Kernel: Add dedicated "ptrace" pledge promise

The vast majority of programs don't ever need to use sys$ptrace(), and it seems like a high-value system call to prevent a compromised process from using. This patch moves sys$ptrace() from the "proc" promise to its own, new "ptrace" promise and updates the affected apps.
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/f03800cee39
2021-01-11 22:30:57 +01:00 · 2021-01-11 22:30:57 +01:00 · f03800cee3 · 2024-07-18 23:55:10 +09:00
commit f03800cee3
parent 127ce32d9e
6 changed files with 7 additions and 5 deletions
--- a/Applications/Debugger/main.cpp
+++ b/Applications/Debugger/main.cpp
@ -194,7 +194,7 @@ int main(int argc, char** argv)
 {
    editor = Line::Editor::construct();
-    if (pledge("stdio proc exec rpath tty sigaction cpath unix fattr", nullptr) < 0) {
+    if (pledge("stdio proc ptrace exec rpath tty sigaction cpath unix fattr", nullptr) < 0) {
        perror("pledge");
        return 1;
    }
--- a/Base/usr/share/man/man2/pledge.md
+++ b/Base/usr/share/man/man2/pledge.md
@ -53,6 +53,7 @@ If the process later attempts to use any system functionality it has previously
 * `sigaction`: Change signal handlers and dispositions (\*)
 * `sendfd`: Send file descriptors over a local socket
 * `recvfd`: Receive file descriptors over a local socket
 * `ptrace`: The [`ptrace(2)`](ptrace.md) syscall (\*)
 Promises marked with an asterisk (\*) are SerenityOS specific extensions not supported by the original OpenBSD `pledge()`.
--- a/DevTools/HackStudio/main.cpp
+++ b/DevTools/HackStudio/main.cpp
@ -57,14 +57,14 @@ static void update_path_environment_variable();
 int main(int argc, char** argv)
 {
-    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd", nullptr) < 0) {
+    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd ptrace", nullptr) < 0) {
        perror("pledge");
        return 1;
    }
    auto app = GUI::Application::construct(argc, argv);
-    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd", nullptr) < 0) {
+    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd ptrace", nullptr) < 0) {
        perror("pledge");
        return 1;
    }
--- a/Kernel/Process.h
+++ b/Kernel/Process.h
@ -66,6 +66,7 @@ extern VirtualAddress g_return_to_ring3_from_signal_trampoline;
    __ENUMERATE_PLEDGE_PROMISE(inet)      \
    __ENUMERATE_PLEDGE_PROMISE(id)        \
    __ENUMERATE_PLEDGE_PROMISE(proc)      \
    __ENUMERATE_PLEDGE_PROMISE(ptrace)    \
    __ENUMERATE_PLEDGE_PROMISE(exec)      \
    __ENUMERATE_PLEDGE_PROMISE(unix)      \
    __ENUMERATE_PLEDGE_PROMISE(recvfd)    \
--- a/Kernel/Syscalls/ptrace.cpp
+++ b/Kernel/Syscalls/ptrace.cpp
@ -37,7 +37,7 @@ namespace Kernel {
 int Process::sys$ptrace(Userspace<const Syscall::SC_ptrace_params*> user_params)
 {
-    REQUIRE_PROMISE(proc);
+    REQUIRE_PROMISE(ptrace);
    Syscall::SC_ptrace_params params;
    if (!copy_from_user(&params, user_params))
        return -EFAULT;
--- a/Userland/functrace.cpp
+++ b/Userland/functrace.cpp
@ -112,7 +112,7 @@ static NonnullOwnPtr<HashMap<void*, X86::Instruction>> instrument_code()
 int main(int argc, char** argv)
 {
-    if (pledge("stdio proc exec rpath sigaction", nullptr) < 0) {
+    if (pledge("stdio proc exec rpath sigaction ptrace", nullptr) < 0) {
        perror("pledge");
        return 1;
    }