-/* $OpenBSD: kern_pledge.c,v 1.289 2022/07/18 17:45:46 deraadt Exp $ */
+/* $OpenBSD: kern_pledge.c,v 1.290 2022/07/18 18:02:27 jca Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
#include <sys/syslog.h>
#include <sys/ktrace.h>
#include <sys/acct.h>
+#include <sys/swap.h>
#include <sys/ioctl.h>
#include <sys/termios.h>
[SYS_ypconnect] = PLEDGE_GETPW,
- [SYS_swapctl] = PLEDGE_VMINFO, /* XXX should limit to "get" operations */
+ [SYS_swapctl] = PLEDGE_VMINFO,
};
static const struct {
}
int
-pledge_swapctl(struct proc *p)
+pledge_swapctl(struct proc *p, int cmd)
{
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
- return (EPERM);
+
+ if (p->p_p->ps_pledge & PLEDGE_VMINFO) {
+ switch (cmd) {
+ case SWAP_NSWAP:
+ case SWAP_STATS:
+ return (0);
+ }
+ }
+
+ return pledge_fail(p, EPERM, PLEDGE_VMINFO);
}
/* bsearch over pledgereq. return flags value if found, 0 else */
-/* $OpenBSD: pledge.h,v 1.45 2022/07/18 17:45:46 deraadt Exp $ */
+/* $OpenBSD: pledge.h,v 1.46 2022/07/18 18:02:27 jca Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
int pledge_ioctl_vmm(struct proc *p, long com);
int pledge_flock(struct proc *p);
int pledge_fcntl(struct proc *p, int cmd);
-int pledge_swapctl(struct proc *p);
+int pledge_swapctl(struct proc *p, int cmd);
int pledge_kill(struct proc *p, pid_t pid);
int pledge_protexec(struct proc *p, int prot);
void ppath_destroy(struct process *ps);
-/* $OpenBSD: uvm_swap.c,v 1.160 2022/07/11 11:29:11 mpi Exp $ */
+/* $OpenBSD: uvm_swap.c,v 1.161 2022/07/18 18:02:27 jca Exp $ */
/* $NetBSD: uvm_swap.c,v 1.40 2000/11/17 11:39:39 mrg Exp $ */
/*
misc = SCARG(uap, misc);
+ if ((error = pledge_swapctl(p, SCARG(uap, cmd))))
+ return error;
+
/*
* ensure serialized syscall access by grabbing the swap_syscall_lock
*/
}
/* all other requests require superuser privs. verify. */
- if ((error = suser(p)) || (error = pledge_swapctl(p)))
+ if ((error = suser(p)))
goto out;
/*
projects / openbsd / commitdiff