summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSebastien Marie <semarie@cvs.openbsd.org>2015-11-01 19:03:34 +0000
committerSebastien Marie <semarie@cvs.openbsd.org>2015-11-01 19:03:34 +0000
commit68511280041637921c144dadc66364bd3847520e (patch)
tree8837690b527988d8389c4243559c191b02100459
parentb249aebdcb012545f1aa7bab683224c46dc508fc (diff)
refactor pledge_*_check and pledge_fail functions
- rename _check function without suffix: a "pledge" function called from anywhere is a "check" function. - makes pledge_fail call the responsability to the _check function. remove it from caller. - make proper use of (potential) returned error of _check() functions. - adds pledge_kill() and pledge_protexec() with and OK deraadt@
-rw-r--r--sys/kern/kern_descrip.c12
-rw-r--r--sys/kern/kern_pledge.c79
-rw-r--r--sys/kern/kern_sig.c14
-rw-r--r--sys/kern/kern_sysctl.c6
-rw-r--r--sys/kern/kern_time.c7
-rw-r--r--sys/kern/sys_generic.c4
-rw-r--r--sys/kern/uipc_syscalls.c25
-rw-r--r--sys/kern/uipc_usrreq.c6
-rw-r--r--sys/kern/vfs_lookup.c11
-rw-r--r--sys/kern/vfs_syscalls.c10
-rw-r--r--sys/sys/pledge.h31
-rw-r--r--sys/sys/syscall_mi.h4
-rw-r--r--sys/uvm/uvm_mmap.c17
-rw-r--r--sys/uvm/uvm_swap.c4
14 files changed, 121 insertions, 109 deletions
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 4e3eb68893d..497b01aa6cf 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_descrip.c,v 1.123 2015/10/28 12:17:20 deraadt Exp $ */
+/* $OpenBSD: kern_descrip.c,v 1.124 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: kern_descrip.c,v 1.42 1996/03/30 22:24:38 christos Exp $ */
/*
@@ -348,9 +348,9 @@ sys_fcntl(struct proc *p, void *v, register_t *retval)
struct flock fl;
int error = 0;
- error = pledge_fcntl_check(p, SCARG(uap, cmd));
- if (error != 0)
- return (pledge_fail(p, error, PLEDGE_PROC));
+ error = pledge_fcntl(p, SCARG(uap, cmd));
+ if (error)
+ return (error);
restart:
if ((fp = fd_getfile(fdp, fd)) == NULL)
@@ -476,7 +476,7 @@ restart:
/* FALLTHROUGH */
case F_SETLK:
- error = pledge_flock_check(p);
+ error = pledge_flock(p);
if (error != 0)
break;
@@ -543,7 +543,7 @@ restart:
case F_GETLK:
- error = pledge_flock_check(p);
+ error = pledge_flock(p);
if (error != 0)
break;
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index b956f23c7a4..85c5be6c962 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_pledge.c,v 1.96 2015/11/01 15:43:50 deraadt Exp $ */
+/* $OpenBSD: kern_pledge.c,v 1.97 2015/11/01 19:03:33 semarie Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -28,6 +28,7 @@
#include <sys/socketvar.h>
#include <sys/vnode.h>
#include <sys/mbuf.h>
+#include <sys/mman.h>
#include <sys/sysctl.h>
#include <sys/ktrace.h>
@@ -524,7 +525,7 @@ sys_pledge(struct proc *p, void *v, register_t *retval)
}
int
-pledge_check(struct proc *p, int code, int *tval)
+pledge_syscall(struct proc *p, int code, int *tval)
{
p->p_pledgenote = p->p_pledgeafter = 0; /* XX optimise? */
p->p_pledge_syscall = code;
@@ -585,6 +586,9 @@ pledge_namei(struct proc *p, char *origpath)
char path[PATH_MAX];
int error;
+ if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
+ return (0);
+
if (p->p_pledgenote == PLEDGE_COREDUMP)
return (0); /* Allow a coredump */
@@ -826,7 +830,7 @@ pledge_aftersyscall(struct proc *p, int code, int error)
* Only allow reception of safe file descriptors.
*/
int
-pledge_recvfd_check(struct proc *p, struct file *fp)
+pledge_recvfd(struct proc *p, struct file *fp)
{
struct vnode *vp = NULL;
char *vtypes[] = { VTYPE_NAMES };
@@ -857,7 +861,7 @@ pledge_recvfd_check(struct proc *p, struct file *fp)
* Only allow sending of safe file descriptors.
*/
int
-pledge_sendfd_check(struct proc *p, struct file *fp)
+pledge_sendfd(struct proc *p, struct file *fp)
{
struct vnode *vp = NULL;
char *vtypes[] = { VTYPE_NAMES };
@@ -886,13 +890,13 @@ pledge_sendfd_check(struct proc *p, struct file *fp)
}
int
-pledge_sysctl_check(struct proc *p, int miblen, int *mib, void *new)
+pledge_sysctl(struct proc *p, int miblen, int *mib, void *new)
{
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
if (new)
- return (EFAULT);
+ return pledge_fail(p, EFAULT, 0);
/* routing table observation */
if ((p->p_p->ps_pledge & PLEDGE_ROUTE)) {
@@ -1024,11 +1028,11 @@ pledge_sysctl_check(struct proc *p, int miblen, int *mib, void *new)
printf("%s(%d): sysctl %d: %d %d %d %d %d %d\n",
p->p_comm, p->p_pid, miblen, mib[0], mib[1],
mib[2], mib[3], mib[4], mib[5]);
- return (EPERM);
+ return pledge_fail(p, EINVAL, 0);
}
int
-pledge_chown_check(struct proc *p, uid_t uid, gid_t gid)
+pledge_chown(struct proc *p, uid_t uid, gid_t gid)
{
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
@@ -1041,7 +1045,7 @@ pledge_chown_check(struct proc *p, uid_t uid, gid_t gid)
}
int
-pledge_adjtime_check(struct proc *p, const void *v)
+pledge_adjtime(struct proc *p, const void *v)
{
const struct timeval *delta = v;
@@ -1051,12 +1055,12 @@ pledge_adjtime_check(struct proc *p, const void *v)
if ((p->p_p->ps_pledge & PLEDGE_SETTIME))
return (0);
if (delta)
- return (EFAULT);
+ return (EPERM);
return (0);
}
int
-pledge_sendit_check(struct proc *p, const void *to)
+pledge_sendit(struct proc *p, const void *to)
{
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
@@ -1065,11 +1069,11 @@ pledge_sendit_check(struct proc *p, const void *to)
return (0); /* may use address */
if (to == NULL)
return (0); /* behaves just like write */
- return (EPERM);
+ return pledge_fail(p, EPERM, PLEDGE_INET);
}
int
-pledge_ioctl_check(struct proc *p, long com, void *v)
+pledge_ioctl(struct proc *p, long com, void *v)
{
struct file *fp = v;
struct vnode *vp = NULL;
@@ -1190,7 +1194,7 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
}
int
-pledge_sockopt_check(struct proc *p, int set, int level, int optname)
+pledge_sockopt(struct proc *p, int set, int level, int optname)
{
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
@@ -1207,7 +1211,7 @@ pledge_sockopt_check(struct proc *p, int set, int level, int optname)
}
if ((p->p_p->ps_pledge & (PLEDGE_INET|PLEDGE_UNIX|PLEDGE_DNS)) == 0)
- return (EINVAL);
+ return pledge_fail(p, EPERM, PLEDGE_INET);
/* In use by some service libraries */
switch (level) {
case SOL_SOCKET:
@@ -1231,18 +1235,18 @@ pledge_sockopt_check(struct proc *p, int set, int level, int optname)
}
if ((p->p_p->ps_pledge & (PLEDGE_INET|PLEDGE_UNIX)) == 0)
- return (EINVAL);
+ return pledge_fail(p, EPERM, PLEDGE_INET);
switch (level) {
case SOL_SOCKET:
switch (optname) {
case SO_RTABLE:
- return (EINVAL);
+ return pledge_fail(p, EINVAL, PLEDGE_INET);
}
return (0);
}
if ((p->p_p->ps_pledge & PLEDGE_INET) == 0)
- return (EINVAL);
+ return pledge_fail(p, EPERM, PLEDGE_INET);
switch (level) {
case IPPROTO_TCP:
switch (optname) {
@@ -1299,11 +1303,11 @@ pledge_sockopt_check(struct proc *p, int set, int level, int optname)
case IPPROTO_ICMPV6:
break;
}
- return (EPERM);
+ return pledge_fail(p, EPERM, PLEDGE_INET);
}
int
-pledge_socket_check(struct proc *p, int dns)
+pledge_socket(struct proc *p, int dns)
{
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
@@ -1312,11 +1316,11 @@ pledge_socket_check(struct proc *p, int dns)
return (0);
if ((p->p_p->ps_pledge & (PLEDGE_INET|PLEDGE_UNIX|PLEDGE_YPACTIVE)))
return (0);
- return (EPERM);
+ return pledge_fail(p, EPERM, dns ? PLEDGE_DNS : PLEDGE_INET);
}
int
-pledge_flock_check(struct proc *p)
+pledge_flock(struct proc *p)
{
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
@@ -1327,7 +1331,7 @@ pledge_flock_check(struct proc *p)
}
int
-pledge_swapctl_check(struct proc *p)
+pledge_swapctl(struct proc *p)
{
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
@@ -1335,16 +1339,37 @@ pledge_swapctl_check(struct proc *p)
}
int
-pledge_fcntl_check(struct proc *p, int cmd)
+pledge_fcntl(struct proc *p, int cmd)
{
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
- if ((p->p_p->ps_pledge & PLEDGE_PROC) == 0 &&
- cmd == F_SETOWN)
- return (EPERM);
+ if ((p->p_p->ps_pledge & PLEDGE_PROC) == 0 && cmd == F_SETOWN)
+ return pledge_fail(p, EPERM, PLEDGE_PROC);
return (0);
}
+int
+pledge_kill(struct proc *p, pid_t pid)
+{
+ if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
+ return 0;
+ if (p->p_p->ps_pledge & PLEDGE_PROC)
+ return 0;
+ if (pid == 0 || pid == p->p_pid)
+ return 0;
+ return pledge_fail(p, EPERM, PLEDGE_PROC);
+}
+
+int
+pledge_protexec(struct proc *p, int prot)
+{
+ if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
+ return 0;
+ if (!(p->p_p->ps_pledge & PLEDGE_PROTEXEC) && (prot & PROT_EXEC))
+ return pledge_fail(p, EPERM, PLEDGE_PROTEXEC);
+ return 0;
+}
+
void
pledge_dropwpaths(struct process *pr)
{
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 677a35e3da5..7f49043214a 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_sig.c,v 1.187 2015/10/25 20:39:54 deraadt Exp $ */
+/* $OpenBSD: kern_sig.c,v 1.188 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */
/*
@@ -569,16 +569,10 @@ sys_kill(struct proc *cp, void *v, register_t *retval)
struct proc *p;
int pid = SCARG(uap, pid);
int signum = SCARG(uap, signum);
+ int error;
- if (cp->p_p->ps_flags & PS_PLEDGE) {
- /* PLEDGE_PROC is required to signal another pid */
- if ((cp->p_p->ps_pledge & PLEDGE_PROC) ||
- pid == cp->p_pid || pid == 0)
- ;
- else
- return pledge_fail(cp, EPERM, PLEDGE_PROC);
- }
-
+ if ((error = pledge_kill(cp, pid)) != 0)
+ return (error);
if (((u_int)signum) >= NSIG)
return (EINVAL);
if (pid > 0) {
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index c76e623ca79..222bf4d89f9 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_sysctl.c,v 1.297 2015/10/25 20:39:54 deraadt Exp $ */
+/* $OpenBSD: kern_sysctl.c,v 1.298 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */
/*-
@@ -174,10 +174,10 @@ sys_sysctl(struct proc *p, void *v, register_t *retval)
if (error)
return (error);
- error = pledge_sysctl_check(p, SCARG(uap, namelen),
+ error = pledge_sysctl(p, SCARG(uap, namelen),
name, SCARG(uap, new));
if (error)
- return (pledge_fail(p, error, PLEDGE_STDIO));
+ return (error);
switch (name[0]) {
case CTL_KERN:
diff --git a/sys/kern/kern_time.c b/sys/kern/kern_time.c
index 3aab66ce4d9..674a1c8e092 100644
--- a/sys/kern/kern_time.c
+++ b/sys/kern/kern_time.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_time.c,v 1.94 2015/10/09 01:10:27 deraadt Exp $ */
+/* $OpenBSD: kern_time.c,v 1.95 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: kern_time.c,v 1.20 1996/02/18 11:57:06 fvdl Exp $ */
/*
@@ -433,8 +433,9 @@ sys_adjtime(struct proc *p, void *v, register_t *retval)
struct timeval atv;
int error;
- if (pledge_adjtime_check(p, delta))
- return (EPERM);
+ error = pledge_adjtime(p, delta);
+ if (error)
+ return error;
if (olddelta) {
memset(&atv, 0, sizeof(atv));
diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index baaedd4efb5..f4cf2b1ac5f 100644
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sys_generic.c,v 1.108 2015/10/18 05:26:55 semarie Exp $ */
+/* $OpenBSD: sys_generic.c,v 1.109 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: sys_generic.c,v 1.24 1996/03/29 00:25:32 cgd Exp $ */
/*
@@ -414,7 +414,7 @@ sys_ioctl(struct proc *p, void *v, register_t *retval)
return (EINVAL);
}
- error = pledge_ioctl_check(p, com, fp);
+ error = pledge_ioctl(p, com, fp);
if (error)
return (error);
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index add71d16298..9ba2926f304 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uipc_syscalls.c,v 1.122 2015/10/28 16:03:08 semarie Exp $ */
+/* $OpenBSD: uipc_syscalls.c,v 1.123 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $ */
/*
@@ -84,10 +84,9 @@ sys_socket(struct proc *p, void *v, register_t *retval)
if ((type & SOCK_DNS) && !(domain == AF_INET || domain == AF_INET6))
return (EINVAL);
- error = pledge_socket_check(p, type & SOCK_DNS);
+ error = pledge_socket(p, type & SOCK_DNS);
if (error)
- return (pledge_fail(p, error,
- (type & SOCK_DNS) ? PLEDGE_DNS : PLEDGE_INET));
+ return (error);
fdplock(fdp);
error = falloc(p, &fp, &fd);
@@ -587,11 +586,9 @@ sendit(struct proc *p, int s, struct msghdr *mp, int flags, register_t *retsize)
return (error);
so = fp->f_data;
- error = pledge_sendit_check(p, mp->msg_name);
- if (error) {
- error = pledge_fail(p, error, PLEDGE_STDIO);
+ error = pledge_sendit(p, mp->msg_name);
+ if (error)
goto bad;
- }
auio.uio_iov = mp->msg_iov;
auio.uio_iovcnt = mp->msg_iovlen;
@@ -925,11 +922,9 @@ sys_setsockopt(struct proc *p, void *v, register_t *retval)
if ((error = getsock(p, SCARG(uap, s), &fp)) != 0)
return (error);
- error = pledge_sockopt_check(p, 1, SCARG(uap, level), SCARG(uap, name));
- if (error) {
- error = pledge_fail(p, error, PLEDGE_INET);
+ error = pledge_sockopt(p, 1, SCARG(uap, level), SCARG(uap, name));
+ if (error)
goto bad;
- }
if (SCARG(uap, valsize) > MCLBYTES) {
error = EINVAL;
goto bad;
@@ -981,11 +976,9 @@ sys_getsockopt(struct proc *p, void *v, register_t *retval)
if ((error = getsock(p, SCARG(uap, s), &fp)) != 0)
return (error);
- error = pledge_sockopt_check(p, 0, SCARG(uap, level), SCARG(uap, name));
- if (error) {
- error = pledge_fail(p, error, PLEDGE_INET);
+ error = pledge_sockopt(p, 0, SCARG(uap, level), SCARG(uap, name));
+ if (error)
goto out;
- }
if (SCARG(uap, val)) {
error = copyin(SCARG(uap, avalsize),
&valsize, sizeof (valsize));
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index d14b2a5b441..6546af082f0 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uipc_usrreq.c,v 1.91 2015/11/01 13:49:00 deraadt Exp $ */
+/* $OpenBSD: uipc_usrreq.c,v 1.92 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */
/*
@@ -684,7 +684,7 @@ unp_externalize(struct mbuf *rights, socklen_t controllen, int flags)
for (i = 0; i < nfds; i++) {
fp = *rp++;
- error = pledge_recvfd_check(p, fp);
+ error = pledge_recvfd(p, fp);
if (error)
break;
/*
@@ -849,7 +849,7 @@ morespace:
error = EDEADLK;
goto fail;
}
- error = pledge_sendfd_check(p, fp);
+ error = pledge_sendfd(p, fp);
if (error)
goto fail;
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c
index 9de8580dd50..e0d3c24cd62 100644
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vfs_lookup.c,v 1.57 2015/10/09 01:10:27 deraadt Exp $ */
+/* $OpenBSD: vfs_lookup.c,v 1.58 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: vfs_lookup.c,v 1.17 1996/02/09 19:00:59 christos Exp $ */
/*
@@ -166,11 +166,10 @@ fail:
*/
if ((ndp->ni_rootdir = fdp->fd_rdir) == NULL)
ndp->ni_rootdir = rootvnode;
- if ((p->p_p->ps_flags & PS_PLEDGE)) {
- error = pledge_namei(p, cnp->cn_pnbuf);
- if (error)
- goto fail;
- }
+
+ error = pledge_namei(p, cnp->cn_pnbuf);
+ if (error)
+ goto fail;
/*
* Check if starting from root directory or current directory.
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 1d4ae295941..f3f6b12e1d7 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vfs_syscalls.c,v 1.237 2015/10/28 18:41:16 deraadt Exp $ */
+/* $OpenBSD: vfs_syscalls.c,v 1.238 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */
/*
@@ -863,7 +863,7 @@ doopenat(struct proc *p, int fd, const char *path, int oflags, mode_t mode,
p->p_pledgenote |= PLEDGE_CPATH;
if (oflags & (O_EXLOCK | O_SHLOCK)) {
- error = pledge_flock_check(p);
+ error = pledge_flock(p);
if (error != 0)
return (error);
}
@@ -2120,7 +2120,7 @@ dofchownat(struct proc *p, int fd, const char *path, uid_t uid, gid_t gid,
if (vp->v_mount->mnt_flag & MNT_RDONLY)
error = EROFS;
else {
- if ((error = pledge_chown_check(p, uid, gid)))
+ if ((error = pledge_chown(p, uid, gid)))
goto out;
if ((uid != -1 || gid != -1) &&
(suser(p, 0) || suid_clear)) {
@@ -2172,7 +2172,7 @@ sys_lchown(struct proc *p, void *v, register_t *retval)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
error = EROFS;
else {
- if ((error = pledge_chown_check(p, uid, gid)))
+ if ((error = pledge_chown(p, uid, gid)))
goto out;
if ((uid != -1 || gid != -1) &&
(suser(p, 0) || suid_clear)) {
@@ -2222,7 +2222,7 @@ sys_fchown(struct proc *p, void *v, register_t *retval)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
error = EROFS;
else {
- if ((error = pledge_chown_check(p, uid, gid)))
+ if ((error = pledge_chown(p, uid, gid)))
goto out;
if ((uid != -1 || gid != -1) &&
(suser(p, 0) || suid_clear)) {
diff --git a/sys/sys/pledge.h b/sys/sys/pledge.h
index 1db9b33d146..69c67e8a75b 100644
--- a/sys/sys/pledge.h
+++ b/sys/sys/pledge.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pledge.h,v 1.15 2015/11/01 13:01:58 semarie Exp $ */
+/* $OpenBSD: pledge.h,v 1.16 2015/11/01 19:03:33 semarie Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -92,25 +92,26 @@ static struct {
#ifdef _KERNEL
-int pledge_check(struct proc *, int, int *);
+int pledge_syscall(struct proc *, int, int *);
int pledge_fail(struct proc *, int, int);
int pledge_namei(struct proc *, char *);
void pledge_aftersyscall(struct proc *, int, int);
struct mbuf;
-int pledge_sendfd_check(struct proc *p, struct file *);
-int pledge_recvfd_check(struct proc *p, struct file *);
-int pledge_sysctl_check(struct proc *p, int namelen, int *name, void *new);
-int pledge_chown_check(struct proc *p, uid_t, gid_t);
-int pledge_adjtime_check(struct proc *p, const void *v);
-int pledge_sendit_check(struct proc *p, const void *to);
-int pledge_socket_check(struct proc *p, int domain);
-int pledge_sockopt_check(struct proc *p, int set, int level, int optname);
-int pledge_socket_check(struct proc *p, int dns);
-int pledge_ioctl_check(struct proc *p, long com, void *);
-int pledge_flock_check(struct proc *p);
-int pledge_fcntl_check(struct proc *p, int cmd);
-int pledge_swapctl_check(struct proc *p);
+int pledge_sendfd(struct proc *p, struct file *);
+int pledge_recvfd(struct proc *p, struct file *);
+int pledge_sysctl(struct proc *p, int namelen, int *name, void *new);
+int pledge_chown(struct proc *p, uid_t, gid_t);
+int pledge_adjtime(struct proc *p, const void *v);
+int pledge_sendit(struct proc *p, const void *to);
+int pledge_sockopt(struct proc *p, int set, int level, int optname);
+int pledge_socket(struct proc *p, int dns);
+int pledge_ioctl(struct proc *p, long com, void *);
+int pledge_flock(struct proc *p);
+int pledge_fcntl(struct proc *p, int cmd);
+int pledge_swapctl(struct proc *p);
+int pledge_kill(struct proc *p, pid_t pid);
+int pledge_protexec(struct proc *p, int prot);
#define PLEDGE_MAXPATHS 8192
diff --git a/sys/sys/syscall_mi.h b/sys/sys/syscall_mi.h
index e944c0e0830..935aa9e5a64 100644
--- a/sys/sys/syscall_mi.h
+++ b/sys/sys/syscall_mi.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: syscall_mi.h,v 1.12 2015/10/26 07:24:20 semarie Exp $ */
+/* $OpenBSD: syscall_mi.h,v 1.13 2015/11/01 19:03:33 semarie Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@@ -72,7 +72,7 @@ mi_syscall(struct proc *p, register_t code, const struct sysent *callp,
if (lock)
KERNEL_LOCK();
pledged = (p->p_p->ps_flags & PS_PLEDGE);
- if (pledged && (error = pledge_check(p, code, &tval))) {
+ if (pledged && (error = pledge_syscall(p, code, &tval))) {
if (!lock)
KERNEL_LOCK();
error = pledge_fail(p, error, tval);
diff --git a/sys/uvm/uvm_mmap.c b/sys/uvm/uvm_mmap.c
index 5f177abdb94..7ebc6e42145 100644
--- a/sys/uvm/uvm_mmap.c
+++ b/sys/uvm/uvm_mmap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uvm_mmap.c,v 1.120 2015/10/09 01:10:27 deraadt Exp $ */
+/* $OpenBSD: uvm_mmap.c,v 1.121 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: uvm_mmap.c,v 1.49 2001/02/18 21:19:08 chs Exp $ */
/*
@@ -365,10 +365,9 @@ sys_mmap(struct proc *p, void *v, register_t *retval)
if (size == 0)
return (EINVAL);
- if ((p->p_p->ps_flags & PS_PLEDGE) &&
- !(p->p_p->ps_pledge & PLEDGE_PROTEXEC) &&
- (prot & PROT_EXEC))
- return (pledge_fail(p, EPERM, PLEDGE_PROTEXEC));
+ error = pledge_protexec(p, prot);
+ if (error)
+ return (error);
/* align file position and save offset. adjust size. */
ALIGN_ADDR(pos, size, pageoff);
@@ -656,6 +655,7 @@ sys_mprotect(struct proc *p, void *v, register_t *retval)
vaddr_t addr;
vsize_t size, pageoff;
vm_prot_t prot;
+ int error;
/*
* extract syscall args from uap
@@ -668,10 +668,9 @@ sys_mprotect(struct proc *p, void *v, register_t *retval)
if ((prot & PROT_MASK) != prot)
return (EINVAL);
- if ((p->p_p->ps_flags & PS_PLEDGE) &&
- !(p->p_p->ps_pledge & PLEDGE_PROTEXEC) &&
- (prot & PROT_EXEC))
- return (pledge_fail(p, EPERM, PLEDGE_PROTEXEC));
+ error = pledge_protexec(p, prot);
+ if (error)
+ return (error);
/*
* align the address to a page boundary, and adjust the size accordingly
diff --git a/sys/uvm/uvm_swap.c b/sys/uvm/uvm_swap.c
index f7fa31d28dd..a2a3ad80226 100644
--- a/sys/uvm/uvm_swap.c
+++ b/sys/uvm/uvm_swap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uvm_swap.c,v 1.138 2015/10/23 01:10:01 deraadt Exp $ */
+/* $OpenBSD: uvm_swap.c,v 1.139 2015/11/01 19:03:33 semarie Exp $ */
/* $NetBSD: uvm_swap.c,v 1.40 2000/11/17 11:39:39 mrg Exp $ */
/*
@@ -670,7 +670,7 @@ sys_swapctl(struct proc *p, void *v, register_t *retval)
}
/* all other requests require superuser privs. verify. */
- if ((error = suser(p, 0)) || pledge_swapctl_check(p))
+ if ((error = suser(p, 0)) || (error = pledge_swapctl(p)))
goto out;
/*