From 3329807a0b78f4b8683ed92397ca40c5a390986e Mon Sep 17 00:00:00 2001 From: deraadt <> Date: Tue, 12 Dec 2017 01:12:34 +0000 Subject: [PATCH] pledge()'s 2nd argument becomes char *execpromises, which becomes the pledge for a new execve image immediately upon start. Also introduces "error" which makes violations return -1 ENOSYS instead of killing the program ("error" may not be handed to a setuid/setgid program, which may be missing/ignoring syscall return values and would continue with inconsistant state) Discussion with many florian has used this to improve the strictness of a daemon --- src/include/unistd.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/include/unistd.h b/src/include/unistd.h index ffec1538..dab92899 100644 --- a/src/include/unistd.h +++ b/src/include/unistd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: unistd.h,v 1.104 2017/03/09 10:13:03 fcambus Exp $ */ +/* $OpenBSD: unistd.h,v 1.105 2017/12/12 01:12:34 deraadt Exp $ */ /* $NetBSD: unistd.h,v 1.26.4.1 1996/05/28 02:31:51 mrg Exp $ */ /*- @@ -522,7 +522,7 @@ int strtofflags(char **, u_int32_t *, u_int32_t *); int swapctl(int cmd, const void *arg, int misc); int syscall(int, ...); int getentropy(void *, size_t); -int pledge(const char *, const char **); +int pledge(const char *, const char *); pid_t __tfork_thread(const struct __tfork *, size_t, void (*)(void *), void *); #endif /* __BSD_VISIBLE */