From: deraadt <deraadt@openbsd.org>
Date: Tue, 6 Oct 2015 17:05:30 +0000 (+0000)
Subject: When "proc" is requested, allow setpgid() and sigsuspend().
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e26cf61db680d14ca7ad060cbfa85e8db8be3bf7;p=openbsd

When "proc" is requested, allow setpgid() and sigsuspend().
Also the combination of "proc tty" needs to permit TIOCSPGRP.

This is the start at minimum semantics required by processes which
work on process groups, sessions, ttys.
---

diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c
index 73f83a5c9fa..1d6b17363e1 100644
--- a/sys/kern/kern_tame.c
+++ b/sys/kern/kern_tame.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_tame.c,v 1.62 2015/10/06 15:21:26 deraadt Exp $	*/
+/*	$OpenBSD: kern_tame.c,v 1.63 2015/10/06 17:05:30 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -136,6 +136,8 @@ const u_int tame_syscalls[SYS_MAXSYSCALL] = {
 	[SYS_fork] = TAME_PROC,
 	[SYS_vfork] = TAME_PROC,
 	[SYS_kill] = TAME_PROC,
+	[SYS_setpgid] = TAME_PROC,
+	[SYS_sigsuspend] = TAME_PROC,
 
 	[SYS_setgroups] = TAME_PROC,
 	[SYS_setresgid] = TAME_PROC,
@@ -1024,6 +1026,10 @@ tame_ioctl_check(struct proc *p, long com, void *v)
 
 	if ((p->p_p->ps_tame & TAME_TTY)) {
 		switch (com) {
+		case TIOCSPGRP:
+			if ((p->p_p->ps_tame & TAME_PROC) == 0)
+				break;
+			/* FALTHROUGH */
 		case TIOCGETA:
 		case TIOCGPGRP:
 		case TIOCGWINSZ:	/* various programs */