CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2022/07/18 12:02:27
Modified files:
sys/sys : pledge.h
sys/kern : kern_pledge.c
sys/uvm : uvm_swap.c
Log message:
Restrict pledge("vminfo") callers to read-only swapctl(2) operations.
Those are the read-only operations allowed for non-root users:
SWAP_NSWAP and SWAP_STATS. Users of pledge("vminfo") in base which also
call swapctl(2) with said commands: top(1) and pstat(8).
No regression spotted with top(1) and pstat(8) -s/-T.
ok deraadt@
