On Sun, Feb 18, 2018 at 6:21 PM, Stuart Henderson <[email protected]> wrote: > On 2018/02/18 12:36, Neeraj Pal wrote: >> I read kern_pledge.c file, but, I am not able to figure out the pledge >> bit value of a program which isn't using pledge() system call in >> user-space code. >> Because even after not using pledge() system call in user-space, >> still, every process has some default kind of pledge bit value, that >> is, 0x8009588f. > > ps_pledge only indicates that a process has been pledged if the PS_PLEDGE > bit (0x00100000) has been set. > > On a new process this bit (and this bit only) is cleared explicitly by > atomic_clearbits_int in sys/kern_exec.c:sys_execve(), I haven't looked > further but presumably other bits are just as returned from the allocator. > > Basically if you are looking to see what pledge a process has, check > PS_PLEDGE first, other bits are only meaningful if that bit is set. >
Okay. So, you told me that If I need to check which process pledge what, then I need to first check PS_PLEDGE bit is set or not because it indicates whether a pledge called or not in a process. But, what I asked is, if the pledge is not even called in userspace code of any process, let's take an example of sample1 code that I sent, then from where and how kernel computes this, 0x8009588f pledge bit value. -- Thank you, Neeraj Pal
