on i386, libm does sysctl to discover is the system has SSE. Whitelist

that sysctl in pledge. Discovered by Stuart Cassoff
author: deraadt <deraadt@openbsd.org> 2018-06-03 18:20:28 +0000
committer: deraadt <deraadt@openbsd.org> 2018-06-03 18:20:28 +0000
commit: acb89c39fe8eb488eed89325eaac5038c1cff4dc (patch)
tree: b6ea6eebc8395f8de53ec181843eaf7c1a9283b4 /sys
parent: Change the set_parent() interface to pass the full parent specification (diff)
download: wireguard-openbsd-acb89c39fe8eb488eed89325eaac5038c1cff4dc.tar.xz
wireguard-openbsd-acb89c39fe8eb488eed89325eaac5038c1cff4dc.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index fa9915d6c92..6bdc9d09a6c 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.230 2018/04/28 12:49:21 kn Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.231 2018/06/03 18:20:28 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -911,6 +911,11 @@ pledge_sysctl(struct proc *p, int miblen, int *mib, void *new)
 	if (miblen == 2 &&		/* vm.loadavg / getloadavg(3) */
 	    mib[0] == CTL_VM && mib[1] == VM_LOADAVG)
 		return (0);
+#ifdef CPU_SSE
+	if (miblen == 2 &&		/* i386 libm tests for SSE */
+	    mib[0] == CTL_MACHDEP && mib[1] == CPU_SSE)
+		return (0);
+#endif /* CPU_SSE */
 
 	snprintf(buf, sizeof(buf), "%s(%d): pledge sysctl %d:",
 	    p->p_p->ps_comm, p->p_p->ps_pid, miblen);
author	deraadt <deraadt@openbsd.org>	2018-06-03 18:20:28 +0000
committer	deraadt <deraadt@openbsd.org>	2018-06-03 18:20:28 +0000
commit	acb89c39fe8eb488eed89325eaac5038c1cff4dc (patch)
tree	b6ea6eebc8395f8de53ec181843eaf7c1a9283b4 /sys
parent	Change the set_parent() interface to pass the full parent specification (diff)
download	wireguard-openbsd-acb89c39fe8eb488eed89325eaac5038c1cff4dc.tar.xz wireguard-openbsd-acb89c39fe8eb488eed89325eaac5038c1cff4dc.zip