Drop PLEDGE_CPATH from SYS_open, the flags passed result in rpath or

mirror of https://github.com/openbsd/src.git synced 2026-04-24 06:04:47 +00:00

wpath pledge always being checked. cpath alone is not enough.

ok deraadt

This commit is contained in:

dgl

2026-03-26 05:21:06 +00:00

parent 613b296197

commit bf91cc2988

1 changed files with 2 additions and 2 deletions

									
										4

sys/kern/kern_pledge.c
									
												View File
												
				@@ -1,4 +1,4 @@

				/*	$OpenBSD: kern_pledge.c,v 1.354 2026/03/26 00:55:20 deraadt Exp $	*/

				/*	$OpenBSD: kern_pledge.c,v 1.355 2026/03/26 05:21:06 dgl Exp $	*/

				/*

				 * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>

				@@ -241,7 +241,7 @@ const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = {

					 * Path access/creation calls encounter many extensive

					 * checks done during pledge_namei()

					 */

					[SYS_open] = PLEDGE_RPATH | PLEDGE_WPATH | PLEDGE_CPATH,

					[SYS_open] = PLEDGE_RPATH | PLEDGE_WPATH,

					[SYS___pledge_open] = PLEDGE_STDIO,

					[SYS_stat] = PLEDGE_STDIO,

					[SYS_access] = PLEDGE_STDIO,

Drop PLEDGE_CPATH from SYS_open, the flags passed result in rpath or

4 sys/kern/kern_pledge.c Unescape Escape View File

4

sys/kern/kern_pledge.c

View File