From bdfac6fb6d9c228b1e2bd1606d42f9f9879064ac Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Sun, 6 Dec 2015 17:50:22 +0000
Subject: Change kernel internal pledge variables to 64bit (to prepare for more
 extensions).  This change is exposed in ktrace.out files ok semarie

---
 sys/kern/kern_ktrace.c |  4 +--
 sys/kern/kern_pledge.c |  8 ++---
 sys/sys/ktrace.h       |  6 ++--
 sys/sys/namei.h        |  4 +--
 sys/sys/pledge.h       | 82 ++++++++++++++++++++++++++------------------------
 sys/sys/proc.h         |  4 +--
 6 files changed, 56 insertions(+), 52 deletions(-)

(limited to 'sys')

diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 14ed01c4bf6..aefc39319d3 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_ktrace.c,v 1.85 2015/12/05 10:11:53 tedu Exp $	*/
+/*	$OpenBSD: kern_ktrace.c,v 1.86 2015/12/06 17:50:21 deraadt Exp $	*/
 /*	$NetBSD: kern_ktrace.c,v 1.23 1996/02/09 18:59:36 christos Exp $	*/
 
 /*
@@ -400,7 +400,7 @@ ktrexec(struct proc *p, int type, const char *data, ssize_t len)
 }
 
 void
-ktrpledge(struct proc *p, int error, int code, int syscall)
+ktrpledge(struct proc *p, int error, uint64_t code, int syscall)
 {
 	struct ktr_header kth;
 	struct ktr_pledge kp;
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 75591b8583c..396d2cb64f6 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.135 2015/12/05 19:21:49 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.136 2015/12/06 17:50:21 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -72,7 +72,7 @@ int substrcmp(const char *p1, size_t s1, const char *p2, size_t s2);
 /*
  * Ordered in blocks starting with least risky and most required.
  */
-const u_int pledge_syscalls[SYS_MAXSYSCALL] = {
+const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = {
 	/*
 	 * Minimum required 
 	 */
@@ -368,7 +368,7 @@ sys_pledge(struct proc *p, void *v, register_t *retval)
 		syscallarg(const char *)request;
 		syscallarg(const char **)paths;
 	} */	*uap = v;
-	int flags = 0;
+	uint64_t flags = 0;
 	int error;
 
 	if (SCARG(uap, request)) {
@@ -563,7 +563,7 @@ pledge_syscall(struct proc *p, int code, int *tval)
 }
 
 int
-pledge_fail(struct proc *p, int error, int code)
+pledge_fail(struct proc *p, int error, uint64_t code)
 {
 	char *codes = "";
 	int i;
diff --git a/sys/sys/ktrace.h b/sys/sys/ktrace.h
index f76ae3f487d..d492dde608f 100644
--- a/sys/sys/ktrace.h
+++ b/sys/sys/ktrace.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ktrace.h,v 1.26 2015/10/25 20:39:54 deraadt Exp $	*/
+/*	$OpenBSD: ktrace.h,v 1.27 2015/12/06 17:50:21 deraadt Exp $	*/
 /*	$NetBSD: ktrace.h,v 1.12 1996/02/04 02:12:29 christos Exp $	*/
 
 /*
@@ -171,8 +171,8 @@ struct ktr_user {
 #define	KTR_PLEDGE	12
 struct ktr_pledge {
 	int	error;
-	int	code;
 	int	syscall;
+	int64_t	code;
 };
 
 /*
@@ -217,7 +217,7 @@ void ktrsysret(struct proc *, register_t, int, const register_t [2]);
 void ktr_kuser(const char *, void *, size_t);
 int ktruser(struct proc *, const char *, const void *, size_t);
 void ktrexec(struct proc *, int, const char *, ssize_t);
-void ktrpledge(struct proc *, int, int, int);
+void ktrpledge(struct proc *, int, uint64_t, int);
 
 void ktrcleartrace(struct process *);
 void ktrsettrace(struct process *, int, struct vnode *, struct ucred *);
diff --git a/sys/sys/namei.h b/sys/sys/namei.h
index 1f93130f087..9b4c42e3654 100644
--- a/sys/sys/namei.h
+++ b/sys/sys/namei.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: namei.h,v 1.29 2015/11/02 16:31:55 semarie Exp $	*/
+/*	$OpenBSD: namei.h,v 1.30 2015/12/06 17:50:21 deraadt Exp $	*/
 /*	$NetBSD: namei.h,v 1.11 1996/02/09 18:25:20 christos Exp $	*/
 
 /*
@@ -62,7 +62,7 @@ struct nameidata {
      /* struct	ucred *ni_cred;		   credentials */
 	struct	vnode *ni_startdir;	/* starting directory */
 	struct	vnode *ni_rootdir;	/* logical root directory */
-	int	ni_pledge;		/* expected pledge for namei */
+	uint64_t ni_pledge;		/* expected pledge for namei */
 	/*
 	 * Results: returned from/manipulated by lookup
 	 */
diff --git a/sys/sys/pledge.h b/sys/sys/pledge.h
index 7a35841019e..f01dd90a65b 100644
--- a/sys/sys/pledge.h
+++ b/sys/sys/pledge.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pledge.h,v 1.23 2015/12/04 07:33:05 deraadt Exp $	*/
+/*	$OpenBSD: pledge.h,v 1.24 2015/12/06 17:50:21 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -22,47 +22,51 @@
 
 #include <sys/cdefs.h>
 
-#define PLEDGE_ALWAYS	0xffffffff
-#define PLEDGE_RPATH	0x00000001	/* allow open for read */
-#define PLEDGE_WPATH	0x00000002	/* allow open for write */
-#define PLEDGE_CPATH	0x00000004	/* allow creat, mkdir, path creations */
-#define PLEDGE_STDIO	0x00000008	/* operate on own pid */
-#define PLEDGE_TMPPATH	0x00000010	/* for mk*temp() */
-#define PLEDGE_DNS	0x00000020	/* DNS services */
-#define PLEDGE_INET	0x00000040	/* AF_INET/AF_INET6 sockets */
-#define PLEDGE_FLOCK	0x00000080	/* file locking */
-#define PLEDGE_UNIX	0x00000100	/* AF_UNIX sockets */
-#define PLEDGE_ID	0x00000200	/* allow setuid, setgid, etc */
-#define PLEDGE_IOCTL	0x00000400	/* Select ioctl */
-#define PLEDGE_GETPW	0x00000800	/* YP enables if ypbind.lock */
-#define PLEDGE_PROC	0x00001000	/* fork, waitpid, etc */
-#define PLEDGE_SETTIME	0x00002000	/* able to set/adj time/freq */
-#define PLEDGE_FATTR	0x00004000	/* allow explicit file st_* mods */
-#define PLEDGE_PROTEXEC	0x00008000	/* allow use of PROT_EXEC */
-#define PLEDGE_TTY	0x00010000	/* tty setting */
-#define PLEDGE_SENDFD	0x00020000	/* AF_UNIX CMSG fd sending */
-#define PLEDGE_RECVFD	0x00040000	/* AF_UNIX CMSG fd receiving */
-#define PLEDGE_EXEC	0x00080000	/* execve, child is free of pledge */
-#define PLEDGE_ROUTE	0x00100000	/* routing lookups */
-#define PLEDGE_MCAST	0x00200000	/* multicast joins */
-#define PLEDGE_VMINFO	0x00400000	/* vminfo listings */
-#define PLEDGE_PS	0x00800000	/* ps listings */
-#define PLEDGE_COREDUMP	0x01000000	/* generates coredump (default) */
-#define PLEDGE_DISKLABEL 0x02000000	/* disklabels */
-#define PLEDGE_PF	0x04000000	/* pf ioctls */
-#define PLEDGE_AUDIO	0x08000000	/* audio ioctls */
-#define PLEDGE_DPATH	0x10000000	/* mknod & mkfifo */
-
-/* Following flags are set by kernel, as it learns things.
- * Not user settable. Should be moved to a seperate variable */
+/*
+ * pledge(2) requests
+ */
+#define PLEDGE_ALWAYS	0xffffffffffffffffULL
+#define PLEDGE_RPATH	0x0000000000000001ULL	/* allow open for read */
+#define PLEDGE_WPATH	0x0000000000000002ULL	/* allow open for write */
+#define PLEDGE_CPATH	0x0000000000000004ULL	/* allow creat, mkdir, unlink etc */
+#define PLEDGE_STDIO	0x0000000000000008ULL	/* operate on own pid */
+#define PLEDGE_TMPPATH	0x0000000000000010ULL	/* for mk*temp() */
+#define PLEDGE_DNS	0x0000000000000020ULL	/* DNS services */
+#define PLEDGE_INET	0x0000000000000040ULL	/* AF_INET/AF_INET6 sockets */
+#define PLEDGE_FLOCK	0x0000000000000080ULL	/* file locking */
+#define PLEDGE_UNIX	0x0000000000000100ULL	/* AF_UNIX sockets */
+#define PLEDGE_ID	0x0000000000000200ULL	/* allow setuid, setgid, etc */
+#define PLEDGE_IOCTL	0x0000000000000400ULL	/* Select ioctl */
+#define PLEDGE_GETPW	0x0000000000000800ULL	/* YP enables if ypbind.lock */
+#define PLEDGE_PROC	0x0000000000001000ULL	/* fork, waitpid, etc */
+#define PLEDGE_SETTIME	0x0000000000002000ULL	/* able to set/adj time/freq */
+#define PLEDGE_FATTR	0x0000000000004000ULL	/* allow explicit file st_* mods */
+#define PLEDGE_PROTEXEC	0x0000000000008000ULL	/* allow use of PROT_EXEC */
+#define PLEDGE_TTY	0x0000000000010000ULL	/* tty setting */
+#define PLEDGE_SENDFD	0x0000000000020000ULL	/* AF_UNIX CMSG fd sending */
+#define PLEDGE_RECVFD	0x0000000000040000ULL	/* AF_UNIX CMSG fd receiving */
+#define PLEDGE_EXEC	0x0000000000080000ULL	/* execve, child is free of pledge */
+#define PLEDGE_ROUTE	0x0000000000100000ULL	/* routing lookups */
+#define PLEDGE_MCAST	0x0000000000200000ULL	/* multicast joins */
+#define PLEDGE_VMINFO	0x0000000000400000ULL	/* vminfo listings */
+#define PLEDGE_PS	0x0000000000800000ULL	/* ps listings */
+#define PLEDGE_COREDUMP	0x0000000001000000ULL	/* generates coredump (default) */
+#define PLEDGE_DISKLABEL 0x0000000002000000ULL	/* disklabels */
+#define PLEDGE_PF	0x0000000004000000ULL	/* pf ioctls */
+#define PLEDGE_AUDIO	0x0000000008000000ULL	/* audio ioctls */
+#define PLEDGE_DPATH	0x0000000010000000ULL	/* mknod & mkfifo */
 
-#define PLEDGE_STATLIE	0x40000000
-#define PLEDGE_YPACTIVE	0x80000000	/* YP use detected and allowed */
-#define PLEDGE_USERSET	0x3fffffff
+/*
+ * Bits outside PLEDGE_USERSET are used by the kernel itself
+ * to track program behaviours which have been observed.
+ */
+#define PLEDGE_USERSET	0x0fffffffffffffffULL
+#define PLEDGE_STATLIE	0x4000000000000000ULL
+#define PLEDGE_YPACTIVE	0x8000000000000000ULL	/* YP use detected and allowed */
 
 #ifdef PLEDGENAMES
 static struct {
-	u_int32_t	bits;
+	uint64_t	bits;
 	char		*name;
 } pledgenames[] = {
 	{ PLEDGE_RPATH,		"rpath" },
@@ -101,7 +105,7 @@ static struct {
 #ifdef _KERNEL
 
 int	pledge_syscall(struct proc *, int, int *);
-int	pledge_fail(struct proc *, int, int);
+int	pledge_fail(struct proc *, int, uint64_t);
 
 struct mbuf;
 struct nameidata;
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index a6c31faf824..90fdc94b827 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: proc.h,v 1.212 2015/11/03 16:14:14 deraadt Exp $	*/
+/*	$OpenBSD: proc.h,v 1.213 2015/12/06 17:50:21 deraadt Exp $	*/
 /*	$NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $	*/
 
 /*-
@@ -212,7 +212,7 @@ struct process {
 
 	u_short	ps_acflag;		/* Accounting flags. */
 
-	u_int	ps_pledge;
+	uint64_t ps_pledge;
 	struct whitepaths *ps_pledgepaths;
 
 	int64_t ps_kbind_cookie;
-- 
cgit v1.2.3