From 52c1fc97f7c1ade9cf0ebc1b5a041fed194d6e10 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Tue, 12 Dec 2017 01:12:35 +0000 Subject: pledge()'s 2nd argument becomes char *execpromises, which becomes the pledge for a new execve image immediately upon start. Also introduces "error" which makes violations return -1 ENOSYS instead of killing the program ("error" may not be handed to a setuid/setgid program, which may be missing/ignoring syscall return values and would continue with inconsistant state) Discussion with many florian has used this to improve the strictness of a daemon --- usr.bin/kdump/ktrstruct.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/kdump/ktrstruct.c b/usr.bin/kdump/ktrstruct.c index d446b68a89f..0b3f06ae8eb 100644 --- a/usr.bin/kdump/ktrstruct.c +++ b/usr.bin/kdump/ktrstruct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ktrstruct.c,v 1.23 2016/10/08 02:16:43 guenther Exp $ */ +/* $OpenBSD: ktrstruct.c,v 1.24 2017/12/12 01:12:34 deraadt Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -647,12 +647,12 @@ ktrstruct(char *buf, size_t buflen) ktrcmsghdr(cmsg, datalen); free(cmsg); } else if (strcmp(name, "pledgereq") == 0) { - printf("pledge request="); - showbufc(basecol + sizeof("pledge request=") - 1, + printf("promise="); + showbufc(basecol + sizeof("promise=") - 1, (unsigned char *)data, datalen, VIS_DQ | VIS_TAB | VIS_NL); - } else if (strcmp(name, "pledgepath") == 0) { - printf("pledge path="); - showbufc(basecol + sizeof("pledge path=") - 1, + } else if (strcmp(name, "pledgeexecreq") == 0) { + printf("execpromise="); + showbufc(basecol + sizeof("execpromise=") - 1, (unsigned char *)data, datalen, VIS_DQ | VIS_TAB | VIS_NL); } else { printf("unknown structure %s\n", name); -- cgit v1.2.3