artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5c5d783) | patch
Restrict pledge("vminfo") callers to read-only swapctl(2) operations.
authorjca <jca@openbsd.org>
Mon, 18 Jul 2022 18:02:27 +0000 (18:02 +0000)
committerjca <jca@openbsd.org>
Mon, 18 Jul 2022 18:02:27 +0000 (18:02 +0000)
commit09de7c43c1cd632319c49d7501ab65d628fbcc01
tree39baed162148d9c68bbf4c34386fe0e840e71223tree | snapshot
parent5c5d783283c9458e365e37184bd964f0ac3ed5aacommit | diff
Restrict pledge("vminfo") callers to read-only swapctl(2) operations.

Those are the read-only operations allowed for non-root users:
SWAP_NSWAP and SWAP_STATS.  Users of pledge("vminfo") in base which also
call swapctl(2) with said commands: top(1) and pstat(8).

No regression spotted with top(1) and pstat(8) -s/-T.

ok deraadt@
sys/kern/kern_pledge.c diff | blob | history
sys/sys/pledge.h diff | blob | history
sys/uvm/uvm_swap.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim