Kernel: Add a way to specify which memory regions can make syscalls

This patch adds sys$msyscall() which is loosely based on an OpenBSD mechanism for preventing syscalls from non-blessed memory regions. It works similarly to pledge and unveil, you can call it as many times as you like, and when you're finished, you call it with a null pointer and it will stop accepting new regions from then on. If a syscall later happens and doesn't originate from one of the previously blessed regions, the kernel will simply crash the process.
author: Andreas Kling <kling@serenityos.org> 2021-02-02 19:56:11 +0100
committer: Andreas Kling <kling@serenityos.org> 2021-02-02 20:13:44 +0100
commit: 823186031d9250217f9a51829d34a96b74113334 (patch)
tree: fc7506c59649a5765d726f538d94f5f886d1e980 /Kernel/Syscalls/fork.cpp
parent: d57b4128a194066a03a3224473463d7756ade3f7 (diff)
download: serenity-823186031d9250217f9a51829d34a96b74113334.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/Kernel/Syscalls/fork.cpp b/Kernel/Syscalls/fork.cpp
index 0f12b412a5..f20859dc5a 100644
--- a/Kernel/Syscalls/fork.cpp
+++ b/Kernel/Syscalls/fork.cpp
@@ -47,6 +47,7 @@ pid_t Process::sys$fork(RegisterState& regs)
     child->m_has_execpromises = m_has_execpromises;
     child->m_veil_state = m_veil_state;
     child->m_unveiled_paths = m_unveiled_paths.deep_copy();
+    child->m_enforces_syscall_regions = m_enforces_syscall_regions;
     child->m_fds = m_fds;
     child->m_sid = m_sid;
     child->m_pg = m_pg;
author	Andreas Kling <kling@serenityos.org>	2021-02-02 19:56:11 +0100
committer	Andreas Kling <kling@serenityos.org>	2021-02-02 20:13:44 +0100
commit	823186031d9250217f9a51829d34a96b74113334 (patch)
tree	fc7506c59649a5765d726f538d94f5f886d1e980 /Kernel/Syscalls/fork.cpp
parent	d57b4128a194066a03a3224473463d7756ade3f7 (diff)
download	serenity-823186031d9250217f9a51829d34a96b74113334.zip