From 92d83454194f6e8bf6a66e14c5926ee8ce711e32 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sat, 17 Oct 2015 04:31:07 +0000 Subject: [PATCH] Add pledge "id" support. This request permits setuid/seteuid/setresuid, setgid/setegid/setresgid, setgroups, setlogin, and setpriority. setrlimit and getpriority are also allowed (they are also in "proc") some of these were previously permitted in "proc" but have been removed. this seperation is intentional. "proc" is intended for reasoning about the relationship of a process "with other processes", whereas "id" deals the powerful/dangerous concept of unix ids. "id" will see some action very soon. ok gilles tedu semarie doug --- sys/kern/kern_pledge.c | 23 ++++++++++++++++------- sys/sys/pledge.h | 4 ++-- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 1a5bdd192a6..8e054abd04b 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.41 2015/10/17 00:58:50 jca Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.42 2015/10/17 04:31:10 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -147,16 +147,24 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = { [SYS_fork] = PLEDGE_PROC, [SYS_vfork] = PLEDGE_PROC, - [SYS_kill] = PLEDGE_SELF | PLEDGE_PROC, [SYS_setpgid] = PLEDGE_PROC, [SYS_setsid] = PLEDGE_PROC, - [SYS_setrlimit] = PLEDGE_PROC, + [SYS_kill] = PLEDGE_SELF | PLEDGE_PROC, - [SYS_execve] = PLEDGE_EXEC, + [SYS_setrlimit] = PLEDGE_PROC | PLEDGE_ID, + [SYS_getpriority] = PLEDGE_PROC | PLEDGE_ID, - [SYS_setgroups] = PLEDGE_PROC, - [SYS_setresgid] = PLEDGE_PROC, - [SYS_setresuid] = PLEDGE_PROC, + [SYS_setuid] = PLEDGE_ID, + [SYS_seteuid] = PLEDGE_ID, + [SYS_setresuid] = PLEDGE_ID, + [SYS_setgid] = PLEDGE_ID, + [SYS_setegid] = PLEDGE_ID, + [SYS_setresgid] = PLEDGE_ID, + [SYS_setgroups] = PLEDGE_ID, + [SYS_setlogin] = PLEDGE_ID, + [SYS_setpriority] = PLEDGE_ID, + + [SYS_execve] = PLEDGE_EXEC, /* FIONREAD/FIONBIO, plus further checks in pledge_ioctl_check() */ [SYS_ioctl] = PLEDGE_RW | PLEDGE_IOCTL | PLEDGE_TTY, @@ -249,6 +257,7 @@ static const struct { { "sendfd", PLEDGE_RW | PLEDGE_SENDFD }, { "recvfd", PLEDGE_RW | PLEDGE_RECVFD }, { "ioctl", PLEDGE_IOCTL }, + { "id", PLEDGE_ID }, { "route", PLEDGE_ROUTE }, { "mcast", PLEDGE_MCAST }, { "tty", PLEDGE_TTY }, diff --git a/sys/sys/pledge.h b/sys/sys/pledge.h index 3d7fa02cf22..e7b78b7acd0 100644 --- a/sys/sys/pledge.h +++ b/sys/sys/pledge.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pledge.h,v 1.4 2015/10/16 14:04:11 semarie Exp $ */ +/* $OpenBSD: pledge.h,v 1.5 2015/10/17 04:31:07 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -33,7 +33,7 @@ #define PLEDGE_TMPPATH 0x00000040 /* for mk*temp() */ #define PLEDGE_INET 0x00000080 /* AF_INET/AF_INET6 sockets */ #define PLEDGE_UNIX 0x00000100 /* AF_UNIX sockets */ -// reuse, old CMSG 0x00000200 +#define PLEDGE_ID 0x00000200 /* allow setuid, setgid, etc */ #define PLEDGE_IOCTL 0x00000400 /* Select ioctl */ #define PLEDGE_GETPW 0x00000800 /* YP enables if ypbind.lock */ #define PLEDGE_PROC 0x00001000 /* fork, waitpid, etc */ -- 2.20.1