From f553ed3cbd0a46607da126d798f48f798014a836 Mon Sep 17 00:00:00 2001 From: kn Date: Wed, 20 Jan 2021 07:30:51 +0000 Subject: [PATCH] Pledge before authentication when possible Generally, pleding before parsing the file seems hardly possible due to unveil() being involved. Pledging in case of the winning rule being a "persist" one is not possible either due to TIOC{SET,CHK}VERAUTH not being allowed in the "tty" pledge. But if "persist" is not used, we can pledge before authentication without having to hoist or chang anything. Feedback deraadt tedu OK tdeu --- usr.bin/doas/doas.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 12ccf25c970..ff3a59c881d 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.86 2021/01/16 09:18:41 martijn Exp $ */ +/* $OpenBSD: doas.c,v 1.87 2021/01/20 07:30:51 kn Exp $ */ /* * Copyright (c) 2015 Ted Unangst * @@ -206,11 +206,15 @@ authuser(char *myname, char *login_style, int persist) auth_session_t *as; int fd = -1; - if (persist) + if (persist) { fd = open("/dev/tty", O_RDWR); - if (fd != -1) { - if (ioctl(fd, TIOCCHKVERAUTH) == 0) - goto good; + if (fd != -1) { + if (ioctl(fd, TIOCCHKVERAUTH) == 0) + goto good; + } + } else { + if (pledge("stdio rpath getpw exec id unveil", NULL) == -1) + err(1, "pledge"); } if (!(as = auth_userchallenge(myname, login_style, "auth-doas", -- 2.20.1