From fbfb0ddb58e641f3eca70dd27b7023432b3b18b5 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sat, 17 Oct 2015 23:15:10 +0000 Subject: [PATCH] connect() to an AF_UNIX socket is really read/write, so tell pledge this is a RPATH|WPATH operation. Discussed with doug and millert --- sys/kern/uipc_usrreq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 2eae3077063..c3632bde276 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.87 2015/10/09 01:10:27 deraadt Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.88 2015/10/17 23:15:10 deraadt Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -492,7 +492,7 @@ unp_connect(struct socket *so, struct mbuf *nam, struct proc *p) else if (memchr(soun->sun_path, '\0', sizeof(soun->sun_path)) == NULL) return (EINVAL); - p->p_pledgenote = TMN_RPATH; + p->p_pledgenote = TMN_RPATH | TMN_WPATH; NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, soun->sun_path, p); if ((error = namei(&nd)) != 0) return (error); -- 2.20.1