Kernel: Add dedicated "ptrace" pledge promise

The vast majority of programs don't ever need to use sys$ptrace(),
and it seems like a high-value system call to prevent a compromised
process from using.

This patch moves sys$ptrace() from the "proc" promise to its own,
new "ptrace" promise and updates the affected apps.

Applications/Debugger/main.cpp

@@ -194,7 +194,7 @@ int main(int argc, char** argv)
 {
     editor = Line::Editor::construct();
 
-    if (pledge("stdio proc exec rpath tty sigaction cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio proc ptrace exec rpath tty sigaction cpath unix fattr", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Base/usr/share/man/man2/pledge.md

@@ -53,6 +53,7 @@ If the process later attempts to use any system functionality it has previously
 * `sigaction`: Change signal handlers and dispositions (\*)
 * `sendfd`: Send file descriptors over a local socket
 * `recvfd`: Receive file descriptors over a local socket
+* `ptrace`: The [`ptrace(2)`](ptrace.md) syscall (\*)
 
 Promises marked with an asterisk (\*) are SerenityOS specific extensions not supported by the original OpenBSD `pledge()`.
 

DevTools/HackStudio/main.cpp

@@ -57,14 +57,14 @@ static void update_path_environment_variable();
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd", nullptr) < 0) {
+    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd ptrace", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
 
     auto app = GUI::Application::construct(argc, argv);
 
-    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd", nullptr) < 0) {
+    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd ptrace", nullptr) < 0) {
         perror("pledge");
         return 1;
     }

Kernel/Process.h

@@ -66,6 +66,7 @@ extern VirtualAddress g_return_to_ring3_from_signal_trampoline;
     __ENUMERATE_PLEDGE_PROMISE(inet)      \
     __ENUMERATE_PLEDGE_PROMISE(id)        \
     __ENUMERATE_PLEDGE_PROMISE(proc)      \
+    __ENUMERATE_PLEDGE_PROMISE(ptrace)    \
     __ENUMERATE_PLEDGE_PROMISE(exec)      \
     __ENUMERATE_PLEDGE_PROMISE(unix)      \
     __ENUMERATE_PLEDGE_PROMISE(recvfd)    \

Kernel/Syscalls/ptrace.cpp

@@ -37,7 +37,7 @@ namespace Kernel {
 
 int Process::sys$ptrace(Userspace<const Syscall::SC_ptrace_params*> user_params)
 {
-    REQUIRE_PROMISE(proc);
+    REQUIRE_PROMISE(ptrace);
     Syscall::SC_ptrace_params params;
     if (!copy_from_user(&params, user_params))
         return -EFAULT;

Userland/functrace.cpp

@@ -112,7 +112,7 @@ static NonnullOwnPtr<HashMap<void*, X86::Instruction>> instrument_code()
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio proc exec rpath sigaction", nullptr) < 0) {
+    if (pledge("stdio proc exec rpath sigaction ptrace", nullptr) < 0) {
         perror("pledge");
         return 1;
     }