From 3a4e2d708b650304a4703b197f2544cae82a1094 Mon Sep 17 00:00:00 2001 From: doug Date: Sun, 18 Oct 2015 01:07:19 +0000 Subject: [PATCH] Allow read/write access to /dev/tty when using "tty" pledge. Without this change, you need "rpath" and "wpath" to open /dev/tty. Some applications explicitly open /dev/tty, but deraadt@ found the most common use is indirectly via readpassphrase(). tweak and ok deraadt@ pre-tweak ok millert@, semarie@ --- sys/kern/kern_pledge.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 0779155354c..5ae8213d589 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.49 2015/10/18 00:04:43 deraadt Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.50 2015/10/18 01:07:19 doug Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -610,6 +610,13 @@ pledge_namei(struct proc *p, char *origpath) sizeof("/usr/share/nls/") - 1) == 0 && strcmp(path + strlen(path) - 9, "/libc.cat") == 0) return (0); + + /* Allow opening r/w on /dev/tty when "tty" is specified. */ + if ((p->p_p->ps_pledge & PLEDGE_TTY) && + (p->p_pledgenote & ~(TMN_RPATH | TMN_WPATH)) == 0 && + strcmp(path, "/dev/tty") == 0) { + return (0); + } break; case SYS_readlink: /* Allow /etc/malloc.conf for malloc(3). */ -- 2.20.1