From 144b3efa58c940d89ee2a0ec145dadd54adaf552 Mon Sep 17 00:00:00 2001 From: guenther Date: Fri, 19 May 2023 01:12:23 +0000 Subject: [PATCH] Since waitid(2) shares code with wait4(2) and doesn't expose any non-trivial new information or code-paths over wait4(), include it in pledge("stdio") discussed with deraadt@ --- lib/libc/sys/pledge.2 | 5 +++-- sys/kern/kern_pledge.c | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/libc/sys/pledge.2 b/lib/libc/sys/pledge.2 index 1b6ec00a332..678396c5c25 100644 --- a/lib/libc/sys/pledge.2 +++ b/lib/libc/sys/pledge.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pledge.2,v 1.64 2022/07/17 03:12:55 deraadt Exp $ +.\" $OpenBSD: pledge.2,v 1.65 2023/05/19 01:12:23 guenther Exp $ .\" .\" Copyright (c) 2015 Nicholas Marriott .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 17 2022 $ +.Dd $Mdocdate: May 19 2023 $ .Dt PLEDGE 2 .Os .Sh NAME @@ -227,6 +227,7 @@ As a result, all the expected functionalities of libc stdio work. .Xr socketpair 2 , .Xr umask 2 , .Xr wait4 2 , +.Xr waitid 2 , .Xr write 2 , .Xr writev 2 .It Cm rpath diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 5429af4f854..15a0ae32ab8 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.304 2023/02/19 18:46:46 anton Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.305 2023/05/19 01:12:23 guenther Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -231,6 +231,7 @@ const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = { [SYS_socketpair] = PLEDGE_STDIO, [SYS_wait4] = PLEDGE_STDIO, + [SYS_waitid] = PLEDGE_STDIO, /* * Can kill self with "stdio". Killing another pid -- 2.20.1