Allow kill(self, sig) in pledge SELF also. the stack protector, abort(),

and readpassphrase() in particular use this.
ok millert tedu semarie

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index ed5fbf7..ef2314a 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.5 2015/10/09 17:18:20 deraadt Exp $ */
+/*     $OpenBSD: kern_pledge.c,v 1.6 2015/10/09 23:55:03 deraadt Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -136,7 +136,7 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = {
 
        [SYS_fork] = PLEDGE_PROC,
        [SYS_vfork] = PLEDGE_PROC,
-       [SYS_kill] = PLEDGE_PROC,
+       [SYS_kill] = PLEDGE_SELF | PLEDGE_PROC, 
        [SYS_setpgid] = PLEDGE_PROC,
        [SYS_sigsuspend] = PLEDGE_PROC,
        [SYS_setrlimit] = PLEDGE_PROC,

diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 87a85a1..e4a1702 100644 (file)
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_sig.c,v 1.184 2015/10/09 01:10:27 deraadt Exp $  */
+/*     $OpenBSD: kern_sig.c,v 1.185 2015/10/09 23:55:03 deraadt Exp $  */
 /*     $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $   */
 
 /*
@@ -62,6 +62,7 @@
 #include <sys/sched.h>
 #include <sys/user.h>
 #include <sys/syslog.h>
+#include <sys/pledge.h>
 
 #include <sys/mount.h>
 #include <sys/syscallargs.h>
@@ -569,6 +570,14 @@ sys_kill(struct proc *cp, void *v, register_t *retval)
        int pid = SCARG(uap, pid);
        int signum = SCARG(uap, signum);
 
+       if (cp->p_p->ps_flags & PS_PLEDGE) {
+               /* PLEDGE_PROC is required to signal another pid */
+               if ((cp->p_p->ps_pledge & PLEDGE_PROC) || pid == cp->p_pid)
+                       ;
+               else
+                       return pledge_fail(cp, EPERM, PLEDGE_SELF);
+       }
+
        if (((u_int)signum) >= NSIG)
                return (EINVAL);
        if (pid > 0) {