CVSROOT: /cvs
Module name: src
Changes by: clau...@cvs.openbsd.org 2022/01/09 03:28:07
Modified files:
sys/kern : kern_unveil.c
sys/sys : namei.h
Log message:
Add an UNVEIL_USERSET flag which is set when a unveil node is added via
unveil(2). It is not set for nodes that are added as a result of a file
being added via unveil(2). Use this flag to test if backtracking should
be done or not. Also introduce UNVEIL_MASK which checks if any user flags
are set and is used to properly return EACCES vs ENOENT.
This fixes a problem where unveil("/", "r") & unveil("/usr/bin/id", "rx")
cause an error when read accessing "/usr/bin". It also makes sure that
unveil(path, "") will return ENOENT for any access of anything under path.
Reported by and OK semarie@
