yeah, but I am asking about pledge_xbit (pledge value of any process
in hex). See output:
process name: pltestnopledge(no pledge) ps_flags:
101007 kern_exec: 100000 pid: 66364 pledge_xbit: 8009588f
process name: pltest(with pledge("stdio",NULL)) ps_flags: 101007
kern_exec: 100000 pid: 74005 pledge_xbit: 8
Now, 2nd line is correct, because of pledge "stdio" and PLEDGE_STDIO
is 0x0000000000000008, but I am confused with 1st line. How it becomes
even this, 0x8009588f value without pledge.
Sorry, but I think either I am not getting you or you didn't get my question.
I don't know why you are telling me about PS_PLEDGE because I know
that when PS_PLEDGE is set, then it means the process has called
pledge.
We can do this to check whether any process has called pledged or not:
if ((p->p_p->ps_pledge & PS_PLEDGE) > 0) {
/* pledged process */
}
else {
/* unpledged process */
}
But, I am confused with this specific value, from where it came, what
logic it takes to come. Like in case of the pledged process we can
calculate their pledge values by doing "or" between permissions like
"stdio inet" etc.
On Sun, Feb 18, 2018 at 8:45 PM, Stuart Henderson <[email protected]> wrote:
> On 2018/02/18 20:00, Neeraj Pal wrote:
>> Okay. So, you told me that If I need to check which process pledge
>> what, then I need to first check PS_PLEDGE bit
>> is set or not because it indicates whether a pledge called or not in a
>> process.
>>
>> But, what I asked is, if the pledge is not even called in userspace
>> code of any process, let's take an example of sample1 code
>> that I sent, then from where and how kernel computes this, 0x8009588f
>> pledge bit value.
>
> It isn't computed. Other than the PS_PLEDGE bit, the memory in ps_pledge
> is uninitialized.
>
>>
>>
>> On Sun, Feb 18, 2018 at 6:21 PM, Stuart Henderson <[email protected]>
>> wrote:
>> > On 2018/02/18 12:36, Neeraj Pal wrote:
>> >> I read kern_pledge.c file, but, I am not able to figure out the pledge
>> >> bit value of a program which isn't using pledge() system call in
>> >> user-space code.
>> >> Because even after not using pledge() system call in user-space,
>> >> still, every process has some default kind of pledge bit value, that
>> >> is, 0x8009588f.
>> >
>> > ps_pledge only indicates that a process has been pledged if the PS_PLEDGE
>> > bit (0x00100000) has been set.
>> >
>> > On a new process this bit (and this bit only) is cleared explicitly by
>> > atomic_clearbits_int in sys/kern_exec.c:sys_execve(), I haven't looked
>> > further but presumably other bits are just as returned from the allocator.
>> >
>> > Basically if you are looking to see what pledge a process has, check
>> > PS_PLEDGE first, other bits are only meaningful if that bit is set.
>> >
>>
>>
>>
>> --
>> Thank you,
>>
>> Neeraj Pal ツ
>> +91-8130344470
>>
>> The information contents contained in this electronic communication
>> (including the contents of the enclosure(s) or attachment(s) if any)
>> is intended exclusively and solely for the individual(s) or entity to
>> which it is addressed and may contain information that is private,
>> confidential, legally privileged material and exempted from
>> disclosure. Any review, re transmission, dissemination, printing,
>> copying or other use of, or taking any action in reliance on the
>> contents of this information by person(s) or entities other than the
>> intended recipient is strictly prohibited and may be unlawful. If you
>> have received this communication in error, please notify by responding
>> to this email or telephone and immediately and permanently delete all
>> copies of this message and any attachments from your systems.
>>
>> This footnote confirms that this email message has been scanned for
>> the presence of malicious code, vandals & computer viruses. The
>> recipient should check this email and any attachments for the presence
>> of viruses.
>>
>> Please consider the environment before printing this email.
>>
