From 2ad204b68275d1bd948669293dd7a4f41d1b0dcd Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 15 Jul 2022 17:25:18 +0000
Subject: [PATCH] Allow ypconnect() in "getpw" Annotate two blocks relating to
 ypbind.lock that will be deleted once libc switches over to the new
 mechanism.

---
 sys/kern/kern_pledge.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 0c69ac3f8a2..148a7197608 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.285 2022/06/30 15:35:14 claudio Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.286 2022/07/15 17:25:18 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -18,7 +18,6 @@
  */
 
 #include <sys/param.h>
-
 #include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/mutex.h>
@@ -374,6 +373,8 @@ const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = {
 
 	[SYS_flock] = PLEDGE_FLOCK | PLEDGE_YPACTIVE,
 
+	[SYS_ypconnect] = PLEDGE_GETPW,
+
 	[SYS_swapctl] = PLEDGE_VMINFO,	/* XXX should limit to "get" operations */
 };
 
@@ -655,6 +656,7 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *origpath)
 			return (0);
 		}
 
+		/* XXX delete chunk after ypconnect() is established */
 		/* when avoiding YP mode, getpw* functions touch this */
 		if (ni->ni_pledge == PLEDGE_RPATH &&
 		    strcmp(path, "/var/run/ypbind.lock") == 0) {
@@ -723,6 +725,7 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *origpath)
 
 		if ((ni->ni_pledge == PLEDGE_RPATH) &&
 		    (pledge & PLEDGE_GETPW)) {
+			/* XXX delete chunk after ypconnect() is established */
 			if (strcmp(path, "/var/run/ypbind.lock") == 0) {
 				/*
 				 * XXX
-- 
2.20.1