Add pledge "id" support. This request permits setuid/seteuid/setresuid,

setgid/setegid/setresgid, setgroups, setlogin, and setpriority.

setrlimit and getpriority are also allowed (they are also in "proc")

some of these were previously permitted in "proc" but have been removed.
this seperation is intentional.  "proc" is intended for reasoning about
the relationship of a process "with other processes", whereas "id" deals
the powerful/dangerous concept of unix ids.  "id" will see some action
very soon.

ok gilles tedu semarie doug

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 1a5bdd1..8e054ab 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.41 2015/10/17 00:58:50 jca Exp $    */
+/*     $OpenBSD: kern_pledge.c,v 1.42 2015/10/17 04:31:10 deraadt Exp $        */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -147,16 +147,24 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = {
 
        [SYS_fork] = PLEDGE_PROC,
        [SYS_vfork] = PLEDGE_PROC,
-       [SYS_kill] = PLEDGE_SELF | PLEDGE_PROC, 
        [SYS_setpgid] = PLEDGE_PROC,
        [SYS_setsid] = PLEDGE_PROC,
-       [SYS_setrlimit] = PLEDGE_PROC,
+       [SYS_kill] = PLEDGE_SELF | PLEDGE_PROC, 
 
-       [SYS_execve] = PLEDGE_EXEC,
+       [SYS_setrlimit] = PLEDGE_PROC | PLEDGE_ID,
+       [SYS_getpriority] = PLEDGE_PROC | PLEDGE_ID,
 
-       [SYS_setgroups] = PLEDGE_PROC,
-       [SYS_setresgid] = PLEDGE_PROC,
-       [SYS_setresuid] = PLEDGE_PROC,
+       [SYS_setuid] = PLEDGE_ID,
+       [SYS_seteuid] = PLEDGE_ID,
+       [SYS_setresuid] = PLEDGE_ID,
+       [SYS_setgid] = PLEDGE_ID,
+       [SYS_setegid] = PLEDGE_ID,
+       [SYS_setresgid] = PLEDGE_ID,
+       [SYS_setgroups] = PLEDGE_ID,
+       [SYS_setlogin] = PLEDGE_ID,
+       [SYS_setpriority] = PLEDGE_ID,
+
+       [SYS_execve] = PLEDGE_EXEC,
 
        /* FIONREAD/FIONBIO, plus further checks in pledge_ioctl_check() */
        [SYS_ioctl] = PLEDGE_RW | PLEDGE_IOCTL | PLEDGE_TTY,
@@ -249,6 +257,7 @@ static const struct {
        { "sendfd",             PLEDGE_RW | PLEDGE_SENDFD },
        { "recvfd",             PLEDGE_RW | PLEDGE_RECVFD },
        { "ioctl",              PLEDGE_IOCTL },
+       { "id",                 PLEDGE_ID },
        { "route",              PLEDGE_ROUTE },
        { "mcast",              PLEDGE_MCAST },
        { "tty",                PLEDGE_TTY },

diff --git a/sys/sys/pledge.h b/sys/sys/pledge.h
index 3d7fa02..e7b78b7 100644 (file)
--- a/sys/sys/pledge.h
+++ b/sys/sys/pledge.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pledge.h,v 1.4 2015/10/16 14:04:11 semarie Exp $      */
+/*     $OpenBSD: pledge.h,v 1.5 2015/10/17 04:31:07 deraadt Exp $      */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -33,7 +33,7 @@
 #define PLEDGE_TMPPATH 0x00000040      /* for mk*temp() */
 #define PLEDGE_INET    0x00000080      /* AF_INET/AF_INET6 sockets */
 #define PLEDGE_UNIX    0x00000100      /* AF_UNIX sockets */
-// reuse, old CMSG     0x00000200
+#define PLEDGE_ID      0x00000200      /* allow setuid, setgid, etc */
 #define PLEDGE_IOCTL   0x00000400      /* Select ioctl */
 #define PLEDGE_GETPW   0x00000800      /* YP enables if ypbind.lock */
 #define PLEDGE_PROC    0x00001000      /* fork, waitpid, etc */