Okay. So, you told me that If I need to check which process pledge what, then I need to first check PS_PLEDGE bit is set or not because it indicates whether a pledge called or not in a process.
But, what I asked is, if the pledge is not even called in userspace code of any process, let's take an example of sample1 code that I sent, then from where and how kernel computes this, 0x8009588f pledge bit value. On Sun, Feb 18, 2018 at 6:21 PM, Stuart Henderson <[email protected]> wrote: > On 2018/02/18 12:36, Neeraj Pal wrote: >> I read kern_pledge.c file, but, I am not able to figure out the pledge >> bit value of a program which isn't using pledge() system call in >> user-space code. >> Because even after not using pledge() system call in user-space, >> still, every process has some default kind of pledge bit value, that >> is, 0x8009588f. > > ps_pledge only indicates that a process has been pledged if the PS_PLEDGE > bit (0x00100000) has been set. > > On a new process this bit (and this bit only) is cleared explicitly by > atomic_clearbits_int in sys/kern_exec.c:sys_execve(), I haven't looked > further but presumably other bits are just as returned from the allocator. > > Basically if you are looking to see what pledge a process has, check > PS_PLEDGE first, other bits are only meaningful if that bit is set. > -- Thank you, Neeraj Pal ツ +91-8130344470 The information contents contained in this electronic communication (including the contents of the enclosure(s) or attachment(s) if any) is intended exclusively and solely for the individual(s) or entity to which it is addressed and may contain information that is private, confidential, legally privileged material and exempted from disclosure. Any review, re transmission, dissemination, printing, copying or other use of, or taking any action in reliance on the contents of this information by person(s) or entities other than the intended recipient is strictly prohibited and may be unlawful. If you have received this communication in error, please notify by responding to this email or telephone and immediately and permanently delete all copies of this message and any attachments from your systems. This footnote confirms that this email message has been scanned for the presence of malicious code, vandals & computer viruses. The recipient should check this email and any attachments for the presence of viruses. Please consider the environment before printing this email.
