From cddaeb43d31304a5cb7ccdf8cf08a2bdbfff84cf Mon Sep 17 00:00:00 2001 From: Sergey Bugaev Date: Tue, 26 May 2020 13:49:35 +0300 Subject: [PATCH] Kernel: Introduce "sigaction" pledge You now have to pledge "sigaction" to change signal handlers/dispositions. This is to prevent malicious code from messing with assertions (and segmentation faults), which are normally expected to instantly terminate the process but can do other things if you change signal disposition for them. --- Kernel/Process.cpp | 2 +- Kernel/Process.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp index fa3599dec54..20921c3e2b4 100644 --- a/Kernel/Process.cpp +++ b/Kernel/Process.cpp @@ -2711,7 +2711,7 @@ int Process::sys$sigpending(sigset_t* set) int Process::sys$sigaction(int signum, const sigaction* act, sigaction* old_act) { - REQUIRE_PROMISE(stdio); + REQUIRE_PROMISE(sigaction); if (signum < 1 || signum >= 32 || signum == SIGKILL || signum == SIGSTOP) return -EINVAL; if (!validate_read_typed(act)) diff --git a/Kernel/Process.h b/Kernel/Process.h index f24789fbdc8..fa52440707e 100644 --- a/Kernel/Process.h +++ b/Kernel/Process.h @@ -72,6 +72,7 @@ extern VirtualAddress g_return_to_ring3_from_signal_trampoline; __ENUMERATE_PLEDGE_PROMISE(video) \ __ENUMERATE_PLEDGE_PROMISE(accept) \ __ENUMERATE_PLEDGE_PROMISE(settime) \ + __ENUMERATE_PLEDGE_PROMISE(sigaction) \ __ENUMERATE_PLEDGE_PROMISE(shared_buffer) enum class Pledge : u32 {