Marc Espie wrote:
> On Thu, Nov 05, 2015 at 11:52:32AM +0100, Theo Buehler wrote:
> > On Thu, Nov 05, 2015 at 11:33:56AM +0100, Marc Espie wrote:
> > > On Thu, Nov 05, 2015 at 10:54:32AM +0100, Theo Buehler wrote:
> > > > On Thu, Nov 05, 2015 at 10:42:54AM +0100, Marc Espie wrote:
> > > > > - if (pledge("stdio rpath getpw tty id ps vminfo", NULL) == -1)
> > > > > + if (pledge("stdio rpath getpw tty proc id ps vminfo", NULL) ==
> > > > > -1)
> > > > > err(1, "pledge");
> > > >
> > > > I think both "proc" and "id" are too much: "id" was added to enable
> > > > renicing, but "proc" is good enough for that:
> > > >
> > > > Index: usr.bin/top/top.c
> > > > ===================================================================
> > > > RCS file: /cvs/src/usr.bin/top/top.c,v
> > > > retrieving revision 1.87
> > > > diff -u -p -r1.87 top.c
> > > > --- usr.bin/top/top.c 4 Nov 2015 21:28:27 -0000 1.87
> > > > +++ usr.bin/top/top.c 5 Nov 2015 09:54:04 -0000
> > > > @@ -328,7 +328,7 @@ main(int argc, char *argv[])
> > > > preset_argc = 0;
> > > > } while (i != 0);
> > > >
> > > > - if (pledge("stdio rpath getpw tty id ps vminfo", NULL) == -1)
> > > > + if (pledge("stdio rpath getpw tty proc ps vminfo", NULL) == -1)
> > > > err(1, "pledge");
> > > >
> > > > /* set constants for username/uid display correctly */
> > >
> > > WHAT ? I don't see setpriority in the list of syscalls that proc enables.
> > >
> >
> > That's right. Nevertheless /src/sys/kern/kern_pledge.c, line 234:
> >
> > 229 [SYS_setsid] = PLEDGE_PROC,
> > 230
> > 231 [SYS_setrlimit] = PLEDGE_PROC | PLEDGE_ID,
> > 232 [SYS_getpriority] = PLEDGE_PROC | PLEDGE_ID,
> > 233
> > 234 [SYS_setpriority] = PLEDGE_PROC | PLEDGE_ID,
> > 235
> > 236 [SYS_setuid] = PLEDGE_ID,
> >
> > This was added to enable csh's nice builtin without adding "id" to
> > csh's promises.
>
> It's not documented so it doesn't exist for me. :P
>
> (hint hint)
Seconded.
