CVSROOT: /cvs Module name: src Changes by: clau...@cvs.openbsd.org 2022/01/09 03:28:07
Modified files: sys/kern : kern_unveil.c sys/sys : namei.h Log message: Add an UNVEIL_USERSET flag which is set when a unveil node is added via unveil(2). It is not set for nodes that are added as a result of a file being added via unveil(2). Use this flag to test if backtracking should be done or not. Also introduce UNVEIL_MASK which checks if any user flags are set and is used to properly return EACCES vs ENOENT. This fixes a problem where unveil("/", "r") & unveil("/usr/bin/id", "rx") cause an error when read accessing "/usr/bin". It also makes sure that unveil(path, "") will return ENOENT for any access of anything under path. Reported by and OK semarie@