pledge()'s 2nd argument becomes char *execpromises, which becomes the

pledge for a new execve image immediately upon start.  Also introduces
"error" which makes violations return -1 ENOSYS instead of killing the
program ("error" may not be handed to a setuid/setgid program, which
may be missing/ignoring syscall return values and would continue with
inconsistant state)
Discussion with many
florian has used this to improve the strictness of a daemon

1 files changed, 6 insertions, 6 deletions

diff --git a/usr.bin/kdump/ktrstruct.c b/usr.bin/kdump/ktrstruct.c
index d446b68a89f..0b3f06ae8eb 100644
--- a/usr.bin/kdump/ktrstruct.c
+++ b/usr.bin/kdump/ktrstruct.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ktrstruct.c,v 1.23 2016/10/08 02:16:43 guenther Exp $	*/
+/*	$OpenBSD: ktrstruct.c,v 1.24 2017/12/12 01:12:34 deraadt Exp $	*/
 
 /*-
  * Copyright (c) 1988, 1993
@@ -647,12 +647,12 @@ ktrstruct(char *buf, size_t buflen)
 		ktrcmsghdr(cmsg, datalen);
 		free(cmsg);
 	} else if (strcmp(name, "pledgereq") == 0) {
-		printf("pledge request=");
-		showbufc(basecol + sizeof("pledge request=") - 1,
+		printf("promise=");
+		showbufc(basecol + sizeof("promise=") - 1,
 		    (unsigned char *)data, datalen, VIS_DQ | VIS_TAB | VIS_NL);
-	} else if (strcmp(name, "pledgepath") == 0) {
-		printf("pledge path=");
-		showbufc(basecol + sizeof("pledge path=") - 1,
+	} else if (strcmp(name, "pledgeexecreq") == 0) {
+		printf("execpromise=");
+		showbufc(basecol + sizeof("execpromise=") - 1,
 		    (unsigned char *)data, datalen, VIS_DQ | VIS_TAB | VIS_NL);
 	} else {
 		printf("unknown structure %s\n", name);