diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-06 17:05:31 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-06 17:05:31 +0000 |
| commit | 57873c6ef693244a302396e82f7cc5bc3e7efd0d (patch) | |
| tree | 29d6183d7d2ff82f3b0a670984c85005d928e62b /sys | |
| parent | 7790a1a5d50a44739abd10a6167c5357003343e4 (diff) | |
When "proc" is requested, allow setpgid() and sigsuspend().
Also the combination of "proc tty" needs to permit TIOCSPGRP.
This is the start at minimum semantics required by processes which
work on process groups, sessions, ttys.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/kern_tame.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c index 73f83a5c9fa..1d6b17363e1 100644 --- a/sys/kern/kern_tame.c +++ b/sys/kern/kern_tame.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_tame.c,v 1.62 2015/10/06 15:21:26 deraadt Exp $ */ +/* $OpenBSD: kern_tame.c,v 1.63 2015/10/06 17:05:30 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -136,6 +136,8 @@ const u_int tame_syscalls[SYS_MAXSYSCALL] = { [SYS_fork] = TAME_PROC, [SYS_vfork] = TAME_PROC, [SYS_kill] = TAME_PROC, + [SYS_setpgid] = TAME_PROC, + [SYS_sigsuspend] = TAME_PROC, [SYS_setgroups] = TAME_PROC, [SYS_setresgid] = TAME_PROC, @@ -1024,6 +1026,10 @@ tame_ioctl_check(struct proc *p, long com, void *v) if ((p->p_p->ps_tame & TAME_TTY)) { switch (com) { + case TIOCSPGRP: + if ((p->p_p->ps_tame & TAME_PROC) == 0) + break; + /* FALTHROUGH */ case TIOCGETA: case TIOCGPGRP: case TIOCGWINSZ: /* various programs */ |