playground

Sandbox, container or whatever utilities for linux.
git clone https://pi.duncano.de/git/playground.git
Log | Files | Refs | README

commit b236c574fed5306e518d95cbb1c8857435022fef
parent 286e0129b92fbbb3c5e906432ebd41716e2ac011
Author: Duncaen <mail@duncano.de>
Date:   Sun, 19 Feb 2017 14:42:20 +0100

libplede: style and structure changes

Diffstat:
Makefile | 6+++++-
libpledge.c | 417+++++++++++++++----------------------------------------------------------------
pledge.c | 1+
pledge.h | 2--
4 files changed, 81 insertions(+), 345 deletions(-)

diff --git a/Makefile b/Makefile @@ -1,5 +1,6 @@ .error : This Makefile needs GNU make -CFLAGS+=-g -O2 -Wall -pedantic -Wall -Wextra -fstack-protector-strong -D_FORTIFY_SOURCE=2 +CFLAGS+=-std=c99 -g -O2 -Wall -pedantic -Wall -Wextra -fstack-protector-strong +CPPFLAGS+=-D_DEFAULT_SOURCE -D_FORTIFY_SOURCE=2 DESTDIR= PREFIX=/usr/local @@ -18,6 +19,9 @@ $(PROGS) : % : %.o $(LIBS:=.a) : %.a : %.o $(LIBS:=.so) : %.so : %.o +libpledge.o : pledge_syscalls.h +libpledge.o pledge.o : pledge.h + pledge: libpledge.a # newns: libnewns.a diff --git a/libpledge.c b/libpledge.c @@ -4,7 +4,6 @@ #include <stddef.h> #include <stdint.h> #include <errno.h> -#define _GNU_SOURCE /* for F_SETOWN */ #include <unistd.h> #include <fcntl.h> #include <endian.h> @@ -21,6 +20,7 @@ #include <linux/audit.h> #include "pledge.h" +#include "pledge_syscalls.h" #ifndef nitems #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) @@ -53,6 +53,15 @@ # error "Unknown endianness" #endif +/* +union arg64 { + struct edi { + __u32 ENDIAN(lo, hi); + } u32; + __u64 u64; +}; +*/ + union arg64 { struct { __u32 ENDIAN(lo32, hi32); @@ -60,40 +69,57 @@ union arg64 { __u64 u64; }; -#define _LOAD_SYSCALL_NR \ - *fp++ = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _OFFSET_NR); - -#define _LOAD_ARCH \ - *fp++ = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _OFFSET_ARCH) - -#define _ARG32(idx) \ - *fp++ = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _LO_ARG(idx)) - -#define _ARG64(idx) \ - *fp++ = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _LO_ARG(idx)), \ - *fp++ = (struct sock_filter)BPF_STMT(BPF_ST, 0), \ - *fp++ = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _HI_ARG(idx)), \ - *fp++ = (struct sock_filter)BPF_STMT(BPF_ST, 1) - -#define _JUMP_EQ(val, jt, jf) \ - *fp = (struct sock_filter)BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (val), (jt), (jf));\ - fp++ - -#define _JUMP_EQ64(val, jt, jf) \ - *fp = (struct sock_filter)BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ - ((union arg64){.u64 = (val)}).hi32, 0, (jf)), \ - fp++, \ - *fp++ = (struct sock_filter)BPF_STMT(BPF_LD+BPF_MEM, 0), \ - *fp = (struct sock_filter)BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ - ((union arg64){.u64 = (val)}).lo32, (jt), (jf)),\ - fp++ - -#define _JUMP(jmp) \ - *fp = (struct sock_filter)BPF_JUMP(BPF_JMP+BPF_JA, (jmp), 0xFF, 0xFF),\ - fp++ - -#define _RET(x) \ - *fp++ = (struct sock_filter)BPF_STMT(BPF_RET+BPF_K, (x)) +#define _LOAD_SYSCALL_NR do { \ + *fp = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _OFFSET_NR); \ + fp++; \ +} while (0) + +#define _LOAD_ARCH do { \ + *fp = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _OFFSET_ARCH); \ + fp++; \ + } while (0) + +#define _ARG32(idx) do { \ + *fp = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _LO_ARG(idx)); \ + fp++; \ + } while (0) + +#define _ARG64(idx) do { \ + *fp = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _LO_ARG(idx)); \ + fp++; \ + *fp = (struct sock_filter)BPF_STMT(BPF_ST, 0); \ + fp++; \ + *fp = (struct sock_filter)BPF_STMT(BPF_LD+BPF_W+BPF_ABS, _HI_ARG(idx)); \ + fp++; \ + *fp = (struct sock_filter)BPF_STMT(BPF_ST, 1); \ + fp++; \ + } while (0) + +#define _JUMP_EQ(v, t, f) do { \ + *fp = (struct sock_filter)BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (v), (t), (f)); \ + fp++; \ + } while (0) + +#define _JUMP_EQ64(val, jt, jf) do { \ + *fp = (struct sock_filter)BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ + ((union arg64){.u64 = (val)}).hi32, 0, (jf)); \ + fp++; \ + *fp = (struct sock_filter)BPF_STMT(BPF_LD+BPF_MEM, 0); \ + fp++; \ + *fp = (struct sock_filter)BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ + ((union arg64){.u64 = (val)}).lo32, (jt), (jf)); \ + fp++; \ + } while (0) + +#define _JUMP(j) do { \ + *fp = (struct sock_filter)BPF_JUMP(BPF_JMP+BPF_JA, (j), 0xFF, 0xFF), \ + fp++; \ + } while (0) + +#define _RET(v) do { \ + *fp = (struct sock_filter)BPF_STMT(BPF_RET+BPF_K, (v)); \ + fp++; \ + } while (0) #define _END \ len-1-(fp-fprog->filter)-1 @@ -131,296 +157,6 @@ static const struct promise strpromises[] = { { 0, 0 }, }; -const uint64_t pledge_syscalls[] = { - /**/ - [SYS_exit] = PLEDGE_ALWAYS, - [SYS_exit_group] = PLEDGE_ALWAYS, - [SYS_seccomp] = PLEDGE_ALWAYS, - [SYS_prctl] = PLEDGE_ALWAYS | PLEDGE_PROC, - - [SYS_getuid] = PLEDGE_STDIO, - [SYS_geteuid] = PLEDGE_STDIO, - [SYS_getresuid] = PLEDGE_STDIO, - [SYS_getgid] = PLEDGE_STDIO, - [SYS_getegid] = PLEDGE_STDIO, - [SYS_getresgid] = PLEDGE_STDIO, - [SYS_getgroups] = PLEDGE_STDIO, - [SYS_getpgrp] = PLEDGE_STDIO, - [SYS_getpgid] = PLEDGE_STDIO, - [SYS_getppid] = PLEDGE_STDIO, - [SYS_getsid] = PLEDGE_STDIO, - [SYS_getrlimit] = PLEDGE_STDIO, - [SYS_gettimeofday] = PLEDGE_STDIO, - [SYS_getrusage] = PLEDGE_STDIO, - [SYS_clock_getres] = PLEDGE_STDIO, - [SYS_clock_gettime] = PLEDGE_STDIO, - [SYS_clock_nanosleep] = PLEDGE_STDIO, - [SYS_getpid] = PLEDGE_STDIO, - [SYS_uname] = PLEDGE_STDIO, - [SYS_sysinfo] = PLEDGE_STDIO, - [SYS_madvise] = PLEDGE_STDIO, -#if defined(SYS_fadvise64) && SYS_fadvise64 != SYS_fadvise - [SYS_fadvise64] = PLEDGE_STDIO, -#endif - [SYS_mmap] = PLEDGE_STDIO, -#if defined(SYS_mmap2) - [SYS_mmap2] = PLEDGE_STDIO, -#endif - [SYS_mprotect] = PLEDGE_STDIO, - [SYS_munmap] = PLEDGE_STDIO, - [SYS_msync] = PLEDGE_STDIO, - [SYS_brk] = PLEDGE_STDIO, - [SYS_umask] = PLEDGE_STDIO, - [SYS_read] = PLEDGE_STDIO, -#if defined(SYS_read64) && SYS_read64 != SYS_read - [SYS_read64] = PLEDGE_STDIO, -#endif - [SYS_readv] = PLEDGE_STDIO, -#if defined(SYS_pread64) && SYS_pread64 != SYS_pread - [SYS_pread64] = PLEDGE_STDIO, -#endif - [SYS_preadv] = PLEDGE_STDIO, - [SYS_write] = PLEDGE_STDIO, -#if defined(SYS_write64) && SYS_write64 != SYS_write - [SYS_write64] = PLEDGE_STDIO, -#endif -#if defined(SYS_pwrite64) && SYS_pwrite64 != SYS_pwrite - [SYS_pwrite64] = PLEDGE_STDIO, -#endif - [SYS_writev] = PLEDGE_STDIO, - [SYS_pwritev] = PLEDGE_STDIO, - [SYS_recvmsg] = PLEDGE_STDIO, - [SYS_recvfrom] = PLEDGE_STDIO, - [SYS_ftruncate] = PLEDGE_STDIO, - [SYS_futex] = PLEDGE_STDIO, - [SYS_lseek] = PLEDGE_STDIO, - [SYS_sendto] = PLEDGE_STDIO, - [SYS_sendmsg] = PLEDGE_STDIO, - [SYS_nanosleep] = PLEDGE_STDIO, - [SYS_sigaltstack] = PLEDGE_STDIO, - [SYS_rt_sigprocmask] = PLEDGE_STDIO, - [SYS_rt_sigsuspend] = PLEDGE_STDIO, - [SYS_rt_sigaction] = PLEDGE_STDIO, - [SYS_rt_sigreturn] = PLEDGE_STDIO, - [SYS_rt_sigpending] = PLEDGE_STDIO, -#ifdef SYS_sigreturn - [SYS_sigreturn] -#endif - [SYS_getitimer] = PLEDGE_STDIO, - [SYS_setitimer] = PLEDGE_STDIO, - [SYS_alarm] = PLEDGE_STDIO, - [SYS_pause] = PLEDGE_STDIO, - [SYS_time] = PLEDGE_STDIO, - - /* events,poll */ -#ifdef SYS__newselect - [SYS__newselect] = PLEDGE_STDIO, -#endif - [SYS_epoll_create1] = PLEDGE_STDIO, - [SYS_epoll_create] = PLEDGE_STDIO, - [SYS_epoll_ctl] = PLEDGE_STDIO, - [SYS_epoll_ctl_old] = PLEDGE_STDIO, - [SYS_epoll_pwait] = PLEDGE_STDIO, - [SYS_epoll_wait] = PLEDGE_STDIO, - [SYS_epoll_wait_old] = PLEDGE_STDIO, - [SYS_eventfd2] = PLEDGE_STDIO, - [SYS_eventfd] = PLEDGE_STDIO, - [SYS_poll] = PLEDGE_STDIO, - [SYS_ppoll] = PLEDGE_STDIO, - [SYS_pselect6] = PLEDGE_STDIO, - [SYS_select] = PLEDGE_STDIO, - - [SYS_fstat] = PLEDGE_STDIO, - [SYS_fsync] = PLEDGE_STDIO, - [SYS_setsockopt] = PLEDGE_STDIO, - [SYS_getsockopt] = PLEDGE_STDIO, - [SYS_fcntl] = PLEDGE_STDIO, - [SYS_close] = PLEDGE_STDIO, - [SYS_tee] = PLEDGE_STDIO, - [SYS_splice] = PLEDGE_STDIO, - [SYS_dup] = PLEDGE_STDIO, - [SYS_dup2] = PLEDGE_STDIO, - [SYS_dup3] = PLEDGE_STDIO, - [SYS_shutdown] = PLEDGE_STDIO, - [SYS_fchdir] = PLEDGE_STDIO, - [SYS_pipe] = PLEDGE_STDIO, - [SYS_pipe2] = PLEDGE_STDIO, - [SYS_socketpair] = PLEDGE_STDIO, - [SYS_wait4] = PLEDGE_STDIO, - [SYS_kill] = PLEDGE_STDIO, - [SYS_ioctl] = PLEDGE_STDIO, - [SYS_open] = PLEDGE_STDIO, - [SYS_stat] = PLEDGE_STDIO, -#if defined(SYS_stat64) && SYS_stat64 != SYS_stat - [SYS_stat64] = PLEDGE_STDIO, -#endif - [SYS_access] = PLEDGE_STDIO, - [SYS_readlink] = PLEDGE_STDIO, - - /* ipc */ - [SYS_memfd_create] = PLEDGE_IPC, - [SYS_mq_getsetattr] = PLEDGE_IPC, - [SYS_mq_notify] = PLEDGE_IPC, - [SYS_mq_open] = PLEDGE_IPC, - [SYS_mq_timedreceive] = PLEDGE_IPC, - [SYS_mq_timedsend] = PLEDGE_IPC, - [SYS_mq_unlink] = PLEDGE_IPC, - [SYS_msgctl] = PLEDGE_IPC, - [SYS_msgget] = PLEDGE_IPC, - [SYS_msgrcv] = PLEDGE_IPC, - [SYS_msgsnd] = PLEDGE_IPC, - [SYS_process_vm_readv] = PLEDGE_IPC, - [SYS_process_vm_writev] = PLEDGE_IPC, - [SYS_semctl] = PLEDGE_IPC, - [SYS_semget] = PLEDGE_IPC, - [SYS_semop] = PLEDGE_IPC, - [SYS_semtimedop] = PLEDGE_IPC, - [SYS_shmat] = PLEDGE_IPC, - [SYS_shmctl] = PLEDGE_IPC, - [SYS_shmdt] = PLEDGE_IPC, - [SYS_shmget] = PLEDGE_IPC, - - [SYS_adjtimex] = PLEDGE_SETTIME, - [SYS_clock_adjtime] = PLEDGE_SETTIME, - [SYS_clock_settime] = PLEDGE_SETTIME, - [SYS_settimeofday] = PLEDGE_SETTIME, -#ifdef SYS_stime - [SYS_stime] = PLEDGE_SETTIME, -#endif - - [SYS_chdir] = PLEDGE_RPATH, - [SYS_openat] = PLEDGE_RPATH | PLEDGE_WPATH, - [SYS_newfstatat] = PLEDGE_RPATH | PLEDGE_WPATH, - [SYS_faccessat] = PLEDGE_RPATH | PLEDGE_WPATH, - [SYS_getcwd] = PLEDGE_RPATH | PLEDGE_WPATH, - [SYS_readlinkat] = PLEDGE_RPATH | PLEDGE_WPATH, - [SYS_lstat] = PLEDGE_RPATH | PLEDGE_WPATH, -#if defined(SYS_lstat64) && SYS_lstat64 != SYS_lstat - [SYS_lstat64] = PLEDGE_STDIO, -#endif - [SYS_truncate] = PLEDGE_WPATH, -#if defined(SYS_truncate64) && SYS_truncate64 != SYS_truncate - [SYS_truncate64] = PLEDGE_STDIO, -#endif - [SYS_rename] = PLEDGE_RPATH | PLEDGE_CPATH, - [SYS_rmdir] = PLEDGE_CPATH, - [SYS_renameat] = PLEDGE_CPATH, - [SYS_renameat2] = PLEDGE_CPATH, - [SYS_link] = PLEDGE_CPATH, - [SYS_linkat] = PLEDGE_CPATH, - [SYS_lremovexattr] = PLEDGE_CPATH, - [SYS_lsetxattr] = PLEDGE_CPATH, - [SYS_symlink] = PLEDGE_CPATH, - [SYS_unlink] = PLEDGE_CPATH, - [SYS_unlinkat] = PLEDGE_CPATH, - [SYS_mkdir] = PLEDGE_CPATH, - [SYS_mkdirat] = PLEDGE_CPATH, - - [SYS_getdents] = PLEDGE_RPATH, -#if defined(SYS_getdents64) && SYS_getdents64 != SYS_getdents - [SYS_getdents64] = PLEDGE_RPATH, -#endif - [SYS_statfs] = PLEDGE_RPATH, - [SYS_fstatfs] = PLEDGE_RPATH, - [SYS_listxattr] = PLEDGE_RPATH, - [SYS_llistxattr] = PLEDGE_RPATH, - - [SYS_utimes] = PLEDGE_FATTR, - [SYS_utimensat] = PLEDGE_FATTR, - [SYS_chmod] = PLEDGE_FATTR, - [SYS_fchmod] = PLEDGE_FATTR, - [SYS_fchmodat] = PLEDGE_FATTR, - - [SYS_chown] = PLEDGE_CHOWN, - [SYS_fchownat] = PLEDGE_CHOWN, - [SYS_lchown] = PLEDGE_CHOWN, - [SYS_fchown] = PLEDGE_CHOWN, - - [SYS_arch_prctl] = PLEDGE_PROC, - [SYS_clone] = PLEDGE_PROC, - [SYS_fork] = PLEDGE_PROC, - [SYS_setns] = PLEDGE_PROC, - [SYS_setpgid] = PLEDGE_PROC, - [SYS_setsid] = PLEDGE_PROC, - [SYS_sched_get_priority_max] = PLEDGE_PROC, - [SYS_sched_get_priority_min] = PLEDGE_PROC, - [SYS_sched_getaffinity] = PLEDGE_PROC, - [SYS_sched_getattr] = PLEDGE_PROC, - [SYS_sched_getparam] = PLEDGE_PROC, - [SYS_sched_getscheduler] = PLEDGE_PROC, - [SYS_sched_rr_get_interval] = PLEDGE_PROC, - [SYS_sched_setaffinity] = PLEDGE_PROC, - [SYS_sched_setattr] = PLEDGE_PROC, - [SYS_sched_setparam] = PLEDGE_PROC, - [SYS_sched_setscheduler] = PLEDGE_PROC, - [SYS_sched_yield] = PLEDGE_PROC, - [SYS_set_tid_address] = PLEDGE_PROC, - [SYS_set_robust_list] = PLEDGE_PROC, - [SYS_get_robust_list] = PLEDGE_PROC, - [SYS_unshare] = PLEDGE_PROC, - [SYS_vfork] = PLEDGE_PROC, - - [SYS_setrlimit] = PLEDGE_PROC | PLEDGE_ID, - [SYS_prlimit64] = PLEDGE_PROC | PLEDGE_ID, - [SYS_getpriority] = PLEDGE_PROC | PLEDGE_ID, - [SYS_setpriority] = PLEDGE_PROC | PLEDGE_ID, - - [SYS_setuid] = PLEDGE_ID, - [SYS_setreuid] = PLEDGE_ID, - [SYS_setresuid] = PLEDGE_ID, - [SYS_setgid] = PLEDGE_ID, - [SYS_setregid] = PLEDGE_ID, - [SYS_setresgid] = PLEDGE_ID, - [SYS_setgroups] = PLEDGE_ID, - - [SYS_execve] = PLEDGE_EXEC, - [SYS_execveat] = PLEDGE_EXEC, - - [SYS_socket] = PLEDGE_INET | PLEDGE_UNIX, - [SYS_connect] = PLEDGE_INET | PLEDGE_UNIX, - [SYS_bind] = PLEDGE_INET | PLEDGE_UNIX, - [SYS_getsockname] = PLEDGE_INET | PLEDGE_UNIX, - - [SYS_listen] = PLEDGE_INET | PLEDGE_UNIX, - [SYS_accept4] = PLEDGE_INET | PLEDGE_UNIX, - [SYS_accept] = PLEDGE_INET | PLEDGE_UNIX, - [SYS_getpeername] = PLEDGE_INET | PLEDGE_UNIX, - - [SYS_flock] = PLEDGE_FLOCK, - - [SYS_modify_ldt] = PLEDGE_EMUL, -#ifdef SYS_subpage_prot - [SYS_subpage_prot] = PLEDGE_EMUL, -#endif -#ifdef SYS_switch_edian - [SYS_switch_edian] = PLEDGE_EMUL, -#endif -#ifdef SYS_vm86 - [SYS_vm86] = PLEDGE_EMUL, -#endif -#ifdef SYS_vm86old - [SYS_vm86old] = PLEDGE_EMUL, -#endif - - [SYS_chroot] = PLEDGE_MOUNT, - [SYS_mount] = PLEDGE_MOUNT, - [SYS_pivot_root] = PLEDGE_MOUNT, - [SYS_swapoff] = PLEDGE_MOUNT, - [SYS_swapon] = PLEDGE_MOUNT, - [SYS_umount2] = PLEDGE_MOUNT, -#ifdef SYS_umount - [SYS_umount] = PLEDGE_MOUNT, -#endif - - [SYS_add_key] = PLEDGE_KEY, - [SYS_keyctl] = PLEDGE_KEY, - [SYS_request_key] = PLEDGE_KEY, - - [SYS_delete_module] = PLEDGE_KERN, - [SYS_finit_module] = PLEDGE_KERN, - [SYS_init_module] = PLEDGE_KERN, -}; - struct sock_fprog * pledge_whitelist(uint64_t flags) @@ -461,9 +197,8 @@ pledge_whitelist(uint64_t flags) _JUMP_EQ(AUDIT_ARCH_X86_64, 0, _END-1); /* compare syscall numbers */ _LOAD_SYSCALL_NR; - for (i = 0; i < num; i++) { + for (i = 0; i < num; i++) _JUMP_EQ(calls[i], _END, 0); - } /* no match */ #ifndef NODEBUG _RET((flags & PLEDGE_DEBUG) ? SECCOMP_RET_TRAP : SECCOMP_RET_KILL); @@ -518,9 +253,8 @@ pledge_blacklist(uint64_t flags, uint64_t oldflags) /* compare all syscall numbers */ _LOAD_SYSCALL_NR; - for (i = 0; i < num; i++) { + for (i = 0; i < num; i++) _JUMP_EQ(calls[i], _END, 0); - } /* no match */ _RET(SECCOMP_RET_ALLOW); /* matching syscall jump here */ @@ -582,7 +316,6 @@ pledge_filter(uint64_t flags, uint64_t oldflags) /* space for 3 different return statements (KILL,ALLOW,EPERM) */ len += 3; -#ifdef TEST printf("allowsocket %d unix=%d inet=%d\n", allow_socket, ((flags&PLEDGE_UNIX) == PLEDGE_UNIX), ((flags&PLEDGE_INET) == PLEDGE_INET)); @@ -591,7 +324,6 @@ pledge_filter(uint64_t flags, uint64_t oldflags) printf("allowselfkill %d\n", allow_selfkill); printf("allowfcntl %d\n", allow_fcntl); printf("allowbasicioctl %d\n", allow_ioctl); -#endif if (!(fprog = calloc(1, sizeof(struct sock_fprog)))) return 0; @@ -606,6 +338,16 @@ pledge_filter(uint64_t flags, uint64_t oldflags) #define _EPERM _END-1 #define _ALLOW _END-2 + if (allow_selfkill) { + pid_t pid = getpid(); + /* allow kill(0 | getpid(), ...) */ + _JUMP_EQ(SYS_kill, _KILL, 10); // XXX: fix offset + _ARG64(0); // +4 + _JUMP_EQ64(0, _KILL, _KILL); // +3 + _JUMP_EQ64(pid, _KILL, _KILL); // +3 + } + + if (allow_selfchown) { uid_t uid = getuid(); gid_t gid = getgid(); @@ -619,7 +361,7 @@ pledge_filter(uint64_t flags, uint64_t oldflags) _ARG64(2); // + 4 _JUMP_EQ64(gid, _ALLOW, _EPERM); // +3 - /* fchownat(2) */ + /* fchownat(2) */ _JUMP_EQ(SYS_fchownat, 0, 14); // XXX: fix offset _ARG64(2); // +4 _JUMP_EQ64(uid, 0, _EPERM); // +3 @@ -651,20 +393,11 @@ pledge_filter(uint64_t flags, uint64_t oldflags) if (allow_fcntl) { /* allow fcntl(..., != F_SETOWN, ...) */ - _JUMP_EQ(SYS_fcntl, 0, 2); + _JUMP_EQ(SYS_fcntl, 0, 1); _ARG32(1); _JUMP_EQ(F_SETOWN, _EPERM, _ALLOW); } - if (allow_selfkill) { - pid_t pid = getpid(); - /* allow kill(0 | getpid(), ...) */ - _JUMP_EQ(SYS_kill, 0, 10); // XXX: fix offset - _ARG64(0); // +4 - _JUMP_EQ64(0, _ALLOW, 0); // +3 - _JUMP_EQ64(pid, _ALLOW, _EPERM); // +3 - } - if (allow_ioctl) { /* allow ioctl(..., FIONREAD|FIONBIO|FIOCLEX|FIONCLEX, ...) */ _JUMP_EQ(SYS_kill, 0, 5); diff --git a/pledge.c b/pledge.c @@ -2,6 +2,7 @@ #include <errno.h> #include <stdio.h> #include <stdlib.h> +#include <stdint.h> #include <string.h> #include <unistd.h> diff --git a/pledge.h b/pledge.h @@ -1,5 +1,3 @@ -#include <stdint.h> - #define PLEDGED 0x1000000000000000ULL #define PLEDGE_ALWAYS 0xffffffffffffffffULL #define PLEDGE_DEBUG 0x0000000000000001ULL