From f50373aed66a3f375d0730bd548c29916498bb49 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sun, 11 Oct 2015 15:40:48 +0000 Subject: [PATCH] put TIOCSWINSZ in the right block "tty", not in "ioctl". this happened because the "route' tests were placed between the two, creating confusion. fix that while here. --- sys/kern/kern_pledge.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 4fb0b837b92..e003c80f1fa 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.12 2015/10/11 15:25:39 deraadt Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.13 2015/10/11 15:40:48 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -1031,7 +1031,6 @@ pledge_ioctl_check(struct proc *p, long com, void *v) return (ENOTTY); case TIOCGPGRP: case TIOCGWINSZ: /* various programs */ - case TIOCSWINSZ: if (fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY)) return (0); break; @@ -1055,17 +1054,6 @@ pledge_ioctl_check(struct proc *p, long com, void *v) } } - if ((p->p_p->ps_pledge & PLEDGE_ROUTE)) { - switch (com) { - case SIOCGIFADDR: - case SIOCGIFFLAGS: - case SIOCGIFRDOMAIN: - if (fp->f_type == DTYPE_SOCKET) - return (0); - break; - } - } - if ((p->p_p->ps_pledge & PLEDGE_TTY)) { switch (com) { case TIOCSPGRP: @@ -1084,6 +1072,7 @@ pledge_ioctl_check(struct proc *p, long com, void *v) #endif case TIOCGPGRP: case TIOCGWINSZ: /* various programs */ + case TIOCSWINSZ: case TIOCSBRK: /* cu */ case TIOCCDTR: /* cu */ case TIOCSETA: /* cu, ... */ @@ -1095,6 +1084,17 @@ pledge_ioctl_check(struct proc *p, long com, void *v) } } + if ((p->p_p->ps_pledge & PLEDGE_ROUTE)) { + switch (com) { + case SIOCGIFADDR: + case SIOCGIFFLAGS: + case SIOCGIFRDOMAIN: + if (fp->f_type == DTYPE_SOCKET) + return (0); + break; + } + } + return pledge_fail(p, EPERM, PLEDGE_IOCTL); } -- 2.20.1