RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-25 20:55:07 +00:00
Code Issues Activity Actions

Kernel: Add dedicated "ptrace" pledge promise

Browse source 
The vast majority of programs don't ever need to use sys$ptrace(),
and it seems like a high-value system call to prevent a compromised
process from using.

This patch moves sys$ptrace() from the "proc" promise to its own,
new "ptrace" promise and updates the affected apps.
This commit is contained in:
Andreas Kling 2021-01-11 22:30:57 +01:00
parent 127ce32d9e
commit f03800cee3
6 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
DevTools/HackStudio/main.cpp
View file

@ -57,14 +57,14 @@ static void update_path_environment_variable();
int main(int argc, char** argv)
{
if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd", nullptr) < 0) {
if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd ptrace", nullptr) < 0) {
perror("pledge");
return 1;
}
auto app = GUI::Application::construct(argc, argv);
if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd", nullptr) < 0) {
if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd ptrace", nullptr) < 0) {
perror("pledge");
return 1;
}