CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/03/24 23:14:10
Modified files:
sys/kern : kern_pledge.c
Log message:
In the namei callback for __pledge_open() invert the logic of checking
pledge/namei modes and then checking for the path. Now, first
identify the path with array bsearch then check the pledge/namei modes.
Since this is __pledge_open(), if the path is not known, terminate with
an EACCES abort. If the path is known but the pledge/namei modes don't
suggest an unveil bypass, allow the code to fallthrough to the rpath/wpath
checks, and then back into namei for unveil validation.
ok dgl
