diff options
author | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-11-01 19:03:34 +0000 |
---|---|---|
committer | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-11-01 19:03:34 +0000 |
commit | 68511280041637921c144dadc66364bd3847520e (patch) | |
tree | 8837690b527988d8389c4243559c191b02100459 | |
parent | b249aebdcb012545f1aa7bab683224c46dc508fc (diff) |
refactor pledge_*_check and pledge_fail functions
- rename _check function without suffix: a "pledge" function called from
anywhere is a "check" function.
- makes pledge_fail call the responsability to the _check function. remove it
from caller.
- make proper use of (potential) returned error of _check() functions.
- adds pledge_kill() and pledge_protexec()
with and OK deraadt@
-rw-r--r-- | sys/kern/kern_descrip.c | 12 | ||||
-rw-r--r-- | sys/kern/kern_pledge.c | 79 | ||||
-rw-r--r-- | sys/kern/kern_sig.c | 14 | ||||
-rw-r--r-- | sys/kern/kern_sysctl.c | 6 | ||||
-rw-r--r-- | sys/kern/kern_time.c | 7 | ||||
-rw-r--r-- | sys/kern/sys_generic.c | 4 | ||||
-rw-r--r-- | sys/kern/uipc_syscalls.c | 25 | ||||
-rw-r--r-- | sys/kern/uipc_usrreq.c | 6 | ||||
-rw-r--r-- | sys/kern/vfs_lookup.c | 11 | ||||
-rw-r--r-- | sys/kern/vfs_syscalls.c | 10 | ||||
-rw-r--r-- | sys/sys/pledge.h | 31 | ||||
-rw-r--r-- | sys/sys/syscall_mi.h | 4 | ||||
-rw-r--r-- | sys/uvm/uvm_mmap.c | 17 | ||||
-rw-r--r-- | sys/uvm/uvm_swap.c | 4 |
14 files changed, 121 insertions, 109 deletions
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 4e3eb68893d..497b01aa6cf 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_descrip.c,v 1.123 2015/10/28 12:17:20 deraadt Exp $ */ +/* $OpenBSD: kern_descrip.c,v 1.124 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: kern_descrip.c,v 1.42 1996/03/30 22:24:38 christos Exp $ */ /* @@ -348,9 +348,9 @@ sys_fcntl(struct proc *p, void *v, register_t *retval) struct flock fl; int error = 0; - error = pledge_fcntl_check(p, SCARG(uap, cmd)); - if (error != 0) - return (pledge_fail(p, error, PLEDGE_PROC)); + error = pledge_fcntl(p, SCARG(uap, cmd)); + if (error) + return (error); restart: if ((fp = fd_getfile(fdp, fd)) == NULL) @@ -476,7 +476,7 @@ restart: /* FALLTHROUGH */ case F_SETLK: - error = pledge_flock_check(p); + error = pledge_flock(p); if (error != 0) break; @@ -543,7 +543,7 @@ restart: case F_GETLK: - error = pledge_flock_check(p); + error = pledge_flock(p); if (error != 0) break; diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index b956f23c7a4..85c5be6c962 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.96 2015/11/01 15:43:50 deraadt Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.97 2015/11/01 19:03:33 semarie Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -28,6 +28,7 @@ #include <sys/socketvar.h> #include <sys/vnode.h> #include <sys/mbuf.h> +#include <sys/mman.h> #include <sys/sysctl.h> #include <sys/ktrace.h> @@ -524,7 +525,7 @@ sys_pledge(struct proc *p, void *v, register_t *retval) } int -pledge_check(struct proc *p, int code, int *tval) +pledge_syscall(struct proc *p, int code, int *tval) { p->p_pledgenote = p->p_pledgeafter = 0; /* XX optimise? */ p->p_pledge_syscall = code; @@ -585,6 +586,9 @@ pledge_namei(struct proc *p, char *origpath) char path[PATH_MAX]; int error; + if ((p->p_p->ps_flags & PS_PLEDGE) == 0) + return (0); + if (p->p_pledgenote == PLEDGE_COREDUMP) return (0); /* Allow a coredump */ @@ -826,7 +830,7 @@ pledge_aftersyscall(struct proc *p, int code, int error) * Only allow reception of safe file descriptors. */ int -pledge_recvfd_check(struct proc *p, struct file *fp) +pledge_recvfd(struct proc *p, struct file *fp) { struct vnode *vp = NULL; char *vtypes[] = { VTYPE_NAMES }; @@ -857,7 +861,7 @@ pledge_recvfd_check(struct proc *p, struct file *fp) * Only allow sending of safe file descriptors. */ int -pledge_sendfd_check(struct proc *p, struct file *fp) +pledge_sendfd(struct proc *p, struct file *fp) { struct vnode *vp = NULL; char *vtypes[] = { VTYPE_NAMES }; @@ -886,13 +890,13 @@ pledge_sendfd_check(struct proc *p, struct file *fp) } int -pledge_sysctl_check(struct proc *p, int miblen, int *mib, void *new) +pledge_sysctl(struct proc *p, int miblen, int *mib, void *new) { if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); if (new) - return (EFAULT); + return pledge_fail(p, EFAULT, 0); /* routing table observation */ if ((p->p_p->ps_pledge & PLEDGE_ROUTE)) { @@ -1024,11 +1028,11 @@ pledge_sysctl_check(struct proc *p, int miblen, int *mib, void *new) printf("%s(%d): sysctl %d: %d %d %d %d %d %d\n", p->p_comm, p->p_pid, miblen, mib[0], mib[1], mib[2], mib[3], mib[4], mib[5]); - return (EPERM); + return pledge_fail(p, EINVAL, 0); } int -pledge_chown_check(struct proc *p, uid_t uid, gid_t gid) +pledge_chown(struct proc *p, uid_t uid, gid_t gid) { if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); @@ -1041,7 +1045,7 @@ pledge_chown_check(struct proc *p, uid_t uid, gid_t gid) } int -pledge_adjtime_check(struct proc *p, const void *v) +pledge_adjtime(struct proc *p, const void *v) { const struct timeval *delta = v; @@ -1051,12 +1055,12 @@ pledge_adjtime_check(struct proc *p, const void *v) if ((p->p_p->ps_pledge & PLEDGE_SETTIME)) return (0); if (delta) - return (EFAULT); + return (EPERM); return (0); } int -pledge_sendit_check(struct proc *p, const void *to) +pledge_sendit(struct proc *p, const void *to) { if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); @@ -1065,11 +1069,11 @@ pledge_sendit_check(struct proc *p, const void *to) return (0); /* may use address */ if (to == NULL) return (0); /* behaves just like write */ - return (EPERM); + return pledge_fail(p, EPERM, PLEDGE_INET); } int -pledge_ioctl_check(struct proc *p, long com, void *v) +pledge_ioctl(struct proc *p, long com, void *v) { struct file *fp = v; struct vnode *vp = NULL; @@ -1190,7 +1194,7 @@ pledge_ioctl_check(struct proc *p, long com, void *v) } int -pledge_sockopt_check(struct proc *p, int set, int level, int optname) +pledge_sockopt(struct proc *p, int set, int level, int optname) { if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); @@ -1207,7 +1211,7 @@ pledge_sockopt_check(struct proc *p, int set, int level, int optname) } if ((p->p_p->ps_pledge & (PLEDGE_INET|PLEDGE_UNIX|PLEDGE_DNS)) == 0) - return (EINVAL); + return pledge_fail(p, EPERM, PLEDGE_INET); /* In use by some service libraries */ switch (level) { case SOL_SOCKET: @@ -1231,18 +1235,18 @@ pledge_sockopt_check(struct proc *p, int set, int level, int optname) } if ((p->p_p->ps_pledge & (PLEDGE_INET|PLEDGE_UNIX)) == 0) - return (EINVAL); + return pledge_fail(p, EPERM, PLEDGE_INET); switch (level) { case SOL_SOCKET: switch (optname) { case SO_RTABLE: - return (EINVAL); + return pledge_fail(p, EINVAL, PLEDGE_INET); } return (0); } if ((p->p_p->ps_pledge & PLEDGE_INET) == 0) - return (EINVAL); + return pledge_fail(p, EPERM, PLEDGE_INET); switch (level) { case IPPROTO_TCP: switch (optname) { @@ -1299,11 +1303,11 @@ pledge_sockopt_check(struct proc *p, int set, int level, int optname) case IPPROTO_ICMPV6: break; } - return (EPERM); + return pledge_fail(p, EPERM, PLEDGE_INET); } int -pledge_socket_check(struct proc *p, int dns) +pledge_socket(struct proc *p, int dns) { if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); @@ -1312,11 +1316,11 @@ pledge_socket_check(struct proc *p, int dns) return (0); if ((p->p_p->ps_pledge & (PLEDGE_INET|PLEDGE_UNIX|PLEDGE_YPACTIVE))) return (0); - return (EPERM); + return pledge_fail(p, EPERM, dns ? PLEDGE_DNS : PLEDGE_INET); } int -pledge_flock_check(struct proc *p) +pledge_flock(struct proc *p) { if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); @@ -1327,7 +1331,7 @@ pledge_flock_check(struct proc *p) } int -pledge_swapctl_check(struct proc *p) +pledge_swapctl(struct proc *p) { if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); @@ -1335,16 +1339,37 @@ pledge_swapctl_check(struct proc *p) } int -pledge_fcntl_check(struct proc *p, int cmd) +pledge_fcntl(struct proc *p, int cmd) { if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); - if ((p->p_p->ps_pledge & PLEDGE_PROC) == 0 && - cmd == F_SETOWN) - return (EPERM); + if ((p->p_p->ps_pledge & PLEDGE_PROC) == 0 && cmd == F_SETOWN) + return pledge_fail(p, EPERM, PLEDGE_PROC); return (0); } +int +pledge_kill(struct proc *p, pid_t pid) +{ + if ((p->p_p->ps_flags & PS_PLEDGE) == 0) + return 0; + if (p->p_p->ps_pledge & PLEDGE_PROC) + return 0; + if (pid == 0 || pid == p->p_pid) + return 0; + return pledge_fail(p, EPERM, PLEDGE_PROC); +} + +int +pledge_protexec(struct proc *p, int prot) +{ + if ((p->p_p->ps_flags & PS_PLEDGE) == 0) + return 0; + if (!(p->p_p->ps_pledge & PLEDGE_PROTEXEC) && (prot & PROT_EXEC)) + return pledge_fail(p, EPERM, PLEDGE_PROTEXEC); + return 0; +} + void pledge_dropwpaths(struct process *pr) { diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 677a35e3da5..7f49043214a 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.187 2015/10/25 20:39:54 deraadt Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.188 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -569,16 +569,10 @@ sys_kill(struct proc *cp, void *v, register_t *retval) struct proc *p; int pid = SCARG(uap, pid); int signum = SCARG(uap, signum); + int error; - if (cp->p_p->ps_flags & PS_PLEDGE) { - /* PLEDGE_PROC is required to signal another pid */ - if ((cp->p_p->ps_pledge & PLEDGE_PROC) || - pid == cp->p_pid || pid == 0) - ; - else - return pledge_fail(cp, EPERM, PLEDGE_PROC); - } - + if ((error = pledge_kill(cp, pid)) != 0) + return (error); if (((u_int)signum) >= NSIG) return (EINVAL); if (pid > 0) { diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index c76e623ca79..222bf4d89f9 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.297 2015/10/25 20:39:54 deraadt Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.298 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -174,10 +174,10 @@ sys_sysctl(struct proc *p, void *v, register_t *retval) if (error) return (error); - error = pledge_sysctl_check(p, SCARG(uap, namelen), + error = pledge_sysctl(p, SCARG(uap, namelen), name, SCARG(uap, new)); if (error) - return (pledge_fail(p, error, PLEDGE_STDIO)); + return (error); switch (name[0]) { case CTL_KERN: diff --git a/sys/kern/kern_time.c b/sys/kern/kern_time.c index 3aab66ce4d9..674a1c8e092 100644 --- a/sys/kern/kern_time.c +++ b/sys/kern/kern_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_time.c,v 1.94 2015/10/09 01:10:27 deraadt Exp $ */ +/* $OpenBSD: kern_time.c,v 1.95 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: kern_time.c,v 1.20 1996/02/18 11:57:06 fvdl Exp $ */ /* @@ -433,8 +433,9 @@ sys_adjtime(struct proc *p, void *v, register_t *retval) struct timeval atv; int error; - if (pledge_adjtime_check(p, delta)) - return (EPERM); + error = pledge_adjtime(p, delta); + if (error) + return error; if (olddelta) { memset(&atv, 0, sizeof(atv)); diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c index baaedd4efb5..f4cf2b1ac5f 100644 --- a/sys/kern/sys_generic.c +++ b/sys/kern/sys_generic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_generic.c,v 1.108 2015/10/18 05:26:55 semarie Exp $ */ +/* $OpenBSD: sys_generic.c,v 1.109 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: sys_generic.c,v 1.24 1996/03/29 00:25:32 cgd Exp $ */ /* @@ -414,7 +414,7 @@ sys_ioctl(struct proc *p, void *v, register_t *retval) return (EINVAL); } - error = pledge_ioctl_check(p, com, fp); + error = pledge_ioctl(p, com, fp); if (error) return (error); diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index add71d16298..9ba2926f304 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_syscalls.c,v 1.122 2015/10/28 16:03:08 semarie Exp $ */ +/* $OpenBSD: uipc_syscalls.c,v 1.123 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $ */ /* @@ -84,10 +84,9 @@ sys_socket(struct proc *p, void *v, register_t *retval) if ((type & SOCK_DNS) && !(domain == AF_INET || domain == AF_INET6)) return (EINVAL); - error = pledge_socket_check(p, type & SOCK_DNS); + error = pledge_socket(p, type & SOCK_DNS); if (error) - return (pledge_fail(p, error, - (type & SOCK_DNS) ? PLEDGE_DNS : PLEDGE_INET)); + return (error); fdplock(fdp); error = falloc(p, &fp, &fd); @@ -587,11 +586,9 @@ sendit(struct proc *p, int s, struct msghdr *mp, int flags, register_t *retsize) return (error); so = fp->f_data; - error = pledge_sendit_check(p, mp->msg_name); - if (error) { - error = pledge_fail(p, error, PLEDGE_STDIO); + error = pledge_sendit(p, mp->msg_name); + if (error) goto bad; - } auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; @@ -925,11 +922,9 @@ sys_setsockopt(struct proc *p, void *v, register_t *retval) if ((error = getsock(p, SCARG(uap, s), &fp)) != 0) return (error); - error = pledge_sockopt_check(p, 1, SCARG(uap, level), SCARG(uap, name)); - if (error) { - error = pledge_fail(p, error, PLEDGE_INET); + error = pledge_sockopt(p, 1, SCARG(uap, level), SCARG(uap, name)); + if (error) goto bad; - } if (SCARG(uap, valsize) > MCLBYTES) { error = EINVAL; goto bad; @@ -981,11 +976,9 @@ sys_getsockopt(struct proc *p, void *v, register_t *retval) if ((error = getsock(p, SCARG(uap, s), &fp)) != 0) return (error); - error = pledge_sockopt_check(p, 0, SCARG(uap, level), SCARG(uap, name)); - if (error) { - error = pledge_fail(p, error, PLEDGE_INET); + error = pledge_sockopt(p, 0, SCARG(uap, level), SCARG(uap, name)); + if (error) goto out; - } if (SCARG(uap, val)) { error = copyin(SCARG(uap, avalsize), &valsize, sizeof (valsize)); diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index d14b2a5b441..6546af082f0 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.91 2015/11/01 13:49:00 deraadt Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.92 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -684,7 +684,7 @@ unp_externalize(struct mbuf *rights, socklen_t controllen, int flags) for (i = 0; i < nfds; i++) { fp = *rp++; - error = pledge_recvfd_check(p, fp); + error = pledge_recvfd(p, fp); if (error) break; /* @@ -849,7 +849,7 @@ morespace: error = EDEADLK; goto fail; } - error = pledge_sendfd_check(p, fp); + error = pledge_sendfd(p, fp); if (error) goto fail; diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index 9de8580dd50..e0d3c24cd62 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_lookup.c,v 1.57 2015/10/09 01:10:27 deraadt Exp $ */ +/* $OpenBSD: vfs_lookup.c,v 1.58 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: vfs_lookup.c,v 1.17 1996/02/09 19:00:59 christos Exp $ */ /* @@ -166,11 +166,10 @@ fail: */ if ((ndp->ni_rootdir = fdp->fd_rdir) == NULL) ndp->ni_rootdir = rootvnode; - if ((p->p_p->ps_flags & PS_PLEDGE)) { - error = pledge_namei(p, cnp->cn_pnbuf); - if (error) - goto fail; - } + + error = pledge_namei(p, cnp->cn_pnbuf); + if (error) + goto fail; /* * Check if starting from root directory or current directory. diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 1d4ae295941..f3f6b12e1d7 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.237 2015/10/28 18:41:16 deraadt Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.238 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -863,7 +863,7 @@ doopenat(struct proc *p, int fd, const char *path, int oflags, mode_t mode, p->p_pledgenote |= PLEDGE_CPATH; if (oflags & (O_EXLOCK | O_SHLOCK)) { - error = pledge_flock_check(p); + error = pledge_flock(p); if (error != 0) return (error); } @@ -2120,7 +2120,7 @@ dofchownat(struct proc *p, int fd, const char *path, uid_t uid, gid_t gid, if (vp->v_mount->mnt_flag & MNT_RDONLY) error = EROFS; else { - if ((error = pledge_chown_check(p, uid, gid))) + if ((error = pledge_chown(p, uid, gid))) goto out; if ((uid != -1 || gid != -1) && (suser(p, 0) || suid_clear)) { @@ -2172,7 +2172,7 @@ sys_lchown(struct proc *p, void *v, register_t *retval) if (vp->v_mount->mnt_flag & MNT_RDONLY) error = EROFS; else { - if ((error = pledge_chown_check(p, uid, gid))) + if ((error = pledge_chown(p, uid, gid))) goto out; if ((uid != -1 || gid != -1) && (suser(p, 0) || suid_clear)) { @@ -2222,7 +2222,7 @@ sys_fchown(struct proc *p, void *v, register_t *retval) if (vp->v_mount->mnt_flag & MNT_RDONLY) error = EROFS; else { - if ((error = pledge_chown_check(p, uid, gid))) + if ((error = pledge_chown(p, uid, gid))) goto out; if ((uid != -1 || gid != -1) && (suser(p, 0) || suid_clear)) { diff --git a/sys/sys/pledge.h b/sys/sys/pledge.h index 1db9b33d146..69c67e8a75b 100644 --- a/sys/sys/pledge.h +++ b/sys/sys/pledge.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pledge.h,v 1.15 2015/11/01 13:01:58 semarie Exp $ */ +/* $OpenBSD: pledge.h,v 1.16 2015/11/01 19:03:33 semarie Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -92,25 +92,26 @@ static struct { #ifdef _KERNEL -int pledge_check(struct proc *, int, int *); +int pledge_syscall(struct proc *, int, int *); int pledge_fail(struct proc *, int, int); int pledge_namei(struct proc *, char *); void pledge_aftersyscall(struct proc *, int, int); struct mbuf; -int pledge_sendfd_check(struct proc *p, struct file *); -int pledge_recvfd_check(struct proc *p, struct file *); -int pledge_sysctl_check(struct proc *p, int namelen, int *name, void *new); -int pledge_chown_check(struct proc *p, uid_t, gid_t); -int pledge_adjtime_check(struct proc *p, const void *v); -int pledge_sendit_check(struct proc *p, const void *to); -int pledge_socket_check(struct proc *p, int domain); -int pledge_sockopt_check(struct proc *p, int set, int level, int optname); -int pledge_socket_check(struct proc *p, int dns); -int pledge_ioctl_check(struct proc *p, long com, void *); -int pledge_flock_check(struct proc *p); -int pledge_fcntl_check(struct proc *p, int cmd); -int pledge_swapctl_check(struct proc *p); +int pledge_sendfd(struct proc *p, struct file *); +int pledge_recvfd(struct proc *p, struct file *); +int pledge_sysctl(struct proc *p, int namelen, int *name, void *new); +int pledge_chown(struct proc *p, uid_t, gid_t); +int pledge_adjtime(struct proc *p, const void *v); +int pledge_sendit(struct proc *p, const void *to); +int pledge_sockopt(struct proc *p, int set, int level, int optname); +int pledge_socket(struct proc *p, int dns); +int pledge_ioctl(struct proc *p, long com, void *); +int pledge_flock(struct proc *p); +int pledge_fcntl(struct proc *p, int cmd); +int pledge_swapctl(struct proc *p); +int pledge_kill(struct proc *p, pid_t pid); +int pledge_protexec(struct proc *p, int prot); #define PLEDGE_MAXPATHS 8192 diff --git a/sys/sys/syscall_mi.h b/sys/sys/syscall_mi.h index e944c0e0830..935aa9e5a64 100644 --- a/sys/sys/syscall_mi.h +++ b/sys/sys/syscall_mi.h @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall_mi.h,v 1.12 2015/10/26 07:24:20 semarie Exp $ */ +/* $OpenBSD: syscall_mi.h,v 1.13 2015/11/01 19:03:33 semarie Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -72,7 +72,7 @@ mi_syscall(struct proc *p, register_t code, const struct sysent *callp, if (lock) KERNEL_LOCK(); pledged = (p->p_p->ps_flags & PS_PLEDGE); - if (pledged && (error = pledge_check(p, code, &tval))) { + if (pledged && (error = pledge_syscall(p, code, &tval))) { if (!lock) KERNEL_LOCK(); error = pledge_fail(p, error, tval); diff --git a/sys/uvm/uvm_mmap.c b/sys/uvm/uvm_mmap.c index 5f177abdb94..7ebc6e42145 100644 --- a/sys/uvm/uvm_mmap.c +++ b/sys/uvm/uvm_mmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_mmap.c,v 1.120 2015/10/09 01:10:27 deraadt Exp $ */ +/* $OpenBSD: uvm_mmap.c,v 1.121 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: uvm_mmap.c,v 1.49 2001/02/18 21:19:08 chs Exp $ */ /* @@ -365,10 +365,9 @@ sys_mmap(struct proc *p, void *v, register_t *retval) if (size == 0) return (EINVAL); - if ((p->p_p->ps_flags & PS_PLEDGE) && - !(p->p_p->ps_pledge & PLEDGE_PROTEXEC) && - (prot & PROT_EXEC)) - return (pledge_fail(p, EPERM, PLEDGE_PROTEXEC)); + error = pledge_protexec(p, prot); + if (error) + return (error); /* align file position and save offset. adjust size. */ ALIGN_ADDR(pos, size, pageoff); @@ -656,6 +655,7 @@ sys_mprotect(struct proc *p, void *v, register_t *retval) vaddr_t addr; vsize_t size, pageoff; vm_prot_t prot; + int error; /* * extract syscall args from uap @@ -668,10 +668,9 @@ sys_mprotect(struct proc *p, void *v, register_t *retval) if ((prot & PROT_MASK) != prot) return (EINVAL); - if ((p->p_p->ps_flags & PS_PLEDGE) && - !(p->p_p->ps_pledge & PLEDGE_PROTEXEC) && - (prot & PROT_EXEC)) - return (pledge_fail(p, EPERM, PLEDGE_PROTEXEC)); + error = pledge_protexec(p, prot); + if (error) + return (error); /* * align the address to a page boundary, and adjust the size accordingly diff --git a/sys/uvm/uvm_swap.c b/sys/uvm/uvm_swap.c index f7fa31d28dd..a2a3ad80226 100644 --- a/sys/uvm/uvm_swap.c +++ b/sys/uvm/uvm_swap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_swap.c,v 1.138 2015/10/23 01:10:01 deraadt Exp $ */ +/* $OpenBSD: uvm_swap.c,v 1.139 2015/11/01 19:03:33 semarie Exp $ */ /* $NetBSD: uvm_swap.c,v 1.40 2000/11/17 11:39:39 mrg Exp $ */ /* @@ -670,7 +670,7 @@ sys_swapctl(struct proc *p, void *v, register_t *retval) } /* all other requests require superuser privs. verify. */ - if ((error = suser(p, 0)) || pledge_swapctl_check(p)) + if ((error = suser(p, 0)) || (error = pledge_swapctl(p))) goto out; /* |