diff options
author | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-09-30 11:36:08 +0000 |
---|---|---|
committer | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-09-30 11:36:08 +0000 |
commit | 79eb9a318258687457f3926a9712aabb34c6c569 (patch) | |
tree | a13675da40ea274cecfee80f0f940cac7718cb35 /lib | |
parent | ded5ecd296e14ad5fdbd36dcd07f55568e05bb34 (diff) |
implement new "prot_exec" tame(2) request:
- by default, a tamed-program don't have the possibility to use PROT_EXEC for
mmap(2) or mprotect(2)
- for that, use the request "prot_exec" (that could be dropped later)
initial idea from deraadt@ and kettenis@
"make complete sense" beck@
ok deraadt@
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libc/sys/tame.2 | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/lib/libc/sys/tame.2 b/lib/libc/sys/tame.2 index 24f27e5047d..0d72a168318 100644 --- a/lib/libc/sys/tame.2 +++ b/lib/libc/sys/tame.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tame.2,v 1.29 2015/09/26 17:16:10 jmc Exp $ +.\" $OpenBSD: tame.2,v 1.30 2015/09/30 11:36:07 semarie Exp $ .\" .\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 26 2015 $ +.Dd $Mdocdate: September 30 2015 $ .Dt TAME 2 .Os .Sh NAME @@ -121,6 +121,11 @@ Read-only, for Setuid/setgid/sticky bits are ignored. The user or group cannot be changed on a file. .Pp +.It Xr mmap 2 +.It Xr mprotect 2 +.Dv PROT_EXEC +isn't allowed. +.Pp .It Xr open 2 May open .Pa /etc/localtime , @@ -387,7 +392,14 @@ Allows the following process relationship operations: .Xr kill 2 , .Xr setgroups 2 , .Xr setresgid 2 , -.Xr setresuid 2 , +.Xr setresuid 2 . +.It Va "prot_exec" +Allows the use of +.Dv PROT_EXEC +with +.Xr mmap 2 +and +.Xr mprotect 2 . .It Va "abort" Deliver an unblockable .Dv SIGABRT |