Add a SYSTR_POLICY_KILL per-syscall policy option that sends SIGKILL to

the traced process when the syscall is attempted. This is more useful and safer for unsupervised sandboxing than returning EPERM (which is the behaviour of SYSTR_POLICY_NEVER), as this could cause dangerous misbehaviour in applications that don't expect it. "I like it" deraadt@ markus@
author: djm <djm@openbsd.org> 2011-06-22 01:32:16 +0000
committer: djm <djm@openbsd.org> 2011-06-22 01:32:16 +0000
commit: df430c6cac9d243eced7f459c3d508c8c50bfd8d (patch)
tree: 6a04c1798aa6084414ccd19755234fba9f472705 /sys/dev/systrace.h
parent: Validate pmemrange result, enabling early catching of bugs in the code. (diff)
download: wireguard-openbsd-df430c6cac9d243eced7f459c3d508c8c50bfd8d.tar.xz
wireguard-openbsd-df430c6cac9d243eced7f459c3d508c8c50bfd8d.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/dev/systrace.h b/sys/dev/systrace.h
index d727bedead7..9af22c05cf8 100644
--- a/sys/dev/systrace.h
+++ b/sys/dev/systrace.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: systrace.h,v 1.21 2008/11/09 05:13:53 deraadt Exp $	*/
+/*	$OpenBSD: systrace.h,v 1.22 2011/06/22 01:32:16 djm Exp $	*/
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -184,6 +184,7 @@ struct systrace_inject {
 #define SYSTR_POLICY_ASK	0
 #define SYSTR_POLICY_PERMIT	1
 #define SYSTR_POLICY_NEVER	2
+#define SYSTR_POLICY_KILL	3
 
 #define SYSTR_FLAGS_RESULT	0x001
 #define SYSTR_FLAGS_SETEUID	0x002
author	djm <djm@openbsd.org>	2011-06-22 01:32:16 +0000
committer	djm <djm@openbsd.org>	2011-06-22 01:32:16 +0000
commit	df430c6cac9d243eced7f459c3d508c8c50bfd8d (patch)
tree	6a04c1798aa6084414ccd19755234fba9f472705 /sys/dev/systrace.h
parent	Validate pmemrange result, enabling early catching of bugs in the code. (diff)
download	wireguard-openbsd-df430c6cac9d243eced7f459c3d508c8c50bfd8d.tar.xz wireguard-openbsd-df430c6cac9d243eced7f459c3d508c8c50bfd8d.zip