From 145d14d7357c7f8d214a786db88274c97641670a Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Mon, 18 Jul 2022 03:02:05 +0000
Subject: [PATCH] For opening up the bindings file in ypconnect(2), bail out
 early if chrooted issue pointed out by semarie

---
 sys/kern/uipc_syscalls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index f51f077ef73..946ba125c77 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_syscalls.c,v 1.197 2022/07/15 17:20:24 deraadt Exp $	*/
+/*	$OpenBSD: uipc_syscalls.c,v 1.198 2022/07/18 03:02:05 deraadt Exp $	*/
 /*	$NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $	*/
 
 /*
@@ -1342,6 +1342,8 @@ sys_ypconnect(struct proc *p, void *v, register_t *retval)
 		return EAFNOSUPPORT;
 	}
 
+	if (p->p_p->ps_flags & PS_CHROOT)
+		return EACCES;
 	name = pool_get(&namei_pool, PR_WAITOK);
 	snprintf(name, MAXPATHLEN, "/var/yp/binding/%s.2", domainname);
 	NDINIT(&nid, 0, NOFOLLOW|LOCKLEAF|KERNELPATH, UIO_SYSSPACE, name, p);
-- 
2.20.1