From 075c06a5e3023e3159fd4ed422a7304e835e3ce2 Mon Sep 17 00:00:00 2001 From: natano Date: Tue, 2 May 2017 16:46:00 +0000 Subject: [PATCH] Stricter pledge for bpf. ok deraadt --- sys/kern/kern_pledge.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 66a4975552b..20b1e70401d 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.207 2017/04/29 08:02:56 mpi Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.208 2017/05/02 16:46:00 natano Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -1143,7 +1143,9 @@ pledge_ioctl(struct proc *p, long com, struct file *fp) switch (com) { case BIOCGSTATS: /* bpf: tcpdump privsep on ^C */ if (fp->f_type == DTYPE_VNODE && - fp->f_ops->fo_ioctl == vn_ioctl) + fp->f_ops->fo_ioctl == vn_ioctl && + vp->v_type == VCHR && + cdevsw[major(vp->v_rdev)].d_open == bpfopen) return (0); break; } -- 2.20.1