I should note it's Mono itself calling cpath and vminfo. Changing the runtime to be more pledge friendlier (i.e: SHM dealloc concerns, store boottime for later) would require surgery in it. I was just curious about if SHM manipulation was documented to need a pledge. ________________________________________ From: owner-m...@openbsd.org [owner-m...@openbsd.org] on behalf of Theo Buehler [t...@math.ethz.ch] Sent: April 9, 2016 5:35 PM To: misc@openbsd.org Subject: Re: shm_unlink and pledge On Sat, Apr 09, 2016 at 12:52:16PM +0000, Calvin wrote: > Recently, I've created a pledge wrapper for C#. [1] I discovered that pledge > seems to trigger on shared memory manipulations, which aren't mentioned in the > man page for pledge. For example, Mono uses shared memory, which triggers > pledge unless I add the "cpath" promise. (It also uses "vminfo," to check for > boot time, but this seems fairly ays, should SHM operations be mentioned in the man > page, or is this a bug?
The pledge manual generally only lists the supported system calls, not the library functions (with only a few exceptions). Not sure the shm_* functions would qualify as they are practically unused in the base system. The shm_*(3) library functions should be supported by the appropriate pledge promises (mostly filesystem manipulations). As is the case with most other libc functions, you need to inspect them and see what system calls they use internally. Your example: shm_unlink(3) calls unlink(2), which, in turn, requires "cpath", so everything is as expected. On the other hand, the shmat(2), shmdt(2), shmget(2) and shmctl(2) system calls are not currently supported by pledge. As far as I know, there are currently no plans of adding support for those. If they are used, you need to make sure the pledge call comes after them. Concerning the "vminfo" pledge: is it possible to fetch that value and store it before you call pledge? > A backtrace of Mono tripping up > on exit without the promise: > > (gdb) bt > #0 0x0000196ea192113a in unlink () at > <stdin>:2 > #1 0x0000196ea18bf018 in shm_unlink (path=Variable "path" is not > available.) at /usr/src/lib/libc/gen/shm_open.c:87 > #2 0x0000196bc332e085 in > mono_shared_area_remove () from /usr/local/bin/mono > #3 0x0000196ea191bcc7 in > *_libc___cxa_finalize (dso=0x0) at /usr/src/lib/libc/stdlib/atexit.c:159 > #4 > 0x0000196ea191a07e in *_libc_exit (status=0) at > /usr/src/lib/libc/stdlib/exit.c:57 > #5 0x0000196bc312dce8 in _start () from > /usr/local/bin/mono > #6 0x0000000000000000 in ?? () > > Oh, and just in case, if > you omit "vminfo" instead: > > (gdb) bt > #0 0x00001e868df09eaa in sysctl () at > <stdin>:2 > #1 0x00001e844fa302c0 in mono_free () from /usr/local/bin/mono > #2 > 0x00001e844f9deed0 in mono_gchandle_get_target () from /usr/local/bin/mono > #3 > 0x00001e844f9da27e in mono_runtime_cleanup () from /usr/local/bin/mono > #4 > 0x00001e844f82e63b in mono_get_runtime_build_info () from /usr/local/bin/mono > #5 0x00001e844f8964d7 in mono_main () from /usr/local/bin/mono > #6 > 0x00001e844f82dce1 in _start () from /usr/local/bin/mono > #7 > 0x0000000000000000 in ?? () > > [1] https://github.com/NattyNarwhal/pledge.cs
