Disallow reading the current kernel stack. Only the user structure and

the current registers should be accessible.
Reviewed by:	David Greenman <dg@root.com>

3 files changed, 38 insertions, 10 deletions

diff --git a/sys/fs/procfs/procfs.h b/sys/fs/procfs/procfs.h
index ada5ef3..9adee8a 100644
--- a/sys/fs/procfs/procfs.h
+++ b/sys/fs/procfs/procfs.h
@@ -37,7 +37,7 @@
  *	@(#)procfs.h	8.9 (Berkeley) 5/14/95
  *
  * From:
- *	$Id: procfs.h,v 1.17 1997/09/07 05:26:16 bde Exp $
+ *	$Id: procfs.h,v 1.18 1997/12/30 08:46:41 bde Exp $
  */
 
 /*
@@ -155,6 +155,9 @@ int procfs_dostatus __P((struct proc *, struct proc *, struct pfsnode *pfsp, str
 int procfs_domap __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio));
 int procfs_dotype __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio));
 
+/* Return 1 if process has special kernel digging privileges */
+int procfs_kmemaccess __P((struct proc *));
+
 /* functions to check whether or not files should be displayed */
 int procfs_validfile __P((struct proc *));
 int procfs_validfpregs __P((struct proc *));
diff --git a/sys/fs/procfs/procfs_mem.c b/sys/fs/procfs/procfs_mem.c
index 5184f47..29c883c 100644
--- a/sys/fs/procfs/procfs_mem.c
+++ b/sys/fs/procfs/procfs_mem.c
@@ -37,7 +37,7 @@
  *
  *	@(#)procfs_mem.c	8.5 (Berkeley) 6/15/94
  *
- *	$Id: procfs_mem.c,v 1.30 1998/02/06 12:13:41 eivind Exp $
+ *	$Id: procfs_mem.c,v 1.31 1998/04/17 22:36:55 des Exp $
  */
 
 /*
@@ -61,11 +61,14 @@
 #include <vm/vm_page.h>
 #include <vm/vm_extern.h>
 #include <sys/user.h>
+#include <sys/ptrace.h>
 
-static int	procfs_rwmem __P((struct proc *p, struct uio *uio));
+static int	procfs_rwmem __P((struct proc *curp,
+				  struct proc *p, struct uio *uio));
 
 static int
-procfs_rwmem(p, uio)
+procfs_rwmem(curp, p, uio)
+	struct proc *curp;
 	struct proc *p;
 	struct uio *uio;
 {
@@ -130,7 +133,12 @@ procfs_rwmem(p, uio)
 		if (uva >= VM_MAXUSER_ADDRESS) {
 			vm_offset_t tkva;
 
-			if (writing || (uva >= (VM_MAXUSER_ADDRESS + UPAGES * PAGE_SIZE))) {
+			if (writing || 
+			    uva >= VM_MAXUSER_ADDRESS + UPAGES * PAGE_SIZE ||
+			    (ptrace_read_u_check(p,
+						 uva - (vm_offset_t) VM_MAXUSER_ADDRESS,
+						 (size_t) len) &&
+			     !procfs_kmemaccess(curp))) {
 				error = 0;
 				break;
 			}
@@ -290,11 +298,11 @@ procfs_domem(curp, p, pfs, uio)
  	 */
  
  	if (!CHECKIO(curp, p) &&
-	    !(curp->p_cred->pc_ucred->cr_gid == KMEM_GROUP &&
-	      uio->uio_rw == UIO_READ))
+	    !(uio->uio_rw == UIO_READ &&
+	      procfs_kmemaccess(curp)))
  		return EPERM;
 
-	return (procfs_rwmem(p, uio));
+	return (procfs_rwmem(curp, p, uio));
 }
 
 /*
@@ -315,3 +323,20 @@ procfs_findtextvp(p)
 
 	return (p->p_textvp);
 }
+
+int procfs_kmemaccess(curp)
+	struct proc *curp;
+{
+	int i;
+	struct ucred *cred;
+
+	cred = curp->p_cred->pc_ucred;
+	if (suser(cred, &curp->p_acflag))
+		return 1;
+	
+	for (i = 0; i < cred->cr_ngroups; i++)
+		if (cred->cr_groups[i] == KMEM_GROUP)
+			return 1;
+	
+	return 0;
+}
diff --git a/sys/fs/procfs/procfs_vnops.c b/sys/fs/procfs/procfs_vnops.c
index 78b6d92..54893ad 100644
--- a/sys/fs/procfs/procfs_vnops.c
+++ b/sys/fs/procfs/procfs_vnops.c
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs_vnops.c	8.18 (Berkeley) 5/21/95
  *
- *	$Id: procfs_vnops.c,v 1.55 1998/02/09 06:09:46 eivind Exp $
+ *	$Id: procfs_vnops.c,v 1.56 1998/03/26 20:52:42 phk Exp $
  */
 
 /*
@@ -142,7 +142,7 @@ procfs_open(ap)
 
 		p1 = ap->a_p;
 		if (!CHECKIO(p1, p2) &&
-		    (p1->p_cred->pc_ucred->cr_gid != KMEM_GROUP))
+		    !procfs_kmemaccess(p1))
 			return (EPERM);
 
 		if (ap->a_mode & FWRITE)