Contributed by rueda on from the dance-of-the-seven-unveils dept.
In a message to tech@, Theo de Raadt (deraadt@) discusses the state of development of unveil(2) support in userland (and for a certain port):
This mail includes a large diff of userland which demonstrates how unveil() will be used in base. Additionally, some of you have probably noticed that there is an unveil diff brewing for chrome in ports; others probably heard that unveil was specifically designed to "also satisfy chrome's requirements". Since chrome already does pretty good privsep and is designed for filesystem containment on other platforms, we considered it's requirements in the design of the mechanism. First off, you need this kernel diff to enable unveil(): Index: sys/kern/vfs_syscalls.c =================================================================== RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.295 diff -u -p -u -r1.295 vfs_syscalls.c --- sys/kern/vfs_syscalls.c 22 Jul 2018 06:31:17 -0000 1.295 +++ sys/kern/vfs_syscalls.c 25 Jul 2018 17:28:09 -0000 @@ -913,9 +913,6 @@ sys_unveil(struct proc *p, void *v, regi if (pathlen < 2) return EINVAL; - /* XXX unveil is disabled but returns sucess for now */ - return 0; - if (pathlen == 2 && pathname[0] == '/') NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | SAVENAME, UIO_SYSSPACE, pathname, p); And here is the userland diff, applying to about 37 programs. There will be weaknesses and errors in here. This is not perfect yet. I hope we can bring that list to 50 before activating unveil(). A snapshot release may precede that also, so that we can identify fallout easier. In anycase, there are a few known bugs in kernel side of unveil which need fixing beforehands (nothing serious). Enjoy. [userland diff omitted - Ed]
(Comments are closed)