On 2018/02/18 20:05, Neeraj Pal wrote: > On Sun, Feb 18, 2018 at 6:21 PM, Stuart Henderson <[email protected]> > wrote: > > On 2018/02/18 12:36, Neeraj Pal wrote: > >> I read kern_pledge.c file, but, I am not able to figure out the pledge > >> bit value of a program which isn't using pledge() system call in > >> user-space code. > >> Because even after not using pledge() system call in user-space, > >> still, every process has some default kind of pledge bit value, that > >> is, 0x8009588f. > > > > ps_pledge only indicates that a process has been pledged if the PS_PLEDGE > > bit (0x00100000) has been set. > > > > On a new process this bit (and this bit only) is cleared explicitly by > > atomic_clearbits_int in sys/kern_exec.c:sys_execve(), I haven't looked > > further but presumably other bits are just as returned from the allocator. > > > > Basically if you are looking to see what pledge a process has, check > > PS_PLEDGE first, other bits are only meaningful if that bit is set. > > > > Okay. So, you told me that If I need to check which process pledge > what, then I need to first check PS_PLEDGE bit > is set or not because it indicates whether a pledge called or not in a > process. > > But, what I asked is, if the pledge is not even called in userspace > code of any process, let's take an example of sample1 code > that I sent, then from where and how kernel computes this, 0x8009588f > pledge bit value.
If you want to know more about where the exact value of a not-initialized ps_pledge comes from, you'll need to follow through process creation system calls. I'm not going to do that for you because the actual value in ps_pledge for an unpledged program is meaningless anyway.
