1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-27 08:00:11 +00:00
freebsd/sys/netinet/in_prot.c
Olivier Certner 5817169bc4 Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible()
As implemented, this security policy would only prevent seeing processes
in sub-jails, but would not prevent sending signals to, changing
priority of or debugging processes in these, enabling attacks where
unprivileged users could tamper with random processes in sub-jails in
particular circumstances (conflated UIDs) despite the policy being
enforced.

PR:                     272092
Reviewed by:            mhorne
MFC after:              2 weeks
Sponsored by:           Kumacom SAS
Differential Revision:  https://reviews.freebsd.org/D40628
2023-09-28 11:59:08 -03:00

75 lines
2.3 KiB
C

/*-
* Copyright (c) 2000-2001 Robert N. M. Watson.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
/*
* System calls related to processes and protection
*/
#include <sys/cdefs.h>
#include "opt_inet.h"
#include "opt_inet6.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/proc.h>
#include <sys/socket.h>
#include <sys/jail.h>
#include <netinet/in.h>
#include <netinet/in_pcb.h>
#include <netinet/in_systm.h>
#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>
/*-
* Determine whether the subject represented by cred can "see" a socket.
* Returns: 0 for permitted, ENOENT otherwise.
*/
int
cr_canseeinpcb(struct ucred *cred, struct inpcb *inp)
{
int error;
error = prison_check(cred, inp->inp_cred);
if (error)
return (ENOENT);
#ifdef MAC
INP_LOCK_ASSERT(inp);
error = mac_inpcb_check_visible(cred, inp);
if (error)
return (error);
#endif
if (cr_bsd_visible(cred, inp->inp_cred))
return (ENOENT);
return (0);
}