>From my /var/log/messages:
Jun 1 22:10:25 idefix /bsd: dig(9111): sysctl 2: 1 13 16 0 -32064 32639
Jun 1 22:10:25 idefix /bsd: dig(9111): syscall 202 ""
Jun 1 22:10:57 idefix /bsd: dig(56469): sysctl 2: 1 13 0 0 -129840 32639
Jun 1 22:10:57 idefix /bsd: dig(56469): syscall 202 ""
Jun 1 22:14:03 idefix /bsd: dig(67838): sysctl 2: 1 13 999298946 0 6777188 0
Jun 1 22:14:04 idefix /bsd: dig(67838): syscall 202 ""
Jun 1 22:16:53 idefix /bsd: dig(10121): sysctl 2: 1 13 991450427 0 6777188 0
Jun 1 22:16:54 idefix /bsd: dig(10121): syscall 202 ""
We're printing 5 mibs while the miblen is only 2, hence we see garbage.
Wouldn't it be better to print only this:
Jun 2 22:53:16 idefix /bsd: a.out(37619): sysctl 2: 1 13
Jun 2 22:53:16 idefix /bsd: a.out(37619): syscall 202 ""
We could tweak it to stop after printing 5 mibs, of course. Printing the
miblen could also be omitted, since it is kind of redundant now.
Index: kern_pledge.c
===================================================================
RCS file: /var/cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.210
diff -u -p -r1.210 kern_pledge.c
--- kern_pledge.c 30 May 2017 15:04:45 -0000 1.210
+++ kern_pledge.c 2 Jun 2017 20:42:21 -0000
@@ -891,6 +891,8 @@ pledge_sendfd(struct proc *p, struct fil
int
pledge_sysctl(struct proc *p, int miblen, int *mib, void *new)
{
+ int i;
+
if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
return (0);
@@ -1053,9 +1055,11 @@ pledge_sysctl(struct proc *p, int miblen
mib[0] == CTL_VM && mib[1] == VM_LOADAVG)
return (0);
- printf("%s(%d): sysctl %d: %d %d %d %d %d %d\n",
- p->p_p->ps_comm, p->p_p->ps_pid, miblen, mib[0], mib[1],
- mib[2], mib[3], mib[4], mib[5]);
+ printf("%s(%d): sysctl %d:", p->p_p->ps_comm, p->p_p->ps_pid, miblen);
+ for (i = 0; i < miblen; i++)
+ printf(" %d", mib[i]);
+ printf("\n");
+
return pledge_fail(p, EINVAL, 0);
}
