Kernel: Introduce "sigaction" pledge

You now have to pledge "sigaction" to change signal handlers/dispositions. This is to prevent malicious code from messing with assertions (and segmentation faults), which are normally expected to instantly terminate the process but can do other things if you change signal disposition for them.
Author: https://github.com/bugaevc Commit: https://github.com/SerenityOS/serenity/commit/cddaeb43d31 Pull-request: https://github.com/SerenityOS/serenity/pull/2394 Reviewed-by: https://github.com/awesomekling ✅
2025-04-24 21:45:20 +00:00 · 2020-05-26 13:49:35 +03:00 · 2020-05-26 13:49:35 +03:00 · cddaeb43d3 · 2024-07-19 06:07:09 +09:00
commit cddaeb43d3
parent 839ae82d66
2 changed files with 2 additions and 1 deletions
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@ -2711,7 +2711,7 @@ int Process::sys$sigpending(sigset_t* set)

 int Process::sys$sigaction(int signum, const sigaction* act, sigaction* old_act)
 {
-    REQUIRE_PROMISE(stdio);
+    REQUIRE_PROMISE(sigaction);
    if (signum < 1 || signum >= 32 || signum == SIGKILL || signum == SIGSTOP)
        return -EINVAL;
    if (!validate_read_typed(act))
--- a/Kernel/Process.h
+++ b/Kernel/Process.h
@ -72,6 +72,7 @@ extern VirtualAddress g_return_to_ring3_from_signal_trampoline;
    __ENUMERATE_PLEDGE_PROMISE(video)   \
    __ENUMERATE_PLEDGE_PROMISE(accept)  \
    __ENUMERATE_PLEDGE_PROMISE(settime) \
+    __ENUMERATE_PLEDGE_PROMISE(sigaction) \
    __ENUMERATE_PLEDGE_PROMISE(shared_buffer)

 enum class Pledge : u32 {