hbsdcontrol_set_feature_state can set invalid states
The hbsdcontrol_set_feature_state
function accepts pax_feature_state_t
as its last argument.
Valid values include -2 (conflict), -1 (sysdef), 0 (disable), and 1 (enable). But it appears that
only 0 (disable) and 1 (enable) are valid values. Other invalid values, like 5, do not return an
error. The problem only becomes obvious when you check /var/log/messages
, and see that an invalid
state has been set.
// invalid
hbsdcontrol_set_feature_state("/bin/ls", "mprotect", -1);
hbsdcontrol_set_feature_state("/bin/ls", "mprotect", -2);
hbsdcontrol_set_feature_state("/bin/ls", "mprotect", 5);