1*c0a6b811Santon /* $OpenBSD: syscallwx.c,v 1.2 2023/01/09 11:50:01 anton Exp $ */
28566a01bSbluhm /*
38566a01bSbluhm * Copyright (c) 2018 Todd Mortimer <mortimer@openbsd.org>
48566a01bSbluhm * Copyright (c) 2019 Alexander Bluhm <bluhm@openbsd.org>
58566a01bSbluhm *
68566a01bSbluhm * Permission to use, copy, modify, and distribute this software for any
78566a01bSbluhm * purpose with or without fee is hereby granted, provided that the above
88566a01bSbluhm * copyright notice and this permission notice appear in all copies.
98566a01bSbluhm *
108566a01bSbluhm * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
118566a01bSbluhm * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
128566a01bSbluhm * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
138566a01bSbluhm * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
148566a01bSbluhm * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
158566a01bSbluhm * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
168566a01bSbluhm * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
178566a01bSbluhm */
188566a01bSbluhm
198566a01bSbluhm #include <sys/mman.h>
208566a01bSbluhm
218566a01bSbluhm #include <err.h>
228566a01bSbluhm #include <signal.h>
23*c0a6b811Santon #include <string.h>
248566a01bSbluhm #include <unistd.h>
258566a01bSbluhm
26*c0a6b811Santon extern void gadget_getpid(void);
27*c0a6b811Santon static void handler(int);
288566a01bSbluhm
298566a01bSbluhm int
main(int argc,char * argv[])308566a01bSbluhm main(int argc, char *argv[])
318566a01bSbluhm {
32*c0a6b811Santon union {
33*c0a6b811Santon void *p;
34*c0a6b811Santon void (*gadget)(void);
35*c0a6b811Santon } addr;
36*c0a6b811Santon int psz = getpagesize();
378566a01bSbluhm
388566a01bSbluhm if (signal(SIGSEGV, handler) == SIG_ERR)
398566a01bSbluhm err(1, "signal");
40*c0a6b811Santon
41*c0a6b811Santon addr.p = mmap(NULL, psz, PROT_READ | PROT_WRITE | PROT_EXEC,
42*c0a6b811Santon MAP_PRIVATE | MAP_ANON, -1, 0);
43*c0a6b811Santon if (addr.p == NULL)
44*c0a6b811Santon err(1, "mmap");
45*c0a6b811Santon memcpy(addr.p, gadget_getpid, psz);
46*c0a6b811Santon addr.gadget();
478566a01bSbluhm return 3;
488566a01bSbluhm }
498566a01bSbluhm
50*c0a6b811Santon static void
handler(int signum)518566a01bSbluhm handler(int signum)
528566a01bSbluhm {
538566a01bSbluhm _exit(0);
548566a01bSbluhm }
55