From e73b19345c7394a4222c759882c0545332a3f1a6 Mon Sep 17 00:00:00 2001 From: deraadt Date: Tue, 17 Sep 2024 12:53:15 +0000 Subject: [PATCH] getdents(2) was pushed into rpath because it exposes pathname information, similar to getcwd(2). Move it to the right place, and also say why. report from henryfordkjv@gmail.com --- lib/libc/sys/pledge.2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/libc/sys/pledge.2 b/lib/libc/sys/pledge.2 index 1973932e890..df5b46a20b0 100644 --- a/lib/libc/sys/pledge.2 +++ b/lib/libc/sys/pledge.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pledge.2,v 1.69 2023/10/30 06:11:04 jmc Exp $ +.\" $OpenBSD: pledge.2,v 1.70 2024/09/17 12:53:15 deraadt Exp $ .\" .\" Copyright (c) 2015 Nicholas Marriott .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 30 2023 $ +.Dd $Mdocdate: September 17 2024 $ .Dt PLEDGE 2 .Os .Sh NAME @@ -174,7 +174,6 @@ As a result, all the expected functionalities of libc stdio work. .Xr fstat 2 , .Xr fsync 2 , .Xr ftruncate 2 , -.Xr getdents 2 , .Xr getdtablecount 2 , .Xr getegid 2 , .Xr getentropy 2 , @@ -236,10 +235,11 @@ As a result, all the expected functionalities of libc stdio work. .Xr writev 2 .It Cm rpath A number of system calls are allowed if they only cause -read-only effects on the filesystem: +read-only effects on the filesystem, or expose filenames to programs: .Pp .Xr chdir 2 , .Xr getcwd 3 , +.Xr getdents 2 , .Xr openat 2 , .Xr fstatat 2 , .Xr faccessat 2 , -- 2.20.1