From e26cf61db680d14ca7ad060cbfa85e8db8be3bf7 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Tue, 6 Oct 2015 17:05:30 +0000
Subject: [PATCH] When "proc" is requested, allow setpgid() and sigsuspend().
 Also the combination of "proc tty" needs to permit TIOCSPGRP.

This is the start at minimum semantics required by processes which
work on process groups, sessions, ttys.
---
 sys/kern/kern_tame.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c
index 73f83a5c9fa..1d6b17363e1 100644
--- a/sys/kern/kern_tame.c
+++ b/sys/kern/kern_tame.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_tame.c,v 1.62 2015/10/06 15:21:26 deraadt Exp $	*/
+/*	$OpenBSD: kern_tame.c,v 1.63 2015/10/06 17:05:30 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -136,6 +136,8 @@ const u_int tame_syscalls[SYS_MAXSYSCALL] = {
 	[SYS_fork] = TAME_PROC,
 	[SYS_vfork] = TAME_PROC,
 	[SYS_kill] = TAME_PROC,
+	[SYS_setpgid] = TAME_PROC,
+	[SYS_sigsuspend] = TAME_PROC,
 
 	[SYS_setgroups] = TAME_PROC,
 	[SYS_setresgid] = TAME_PROC,
@@ -1024,6 +1026,10 @@ tame_ioctl_check(struct proc *p, long com, void *v)
 
 	if ((p->p_p->ps_tame & TAME_TTY)) {
 		switch (com) {
+		case TIOCSPGRP:
+			if ((p->p_p->ps_tame & TAME_PROC) == 0)
+				break;
+			/* FALTHROUGH */
 		case TIOCGETA:
 		case TIOCGPGRP:
 		case TIOCGWINSZ:	/* various programs */
-- 
2.20.1