diff options
| author | rwatson <rwatson@FreeBSD.org> | 2001-08-03 17:13:23 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2001-08-03 17:13:23 +0000 |
| commit | 306deb3ae64a7b3bda52edfb1a7f2a7e07bcaf64 (patch) | |
| tree | 1abd51215e71878e79072bda55872ad61797243b /sys/fs/procfs/procfs_mem.c | |
| parent | d1c0c6ac55e9d99774df06abe975b12fa1ee5b84 (diff) | |
| download | FreeBSD-src-306deb3ae64a7b3bda52edfb1a7f2a7e07bcaf64.zip FreeBSD-src-306deb3ae64a7b3bda52edfb1a7f2a7e07bcaf64.tar.gz | |
Prior to support for almost all ps activity via sysctl, ps used procfs,
and so special-casing was introduced to provide extra procfs privilege
to the kmem group. With the advent of non-setgid kmem ps, this code
is no longer required, and in fact, can is potentially harmful as it
allocates privilege to a gid that is increasingly less meaningful.
Knowledge of specific gid's in kernel is also generally bad precedent,
as the kernel security policy doesn't distinguish gid's specifically,
only uid 0.
This commit removes reference to kmem in procfs, both in terms of
access control decisions, and the applying of gid kmem to the
/proc/*/mem file, simplifying the associated code considerably.
Processes are still permitted to access the mem file based on
the debugging policy, so ps -e still works fine for normal
processes and use.
Reviewed by: tmm
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/fs/procfs/procfs_mem.c')
| -rw-r--r-- | sys/fs/procfs/procfs_mem.c | 38 |
1 files changed, 4 insertions, 34 deletions
diff --git a/sys/fs/procfs/procfs_mem.c b/sys/fs/procfs/procfs_mem.c index dcba9b0..29773a0 100644 --- a/sys/fs/procfs/procfs_mem.c +++ b/sys/fs/procfs/procfs_mem.c @@ -247,26 +247,14 @@ procfs_domem(curp, p, pfs, uio) struct pfsnode *pfs; struct uio *uio; { + int error; if (uio->uio_resid == 0) return (0); - /* - * XXX - * We need to check for KMEM_GROUP because ps is sgid kmem; - * not allowing it here causes ps to not work properly. Arguably, - * this is a bug with what ps does. We only need to do this - * for Pmem nodes, and only if it's reading. This is still not - * good, as it may still be possible to grab illicit data if - * a process somehow gets to be KMEM_GROUP. Note that this also - * means that KMEM_GROUP can't change without editing procfs.h! - * All in all, quite yucky. - */ - - if (p_candebug(curp, p) && - !(uio->uio_rw == UIO_READ && - procfs_kmemaccess(curp))) - return EPERM; + error = p_candebug(curp, p); + if (error) + return (error); return (procfs_rwmem(curp, p, uio)); } @@ -303,21 +291,3 @@ procfs_findtextvp(p) return (p->p_textvp); } - -int procfs_kmemaccess(curp) - struct proc *curp; -{ - int i; - struct ucred *cred; - - cred = curp->p_ucred; - if (suser(curp)) - return 1; - - /* XXX: Why isn't this done with file-perms ??? */ - for (i = 0; i < cred->cr_ngroups; i++) - if (cred->cr_groups[i] == KMEM_GROUP) - return 1; - - return 0; -} |
