talexander
/
freebsd_amp_hwpstate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduce the new function 

p_trespass(struct proc *p1, struct proc *p2)
which returns zero or an errno depending on the legality of p1 trespassing
on p2.

Replace kern_sig.c:CANSIGNAL() with call to p_trespass() and one
extra signal related check.

Replace procfs.h:CHECKIO() macros with calls to p_trespass().

Only show command lines to process which can trespass on the target
process.
This commit is contained in:
Poul-Henning Kamp 1999-11-21 19:03:20 +00:00
parent 7183c3f848
commit a9e0361b4a
19 changed files with 48 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sys/fs/procfs/procfs.h
View File

@ -90,19 +90,6 @@ struct pfsnode {
#define KMEM_GROUP 2
/*
* Check to see whether access to target process is allowed
* Evaluates to 1 if access is allowed.
*/
#define CHECKIO(p1, p2) \
((p1) == (p2) || \
(PRISON_CHECK(p1, p2) && \
((((p1)->p_ucred->cr_uid == (p2)->p_cred->p_ruid) && \
((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \
((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \
((p2)->p_flag & P_SUGID) == 0) || \
(suser_xxx(0, (p1), PRISON_ROOT) == 0))))
#define PROCFS_FILENO(pid, type) \
(((type) < Pproc) ? \
((type) + 2) : \

2
sys/fs/procfs/procfs_dbregs.c
View File

@ -63,7 +63,7 @@ procfs_dodbregs(curp, p, pfs, uio)
char *kv;
int kl;
if (!CHECKIO(curp, p))
if (p_trespass(curp, p))
return (EPERM);
kl = sizeof(r);
kv = (char *) &r;

2
sys/fs/procfs/procfs_fpregs.c
View File

@ -60,7 +60,7 @@ procfs_dofpregs(curp, p, pfs, uio)
char *kv;
int kl;
if (!CHECKIO(curp, p))
if (p_trespass(curp, p))
return EPERM;
kl = sizeof(r);
kv = (char *) &r;

2
sys/fs/procfs/procfs_mem.c
View File

@ -296,7 +296,7 @@ procfs_domem(curp, p, pfs, uio)
* All in all, quite yucky.
*/
if (!CHECKIO(curp, p) &&
if (p_trespass(curp, p) &&
!(uio->uio_rw == UIO_READ &&
procfs_kmemaccess(curp)))
return EPERM;

2
sys/fs/procfs/procfs_regs.c
View File

@ -60,7 +60,7 @@ procfs_doregs(curp, p, pfs, uio)
char *kv;
int kl;
if (!CHECKIO(curp, p))
if (p_trespass(curp, p))
return EPERM;
kl = sizeof(r);
kv = (char *) &r;

2
sys/fs/procfs/procfs_status.c
View File

@ -183,7 +183,7 @@ procfs_docmdline(curp, p, pfs, uio)
* Linux behaviour is to return zero-length in this case.
*/
if (p->p_args) {
if (p->p_args && !p_trespass(curp, p)) {
bp = p->p_args->ar_args;
buflen = p->p_args->ar_length;
buf = 0;

4
sys/fs/procfs/procfs_vnops.c
View File

@ -146,7 +146,7 @@ procfs_open(ap)
return (EBUSY);
p1 = ap->a_p;
if (!CHECKIO(p1, p2) &&
if (p_trespass(p1, p2) &&
!procfs_kmemaccess(p1))
return (EPERM);
@ -238,7 +238,7 @@ procfs_ioctl(ap)
return ENOTTY;
}
if (!CHECKIO(p, procp))
if (p_trespass(p, procp))
return EPERM;
switch (ap->a_command) {

2
sys/kern/kern_proc.c
View File

@ -633,7 +633,7 @@ sysctl_kern_proc_args SYSCTL_HANDLER_ARGS
if (!p)
return (0);
if (!PRISON_CHECK(curproc, p))
if (p_trespass(curproc, p))
return (0);
if (req->newptr && curproc != p)

25
sys/kern/kern_prot.c
View File

@ -792,6 +792,31 @@ suser_xxx(cred, proc, flag)
return (0);
}
/*
* Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise.
*/
int
p_trespass(struct proc *p1, struct proc *p2)
{
if (p1 == p2)
return (0);
if (!PRISON_CHECK(p1, p2))
return (ESRCH);
if (p1->p_cred->p_ruid == p2->p_cred->p_ruid)
return (0);
if (p1->p_ucred->cr_uid == p2->p_cred->p_ruid)
return (0);
if (p1->p_cred->p_ruid == p2->p_ucred->cr_uid)
return (0);
if (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid)
return (0);
if (!suser_xxx(0, p1, PRISON_ROOT))
return (0);
return (EPERM);
}
/*
* Allocate a zeroed cred structure.
*/

18
sys/kern/kern_sig.c
View File

@ -88,13 +88,9 @@ SYSCTL_INT(_kern, KERN_LOGSIGEXIT, logsigexit, CTLFLAG_RW,
/*
* Can process p, with pcred pc, send the signal sig to process q?
*/
#define CANSIGNAL(p, pc, q, sig) \
(PRISON_CHECK(p, q) && ((pc)->pc_ucred->cr_uid == 0 || \
(pc)->p_ruid == (q)->p_cred->p_ruid || \
(pc)->pc_ucred->cr_uid == (q)->p_cred->p_ruid || \
(pc)->p_ruid == (q)->p_ucred->cr_uid || \
(pc)->pc_ucred->cr_uid == (q)->p_ucred->cr_uid || \
((sig) == SIGCONT && (q)->p_session == (p)->p_session)))
#define CANSIGNAL(p, q, sig) \
(!p_trespass(p, q) || \
((sig) == SIGCONT && (q)->p_session == (p)->p_session))
/*
* Policy -- Can real uid ruid with ucred uc send a signal to process q?
@ -799,7 +795,6 @@ killpg1(cp, sig, pgid, all)
int sig, pgid, all;
{
register struct proc *p;
register struct pcred *pc = cp->p_cred;
struct pgrp *pgrp;
int nfound = 0;
@ -809,7 +804,7 @@ killpg1(cp, sig, pgid, all)
*/
LIST_FOREACH(p, &allproc, p_list) {
if (p->p_pid <= 1 || p->p_flag & P_SYSTEM ||
p == cp || !CANSIGNAL(cp, pc, p, sig))
p == cp || !CANSIGNAL(cp, p, sig))
continue;
nfound++;
if (sig)
@ -829,7 +824,7 @@ killpg1(cp, sig, pgid, all)
LIST_FOREACH(p, &pgrp->pg_members, p_pglist) {
if (p->p_pid <= 1 || p->p_flag & P_SYSTEM ||
p->p_stat == SZOMB ||
!CANSIGNAL(cp, pc, p, sig))
!CANSIGNAL(cp, p, sig))
continue;
nfound++;
if (sig)
@ -852,7 +847,6 @@ kill(cp, uap)
register struct kill_args *uap;
{
register struct proc *p;
register struct pcred *pc = cp->p_cred;
if ((u_int)uap->signum > _SIG_MAXSIG)
return (EINVAL);
@ -860,7 +854,7 @@ kill(cp, uap)
/* kill single process */
if ((p = pfind(uap->pid)) == NULL)
return (ESRCH);
if (!CANSIGNAL(cp, pc, p, uap->signum))
if (!CANSIGNAL(cp, p, uap->signum))
return (EPERM);
if (uap->signum)
psignal(p, uap->signum);

3
sys/kern/sys_process.c
View File

@ -420,8 +420,7 @@ ptrace(curp, uap)
return EFAULT;
}
if (ptrace_read_u_check(p,(vm_offset_t) uap->addr,
sizeof(int)) &&
!procfs_kmemaccess(curp)) {
sizeof(int))) {
return EFAULT;
}
error = 0;

13
sys/miscfs/procfs/procfs.h
View File

@ -90,19 +90,6 @@ struct pfsnode {
#define KMEM_GROUP 2
/*
* Check to see whether access to target process is allowed
* Evaluates to 1 if access is allowed.
*/
#define CHECKIO(p1, p2) \
((p1) == (p2) || \
(PRISON_CHECK(p1, p2) && \
((((p1)->p_ucred->cr_uid == (p2)->p_cred->p_ruid) && \
((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \
((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \
((p2)->p_flag & P_SUGID) == 0) || \
(suser_xxx(0, (p1), PRISON_ROOT) == 0))))
#define PROCFS_FILENO(pid, type) \
(((type) < Pproc) ? \
((type) + 2) : \

2
sys/miscfs/procfs/procfs_dbregs.c
View File

@ -63,7 +63,7 @@ procfs_dodbregs(curp, p, pfs, uio)
char *kv;
int kl;
if (!CHECKIO(curp, p))
if (p_trespass(curp, p))
return (EPERM);
kl = sizeof(r);
kv = (char *) &r;

2
sys/miscfs/procfs/procfs_fpregs.c
View File

@ -60,7 +60,7 @@ procfs_dofpregs(curp, p, pfs, uio)
char *kv;
int kl;
if (!CHECKIO(curp, p))
if (p_trespass(curp, p))
return EPERM;
kl = sizeof(r);
kv = (char *) &r;

2
sys/miscfs/procfs/procfs_mem.c
View File

@ -296,7 +296,7 @@ procfs_domem(curp, p, pfs, uio)
* All in all, quite yucky.
*/
if (!CHECKIO(curp, p) &&
if (p_trespass(curp, p) &&
!(uio->uio_rw == UIO_READ &&
procfs_kmemaccess(curp)))
return EPERM;

2
sys/miscfs/procfs/procfs_regs.c
View File

@ -60,7 +60,7 @@ procfs_doregs(curp, p, pfs, uio)
char *kv;
int kl;
if (!CHECKIO(curp, p))
if (p_trespass(curp, p))
return EPERM;
kl = sizeof(r);
kv = (char *) &r;

2
sys/miscfs/procfs/procfs_status.c
View File

@ -183,7 +183,7 @@ procfs_docmdline(curp, p, pfs, uio)
* Linux behaviour is to return zero-length in this case.
*/
if (p->p_args) {
if (p->p_args && !p_trespass(curp, p)) {
bp = p->p_args->ar_args;
buflen = p->p_args->ar_length;
buf = 0;

4
sys/miscfs/procfs/procfs_vnops.c
View File

@ -146,7 +146,7 @@ procfs_open(ap)
return (EBUSY);
p1 = ap->a_p;
if (!CHECKIO(p1, p2) &&
if (p_trespass(p1, p2) &&
!procfs_kmemaccess(p1))
return (EPERM);
@ -238,7 +238,7 @@ procfs_ioctl(ap)
return ENOTTY;
}
if (!CHECKIO(p, procp))
if (p_trespass(p, procp))
return EPERM;
switch (ap->a_command) {

1
sys/sys/proc.h
View File

@ -399,6 +399,7 @@ int inferior __P((struct proc *p));
int leavepgrp __P((struct proc *p));
void mi_switch __P((void));
void procinit __P((void));
int p_trespass __P((struct proc *p1, struct proc *p2));
void resetpriority __P((struct proc *));
int roundrobin_interval __P((void));
void setrunnable __P((struct proc *));