Kernel+Userland: Add "settime" pledge promise for setting system time

We now require the "settime" promise from pledged processes who want to change the system time.
2025-07-25 17:07:34 +00:00 · 2020-05-08 22:54:17 +02:00 · 2020-05-08 22:54:17 +02:00 · 5bfd893292
commit 5bfd893292
parent 1cddb1055f
4 changed files with 29 additions and 22 deletions
--- a/Base/usr/share/man/man2/pledge.md
+++ b/Base/usr/share/man/man2/pledge.md
@ -44,6 +44,7 @@ If `promises` or `execpromises` is null, the corresponding value is unchanged.
 * `shared_buffer`: Shared memory buffers (\*)
 * `chroot`: The [`chroot(2)`](chroot.md) syscall (\*)
 * `video`: May use [`ioctl(2)`](ioctl.md) and [`mmap(2)`](mmap.md) on framebuffer video devices
 * `settime`: Changing the system time and date
 Promises marked with an asterisk (\*) are SerenityOS specific extensions not supported by the original OpenBSD `pledge()`.
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@ -4360,7 +4360,7 @@ int Process::sys$clock_gettime(clockid_t clock_id, timespec* user_ts)
 int Process::sys$clock_settime(clockid_t clock_id, timespec* user_ts)
 {
-    REQUIRE_PROMISE(stdio);
+    REQUIRE_PROMISE(settime);
    if (!is_superuser())
        return -EPERM;
--- a/Kernel/Process.h
+++ b/Kernel/Process.h
@ -53,24 +53,25 @@ void kgettimeofday(timeval&);
 extern VirtualAddress g_return_to_ring3_from_signal_trampoline;
-#define ENUMERATE_PLEDGE_PROMISES      \
+#define ENUMERATE_PLEDGE_PROMISES       \
-    __ENUMERATE_PLEDGE_PROMISE(stdio)  \
+    __ENUMERATE_PLEDGE_PROMISE(stdio)   \
-    __ENUMERATE_PLEDGE_PROMISE(rpath)  \
+    __ENUMERATE_PLEDGE_PROMISE(rpath)   \
-    __ENUMERATE_PLEDGE_PROMISE(wpath)  \
+    __ENUMERATE_PLEDGE_PROMISE(wpath)   \
-    __ENUMERATE_PLEDGE_PROMISE(cpath)  \
+    __ENUMERATE_PLEDGE_PROMISE(cpath)   \
-    __ENUMERATE_PLEDGE_PROMISE(dpath)  \
+    __ENUMERATE_PLEDGE_PROMISE(dpath)   \
-    __ENUMERATE_PLEDGE_PROMISE(inet)   \
+    __ENUMERATE_PLEDGE_PROMISE(inet)    \
-    __ENUMERATE_PLEDGE_PROMISE(id)     \
+    __ENUMERATE_PLEDGE_PROMISE(id)      \
-    __ENUMERATE_PLEDGE_PROMISE(proc)   \
+    __ENUMERATE_PLEDGE_PROMISE(proc)    \
-    __ENUMERATE_PLEDGE_PROMISE(exec)   \
+    __ENUMERATE_PLEDGE_PROMISE(exec)    \
-    __ENUMERATE_PLEDGE_PROMISE(unix)   \
+    __ENUMERATE_PLEDGE_PROMISE(unix)    \
-    __ENUMERATE_PLEDGE_PROMISE(fattr)  \
+    __ENUMERATE_PLEDGE_PROMISE(fattr)   \
-    __ENUMERATE_PLEDGE_PROMISE(tty)    \
+    __ENUMERATE_PLEDGE_PROMISE(tty)     \
-    __ENUMERATE_PLEDGE_PROMISE(chown)  \
+    __ENUMERATE_PLEDGE_PROMISE(chown)   \
-    __ENUMERATE_PLEDGE_PROMISE(chroot) \
+    __ENUMERATE_PLEDGE_PROMISE(chroot)  \
-    __ENUMERATE_PLEDGE_PROMISE(thread) \
+    __ENUMERATE_PLEDGE_PROMISE(thread)  \
-    __ENUMERATE_PLEDGE_PROMISE(video)  \
+    __ENUMERATE_PLEDGE_PROMISE(video)   \
-    __ENUMERATE_PLEDGE_PROMISE(accept) \
+    __ENUMERATE_PLEDGE_PROMISE(accept)  \
    __ENUMERATE_PLEDGE_PROMISE(settime) \
    __ENUMERATE_PLEDGE_PROMISE(shared_buffer)
 enum class Pledge : u32 {
--- a/Userland/date.cpp
+++ b/Userland/date.cpp
@ -26,13 +26,14 @@
 #include <AK/String.h>
 #include <LibCore/DateTime.h>
 #include <LibCore/DateTime.h>
 #include <stdio.h>
 #include <string.h>
 #include <time.h>
 int main(int argc, char** argv)
 {
-    if (pledge("stdio", nullptr) < 0) {
+    if (pledge("stdio settime", nullptr) < 0) {
        perror("pledge");
        return 1;
    }
@ -47,10 +48,14 @@ int main(int argc, char** argv)
        bool ok;
        timespec ts = { String(argv[2]).to_uint(ok), 0 };
        if (!ok) {
-            printf("date: Invalid timestamp value\n");
+            fprintf(stderr, "date: Invalid timestamp value");
            return 1;
        }
-        return clock_settime(CLOCK_REALTIME, &ts);
+        if (clock_settime(CLOCK_REALTIME, &ts) < 0) {
            perror("clock_settime");
            return 1;
        }
        return 0;
    }
    printf("%s\n", Core::DateTime::from_timestamp(now).to_string().characters());