Page MenuHomeFreeBSD
Files F146742397

D44372.id136036.diff
No OneTemporary
Actions

D44372.id136036.diff
View Options

diff --git a/contrib/capsicum-test/capmode.cc b/contrib/capsicum-test/capmode.cc
--- a/contrib/capsicum-test/capmode.cc
+++ b/contrib/capsicum-test/capmode.cc
@@ -594,7 +594,6 @@
AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
errno = 0;
EXPECT_CAPMODE(ptrace_(PTRACE_PEEKDATA_, pid, &pid, NULL));
- EXPECT_CAPMODE(waitpid(pid, NULL, WNOHANG));
SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_REQUEST_CHILD_EXIT);
if (verbose) fprintf(stderr, " child finished\n");
}
diff --git a/lib/libsys/wait.2 b/lib/libsys/wait.2
--- a/lib/libsys/wait.2
+++ b/lib/libsys/wait.2
@@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd June 24, 2022
+.Dd March 21, 2024
.Dt WAIT 2
.Os
.Sh NAME
@@ -603,11 +603,14 @@
.Fa infop
must be checked against zero to determine if a process reported status.
.Pp
-The
+When running in
+.Xr capsicum 4
+capability mode, the
.Fn wait
-family of functions will not return a child process created with
-.Xr pdfork 2
-unless specifically directed to do so by specifying its process ID.
+family of functions will never return a child process created with
+.Xr pdfork 2 .
+Otherwise it will only return it when specifically directed to do so
+by specifying its process ID.
.Sh ERRORS
The
.Fn wait
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -1330,6 +1330,18 @@
return (0);
}
+ /*
+ * When running in capsicum(4) mode, make wait(2) ignore
+ * processes created with pdfork(2). This is because one can
+ * disown them - by passing their process descriptor to another
+ * process - which means it needs to be prevented from touching
+ * them afterwards.
+ */
+ if (IN_CAPABILITY_MODE(td) && p->p_procdesc != NULL) {
+ PROC_UNLOCK(p);
+ continue;
+ }
+
nfound++;
PROC_LOCK_ASSERT(p, MA_OWNED);
diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@@ -157,7 +157,7 @@
int fd
);
}
-7 AUE_WAIT4 STD {
+7 AUE_WAIT4 STD|CAPENABLED {
int wait4(
int pid,
_Out_opt_ int *status,
@@ -2936,7 +2936,7 @@
int advice
);
}
-532 AUE_WAIT6 STD {
+532 AUE_WAIT6 STD|CAPENABLED {
int wait6(
idtype_t idtype,
id_t id,

File Metadata

Mime Type
text/plain
Expires
Fri, Mar 6, 5:16 AM (1 h, 33 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29313952
Default Alt Text
D44372.id136036.diff (2 KB)

Event Timeline