Add an acct(5) flag for pledge violations. Then lastcomm(1) shows

when something went wrong.  This allows to monitor whether the
system is under attack and that the attack has been prevented by
OpenBSD pledge(2).
OK deraadt@ millert@ jmc@

1 files changed, 12 insertions, 2 deletions

diff --git a/lib/libc/sys/pledge.2 b/lib/libc/sys/pledge.2
index 6527891168e..1eacec949aa 100644
--- a/lib/libc/sys/pledge.2
+++ b/lib/libc/sys/pledge.2
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pledge.2,v 1.42 2017/05/30 16:46:04 deraadt Exp $
+.\" $OpenBSD: pledge.2,v 1.43 2017/06/07 20:53:59 bluhm Exp $
 .\"
 .\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: May 30 2017 $
+.Dd $Mdocdate: June 7 2017 $
 .Dt PLEDGE 2
 .Os
 .Sh NAME
@@ -46,6 +46,16 @@ can reduce the abilities further, but abilities can never be regained.
 A process which attempts a restricted operation is killed with an uncatchable
 .Dv SIGABRT ,
 delivering a core file if possible.
+A process currently running with pledge has state
+.Sq p
+in
+.Xr ps 1
+output; a process that was terminated due to a pledge violation
+is accounted by
+.Xr lastcomm 1
+with the
+.Sq P
+flag.
 .Pp
 A
 .Fa promises