Track a per-fd flag UF_PLEDGED. This indicates the initial open was done by a - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	deraadt <deraadt@openbsd.org>	2017-01-24 04:09:59 +0000
committer	deraadt <deraadt@openbsd.org>	2017-01-24 04:09:59 +0000
commit	5a0f20a0802ec5698a44512e60b6653ea61db79c (patch)
tree	7b29b9c341cda23e9382843714fabfcea4ccfc7c /sys/lib/libkern/memcpy.c
parent	add support for multiple transmit ifqueues per network interface. (diff)
download	wireguard-openbsd-5a0f20a0802ec5698a44512e60b6653ea61db79c.tar.xz wireguard-openbsd-5a0f20a0802ec5698a44512e60b6653ea61db79c.zip

Track a per-fd flag UF_PLEDGED. This indicates the initial open was done by a

pledged process. dup(2) and recvmsg(2) retain UF_PLEDGED from the original fd. In pledge "exec" circumstances, exceve clears UF_PLEDGED on all the process's fds. In a pledge'd process, ioctl(2) can use this additional information to grant access to ioctl's which are more sensitive or dive deeply into the kernel. Developers will be encouraged to open such sensitive resources before calling pledge(2), rather than afterwards. That matches the heading of privsep development practices. Future changes will introduce those ioctl(2) changes. Lots of discussions with semarie guenther and benno.

Diffstat (limited to 'sys/lib/libkern/memcpy.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: