When terminating via pledge_fail() stop all threads, before issuing a
authorderaadt <deraadt@openbsd.org>
Fri, 30 Apr 2021 02:06:22 +0000 (02:06 +0000)
committerderaadt <deraadt@openbsd.org>
Fri, 30 Apr 2021 02:06:22 +0000 (02:06 +0000)
(delayed action) sigabort() and disabling all syscalls for this process
(ie. all threads).  This resulted in multiple-threads crashing over top
of themselves, and a poor debugging experience.  We keep using sigabort()
rather than sigexit(), to keep the debugging process good.
Diagnosed from a report from brynet, and followup discussion with many.

sys/kern/kern_pledge.c

index daa7892..430307f 100644 (file)
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.271 2021/03/25 21:27:45 abieber Exp $       */
+/*     $OpenBSD: kern_pledge.c,v 1.272 2021/04/30 02:06:22 deraadt Exp $       */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -548,6 +548,10 @@ pledge_fail(struct proc *p, int error, uint64_t code)
            p->p_p->ps_comm, p->p_p->ps_pid, codes, p->p_pledge_syscall);
        p->p_p->ps_acflag |= APLEDGE;
 
+       /* Stop threads immediately, because this process is suspect */
+       if (P_HASSIBLING(p))
+               single_thread_set(p, SINGLE_SUSPEND, 1);
+
        /* Send uncatchable SIGABRT for coredump */
        sigabort(p);