mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2024-12-21 23:18:00 -08:00
Code

change permit to be more bits away from deny, because rowhammer.

Browse Source 
not really sure why this is our problem, but the diff is small.
ok deraadt millert miod
This commit is contained in:
tedu 2024-02-15 18:57:58 +00:00
parent 176ddc4be1
commit 38599afa1d
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
usr.bin/doas/doas.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: doas.c,v 1.98 2022/12/22 19:53:22 kn Exp $ */
/* $OpenBSD: doas.c,v 1.99 2024/02/15 18:57:58 tedu Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
@ -145,8 +145,10 @@ permit(uid_t uid, gid_t *groups, int ngroups, const struct rule **lastr,
*lastr = rules[i];
}
if (!*lastr)
return -1;
if ((*lastr)->action == PERMIT)
return 0;
return (*lastr)->action == PERMIT;
return -1;
}
static void
@ -181,6 +183,7 @@ checkconfig(const char *confpath, int argc, char **argv,
uid_t uid, gid_t *groups, int ngroups, uid_t target)
{
const struct rule *rule;
int rv;
setresuid(uid, uid, uid);
if (pledge("stdio rpath getpw", NULL) == -1)
@ -188,9 +191,9 @@ checkconfig(const char *confpath, int argc, char **argv,
parseconfig(confpath, 0);
if (!argc)
exit(0);
if (permit(uid, groups, ngroups, &rule, target, argv[0],
(const char **)argv + 1)) {
rv = permit(uid, groups, ngroups, &rule, target, argv[0],
(const char **)argv + 1);
if (rv == 0) {
printf("permit%s\n", (rule->options & NOPASS) ? " nopass" : "");
exit(0);
} else {
@ -412,8 +415,9 @@ main(int argc, char **argv)
}
cmd = argv[0];
if (!permit(uid, groups, ngroups, &rule, target, cmd,
(const char **)argv + 1)) {
rv = permit(uid, groups, ngroups, &rule, target, cmd,
(const char **)argv + 1);
if (rv != 0) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"command not permitted for %s: %s", mypw->pw_name, cmdline);
errc(1, EPERM, NULL);

4
usr.bin/doas/doas.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: doas.h,v 1.19 2021/11/30 20:08:15 tobias Exp $ */
/* $OpenBSD: doas.h,v 1.20 2024/02/15 18:57:58 tedu Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
@ -36,7 +36,7 @@ struct passwd;
char **prepenv(const struct rule *, const struct passwd *,
const struct passwd *);
#define PERMIT 1
#define PERMIT -1
#define DENY 2
#define NOPASS 0x1