Marc Espie wrote: > On Thu, Nov 05, 2015 at 11:52:32AM +0100, Theo Buehler wrote: > > On Thu, Nov 05, 2015 at 11:33:56AM +0100, Marc Espie wrote: > > > On Thu, Nov 05, 2015 at 10:54:32AM +0100, Theo Buehler wrote: > > > > On Thu, Nov 05, 2015 at 10:42:54AM +0100, Marc Espie wrote: > > > > > - if (pledge("stdio rpath getpw tty id ps vminfo", NULL) == -1) > > > > > + if (pledge("stdio rpath getpw tty proc id ps vminfo", NULL) == > > > > > -1) > > > > > err(1, "pledge"); > > > > > > > > I think both "proc" and "id" are too much: "id" was added to enable > > > > renicing, but "proc" is good enough for that: > > > > > > > > Index: usr.bin/top/top.c > > > > =================================================================== > > > > RCS file: /cvs/src/usr.bin/top/top.c,v > > > > retrieving revision 1.87 > > > > diff -u -p -r1.87 top.c > > > > --- usr.bin/top/top.c 4 Nov 2015 21:28:27 -0000 1.87 > > > > +++ usr.bin/top/top.c 5 Nov 2015 09:54:04 -0000 > > > > @@ -328,7 +328,7 @@ main(int argc, char *argv[]) > > > > preset_argc = 0; > > > > } while (i != 0); > > > > > > > > - if (pledge("stdio rpath getpw tty id ps vminfo", NULL) == -1) > > > > + if (pledge("stdio rpath getpw tty proc ps vminfo", NULL) == -1) > > > > err(1, "pledge"); > > > > > > > > /* set constants for username/uid display correctly */ > > > > > > WHAT ? I don't see setpriority in the list of syscalls that proc enables. > > > > > > > That's right. Nevertheless /src/sys/kern/kern_pledge.c, line 234: > > > > 229 [SYS_setsid] = PLEDGE_PROC, > > 230 > > 231 [SYS_setrlimit] = PLEDGE_PROC | PLEDGE_ID, > > 232 [SYS_getpriority] = PLEDGE_PROC | PLEDGE_ID, > > 233 > > 234 [SYS_setpriority] = PLEDGE_PROC | PLEDGE_ID, > > 235 > > 236 [SYS_setuid] = PLEDGE_ID, > > > > This was added to enable csh's nice builtin without adding "id" to > > csh's promises. > > It's not documented so it doesn't exist for me. :P > > (hint hint)
Seconded.