Kernel: Introduce "sigaction" pledge

You now have to pledge "sigaction" to change signal handlers/dispositions. This
is to prevent malicious code from messing with assertions (and segmentation
faults), which are normally expected to instantly terminate the process but can
do other things if you change signal disposition for them.

2 files changed, 2 insertions, 1 deletions

diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp
index fa3599dec5..20921c3e2b 100644
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@@ -2711,7 +2711,7 @@ int Process::sys$sigpending(sigset_t* set)
 
 int Process::sys$sigaction(int signum, const sigaction* act, sigaction* old_act)
 {
-    REQUIRE_PROMISE(stdio);
+    REQUIRE_PROMISE(sigaction);
     if (signum < 1 || signum >= 32 || signum == SIGKILL || signum == SIGSTOP)
         return -EINVAL;
     if (!validate_read_typed(act))
diff --git a/Kernel/Process.h b/Kernel/Process.h
index f24789fbdc..fa52440707 100644
--- a/Kernel/Process.h
+++ b/Kernel/Process.h
@@ -72,6 +72,7 @@ extern VirtualAddress g_return_to_ring3_from_signal_trampoline;
     __ENUMERATE_PLEDGE_PROMISE(video)   \
     __ENUMERATE_PLEDGE_PROMISE(accept)  \
     __ENUMERATE_PLEDGE_PROMISE(settime) \
+    __ENUMERATE_PLEDGE_PROMISE(sigaction) \
     __ENUMERATE_PLEDGE_PROMISE(shared_buffer)
 
 enum class Pledge : u32 {