diff options
author | phk <phk@FreeBSD.org> | 1999-11-21 19:03:20 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 1999-11-21 19:03:20 +0000 |
commit | fd22d5412a1070b4d246fd214adad09041a53661 (patch) | |
tree | 867fad2f774e25520c2cda23aadefcd7ffc0c9a7 /sys/kern | |
parent | 8e826fbb578d38649959b6b64ece53cd8b855cbc (diff) | |
download | FreeBSD-src-fd22d5412a1070b4d246fd214adad09041a53661.zip FreeBSD-src-fd22d5412a1070b4d246fd214adad09041a53661.tar.gz |
Introduce the new function
p_trespass(struct proc *p1, struct proc *p2)
which returns zero or an errno depending on the legality of p1 trespassing
on p2.
Replace kern_sig.c:CANSIGNAL() with call to p_trespass() and one
extra signal related check.
Replace procfs.h:CHECKIO() macros with calls to p_trespass().
Only show command lines to process which can trespass on the target
process.
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_proc.c | 2 | ||||
-rw-r--r-- | sys/kern/kern_prot.c | 25 | ||||
-rw-r--r-- | sys/kern/kern_sig.c | 18 | ||||
-rw-r--r-- | sys/kern/sys_process.c | 3 |
4 files changed, 33 insertions, 15 deletions
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index 124bf02..e0f9ec1 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -633,7 +633,7 @@ sysctl_kern_proc_args SYSCTL_HANDLER_ARGS if (!p) return (0); - if (!PRISON_CHECK(curproc, p)) + if (p_trespass(curproc, p)) return (0); if (req->newptr && curproc != p) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 63d4346..1611cc3 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -793,6 +793,31 @@ suser_xxx(cred, proc, flag) } /* + * Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise. + */ + +int +p_trespass(struct proc *p1, struct proc *p2) +{ + + if (p1 == p2) + return (0); + if (!PRISON_CHECK(p1, p2)) + return (ESRCH); + if (p1->p_cred->p_ruid == p2->p_cred->p_ruid) + return (0); + if (p1->p_ucred->cr_uid == p2->p_cred->p_ruid) + return (0); + if (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) + return (0); + if (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid) + return (0); + if (!suser_xxx(0, p1, PRISON_ROOT)) + return (0); + return (EPERM); +} + +/* * Allocate a zeroed cred structure. */ struct ucred * diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index a7b6499..cf27029 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -88,13 +88,9 @@ SYSCTL_INT(_kern, KERN_LOGSIGEXIT, logsigexit, CTLFLAG_RW, /* * Can process p, with pcred pc, send the signal sig to process q? */ -#define CANSIGNAL(p, pc, q, sig) \ - (PRISON_CHECK(p, q) && ((pc)->pc_ucred->cr_uid == 0 || \ - (pc)->p_ruid == (q)->p_cred->p_ruid || \ - (pc)->pc_ucred->cr_uid == (q)->p_cred->p_ruid || \ - (pc)->p_ruid == (q)->p_ucred->cr_uid || \ - (pc)->pc_ucred->cr_uid == (q)->p_ucred->cr_uid || \ - ((sig) == SIGCONT && (q)->p_session == (p)->p_session))) +#define CANSIGNAL(p, q, sig) \ + (!p_trespass(p, q) || \ + ((sig) == SIGCONT && (q)->p_session == (p)->p_session)) /* * Policy -- Can real uid ruid with ucred uc send a signal to process q? @@ -799,7 +795,6 @@ killpg1(cp, sig, pgid, all) int sig, pgid, all; { register struct proc *p; - register struct pcred *pc = cp->p_cred; struct pgrp *pgrp; int nfound = 0; @@ -809,7 +804,7 @@ killpg1(cp, sig, pgid, all) */ LIST_FOREACH(p, &allproc, p_list) { if (p->p_pid <= 1 || p->p_flag & P_SYSTEM || - p == cp || !CANSIGNAL(cp, pc, p, sig)) + p == cp || !CANSIGNAL(cp, p, sig)) continue; nfound++; if (sig) @@ -829,7 +824,7 @@ killpg1(cp, sig, pgid, all) LIST_FOREACH(p, &pgrp->pg_members, p_pglist) { if (p->p_pid <= 1 || p->p_flag & P_SYSTEM || p->p_stat == SZOMB || - !CANSIGNAL(cp, pc, p, sig)) + !CANSIGNAL(cp, p, sig)) continue; nfound++; if (sig) @@ -852,7 +847,6 @@ kill(cp, uap) register struct kill_args *uap; { register struct proc *p; - register struct pcred *pc = cp->p_cred; if ((u_int)uap->signum > _SIG_MAXSIG) return (EINVAL); @@ -860,7 +854,7 @@ kill(cp, uap) /* kill single process */ if ((p = pfind(uap->pid)) == NULL) return (ESRCH); - if (!CANSIGNAL(cp, pc, p, uap->signum)) + if (!CANSIGNAL(cp, p, uap->signum)) return (EPERM); if (uap->signum) psignal(p, uap->signum); diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 75b72fb..4740476 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -420,8 +420,7 @@ ptrace(curp, uap) return EFAULT; } if (ptrace_read_u_check(p,(vm_offset_t) uap->addr, - sizeof(int)) && - !procfs_kmemaccess(curp)) { + sizeof(int))) { return EFAULT; } error = 0; |