Kernel: Add dedicated "ptrace" pledge promise

The vast majority of programs don't ever need to use sys$ptrace(), and it seems like a high-value system call to prevent a compromised process from using. This patch moves sys$ptrace() from the "proc" promise to its own, new "ptrace" promise and updates the affected apps.
2025-07-25 16:47:36 +00:00 · 2021-01-11 22:30:57 +01:00 · 2021-01-11 22:30:57 +01:00 · f03800cee3
commit f03800cee3
parent 127ce32d9e
6 changed files with 7 additions and 5 deletions
--- a/Base/usr/share/man/man2/pledge.md
+++ b/Base/usr/share/man/man2/pledge.md
@ -53,6 +53,7 @@ If the process later attempts to use any system functionality it has previously
 * `sigaction`: Change signal handlers and dispositions (\*)
 * `sendfd`: Send file descriptors over a local socket
 * `recvfd`: Receive file descriptors over a local socket
+* `ptrace`: The [`ptrace(2)`](ptrace.md) syscall (\*)

 Promises marked with an asterisk (\*) are SerenityOS specific extensions not supported by the original OpenBSD `pledge()`.