags) +unveil_parsepermissions(const char *permissions, uint64_t *perms) { size_t i = 0; char c; - *flags = 0; - while ((c = cflags[i++]) != '\0') { + *perms = 0; + while ((c = permissions[i++]) != '\0') { switch (c) { case 'r': - *flags |= PLEDGE_RPATH; + *perms |= PLEDGE_RPATH; break; case 'w': - *flags |= PLEDGE_WPATH; + *perms |= PLEDGE_WPATH; break; case 'x': - *flags |= PLEDGE_EXEC; + *perms |= PLEDGE_EXEC; break; case 'c': - *flags |= PLEDGE_CPATH; + *perms |= PLEDGE_CPATH; break; default: return -1; @@ -396,7 +396,7 @@ unveil_add_traversed_vnodes(struct proc *p, struct nameidata *ndp) } int -unveil_add(struct proc *p, struct nameidata *ndp, const char *cflags) +unveil_add(struct proc *p, struct nameidata *ndp, const char *permissions) { struct process *pr = p->p_p; struct vnode *vp; @@ -407,7 +407,7 @@ unveil_add(struct proc *p, struct nameidata *ndp, const char *cflags) KASSERT(ISSET(ndp->ni_cnd.cn_flags, HASBUF)); /* must have SAVENAME */ - if (unveil_parseflags(cflags, &flags) == -1) + if (unveil_parsepermissions(permissions, &flags) == -1) goto done; if (pr->ps_uvpaths == NULL) { diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master index 2f4396a2171..42c3ff84552 100644 --- a/sys/kern/syscalls.master +++ b/sys/kern/syscalls.master @@ -1,4 +1,4 @@ -; $OpenBSD: syscalls.master,v 1.186 2018/07/13 09:25:23 beck Exp $ +; $OpenBSD: syscalls.master,v 1.187 2018/07/30 15:16:27 deraadt Exp $ ; $NetBSD: syscalls.master,v 1.32 1996/04/23 10:24:21 mycroft Exp $ ; @(#)syscalls.master 8.2 (Berkeley) 1/13/94 @@ -240,7 +240,7 @@ int flags); } 113 UNIMPL fktrace 114 STD { int sys_unveil(const char *path, \ - const char *flags); } + const char *permissions); } 115 OBSOL vtrace 116 OBSOL t32_gettimeofday 117 OBSOL t32_getrusage diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index b01a0c87468..3fa74de8ce0 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.297 2018/07/30 00:11:04 deraadt Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.298 2018/07/30 15:16:27 deraadt Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -883,15 +883,15 @@ sys_unveil(struct proc *p, void *v, register_t *retval) { struct sys_unveil_args /* { syscallarg(const char *) path; - syscallarg(const char *) flags; + syscallarg(const char *) permissions; } */ *uap = v; char pathname[MAXPATHLEN]; struct nameidata nd; size_t pathlen; - char cflags[5]; + char permissions[5]; int error; - if (SCARG(uap, path) == NULL && SCARG(uap, flags) == NULL) { + if (SCARG(uap, path) == NULL && SCARG(uap, permissions) == NULL) { p->p_p->ps_uvdone = 1; return (0); } @@ -899,7 +899,8 @@ sys_unveil(struct proc *p, void *v, register_t *retval) if (p->p_p->ps_uvdone != 0) return EINVAL; - error = copyinstr(SCARG(uap, flags), cflags, sizeof(cflags), NULL); + error = copyinstr(SCARG(uap, permissions), permissions, + sizeof(permissions), NULL); if (error) return(error); error = copyinstr(SCARG(uap, path), pathname, sizeof(pathname), &pathlen); @@ -908,7 +909,7 @@ sys_unveil(struct proc *p, void *v, register_t *retval) #ifdef KTRACE if (KTRPOINT(p, KTR_STRUCT)) - ktrstruct(p, "unveil", cflags, strlen(cflags)); + ktrstruct(p, "unveil", permissions, strlen(permissions)); #endif if (pathlen < 2) return EINVAL; @@ -935,7 +936,7 @@ sys_unveil(struct proc *p, void *v, register_t *retval) VOP_ACCESS(nd.ni_dvp, VREAD, p->p_ucred, p) == 0 || VOP_ACCESS(nd.ni_dvp, VWRITE, p->p_ucred, p) == 0 || VOP_ACCESS(nd.ni_dvp, VEXEC, p->p_ucred, p) == 0) - error = unveil_add(p, &nd, cflags); + error = unveil_add(p, &nd, permissions); else error = EPERM; -- 2.20.1