Stop allowing stat("/etc/hosts") in pledge "dns".

mirror of https://github.com/openbsd/src.git synced 2026-04-25 06:35:46 +00:00

Only libc can read /etc/hosts under pledge "dns" now, so stat() succeeding
based on the pledge is misleading.

ok deraadt

This commit is contained in:

dgl

2026-03-24 05:38:44 +00:00

parent d7e4396e01

commit 61b46e47fb

1 changed files with 1 additions and 11 deletions

									
										12

sys/kern/kern_pledge.c
									
												View File
												
				@@ -1,4 +1,4 @@

				/*	$OpenBSD: kern_pledge.c,v 1.349 2026/03/24 01:03:11 dgl Exp $	*/

				/*	$OpenBSD: kern_pledge.c,v 1.350 2026/03/24 05:38:44 dgl Exp $	*/

				/*

				 * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>

				@@ -689,16 +689,6 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *path)

						}

				nozoneinfo:

						break;

					case SYS_stat:

						/* XXX go library stats /etc/hosts, remove this soon */

						if ((ni->ni_pledge == PLEDGE_RPATH) &&

						    (pledge & PLEDGE_DNS)) {

							if (strcmp(path, "/etc/hosts") == 0) {

								ni->ni_cnd.cn_flags |= BYPASSUNVEIL;

								return (0);

							}

						}

						break;

					}

					/*

Stop allowing stat("/etc/hosts") in pledge "dns".

12 sys/kern/kern_pledge.c Unescape Escape View File

12

sys/kern/kern_pledge.c

View File