diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-19 16:20:56 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-19 16:20:56 +0000 |
| commit | df1d1c4144ea8db22b76db6b6f840156b37f4f70 (patch) | |
| tree | d7b048eedaf8e5f8db6f6a8955e55573e04631a7 | |
| parent | Move stddef.h include from sh.h to the file that uses it. (diff) | |
| download | wireguard-openbsd-df1d1c4144ea8db22b76db6b6f840156b37f4f70.tar.xz wireguard-openbsd-df1d1c4144ea8db22b76db6b6f840156b37f4f70.zip | |
Allow setpriority in "proc" as well, since a few shells have "nice"
builtin. make a note that setpriority() should be weakened, unless "id"
is also present.
pointed out by Theo Buehler
| -rw-r--r-- | sys/kern/kern_pledge.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 9bee9f336fd..7bff183f241 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.56 2015/10/19 12:55:32 nicm Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.57 2015/10/19 16:20:56 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -156,6 +156,9 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = { [SYS_setrlimit] = PLEDGE_PROC | PLEDGE_ID, [SYS_getpriority] = PLEDGE_PROC | PLEDGE_ID, + /* XXX we should limit the power for the "proc"-only case */ + [SYS_setpriority] = PLEDGE_PROC | PLEDGE_ID, + [SYS_setuid] = PLEDGE_ID, [SYS_seteuid] = PLEDGE_ID, [SYS_setresuid] = PLEDGE_ID, @@ -164,7 +167,6 @@ const u_int pledge_syscalls[SYS_MAXSYSCALL] = { [SYS_setresgid] = PLEDGE_ID, [SYS_setgroups] = PLEDGE_ID, [SYS_setlogin] = PLEDGE_ID, - [SYS_setpriority] = PLEDGE_ID, [SYS_execve] = PLEDGE_EXEC, |