From 6413b3a4da1698544105c34124b0815b46840c84 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Wed, 14 Sep 2022 22:28:52 +0000
Subject: [PATCH] AF_UNIX bind() must use UNVEIL_CREATE for namei() because it
 is creating a file in the filesystem.  Spotted by martijn.  A review of
 AF_UNIX binding programs has been done by benno, and we think it is worth
 commiting this semantic change now and watching for fallout.

---
 sys/kern/uipc_usrreq.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index e3f50945593..d805504aa20 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_usrreq.c,v 1.186 2022/09/13 09:05:47 mvs Exp $	*/
+/*	$OpenBSD: uipc_usrreq.c,v 1.187 2022/09/14 22:28:52 deraadt Exp $	*/
 /*	$NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $	*/
 
 /*
@@ -734,6 +734,7 @@ unp_bind(struct unpcb *unp, struct mbuf *nam, struct proc *p)
 	NDINIT(&nd, CREATE, NOFOLLOW | LOCKPARENT, UIO_SYSSPACE,
 	    soun->sun_path, p);
 	nd.ni_pledge = PLEDGE_UNIX;
+	nd.ni_unveil = UNVEIL_CREATE;
 
 	KERNEL_LOCK();
 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */
-- 
2.20.1