diff options
-rw-r--r-- | sys/compat/linprocfs/linprocfs.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_ctl.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_dbregs.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_fpregs.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_mem.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_regs.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_status.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_vnops.c | 18 | ||||
-rw-r--r-- | sys/kern/kern_event.c | 2 | ||||
-rw-r--r-- | sys/kern/kern_ktrace.c | 22 | ||||
-rw-r--r-- | sys/kern/kern_proc.c | 8 | ||||
-rw-r--r-- | sys/kern/kern_prot.c | 63 | ||||
-rw-r--r-- | sys/kern/kern_resource.c | 18 | ||||
-rw-r--r-- | sys/kern/p1003_1b.c | 10 | ||||
-rw-r--r-- | sys/kern/sys_process.c | 4 | ||||
-rw-r--r-- | sys/posix4/p1003_1b.c | 10 | ||||
-rw-r--r-- | sys/sys/proc.h | 5 |
17 files changed, 63 insertions, 111 deletions
diff --git a/sys/compat/linprocfs/linprocfs.c b/sys/compat/linprocfs/linprocfs.c index f8e76e7..f41d536 100644 --- a/sys/compat/linprocfs/linprocfs.c +++ b/sys/compat/linprocfs/linprocfs.c @@ -604,7 +604,7 @@ linprocfs_doproccmdline(PFS_FILL_ARGS) * Linux behaviour is to return zero-length in this case. */ - if (p->p_args && (ps_argsopen || !p_can(curp, p, P_CAN_SEE, NULL))) { + if (p->p_args && (ps_argsopen || !p_cansee(curp, p))) { sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length); } else if (p != curp) { sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm); diff --git a/sys/fs/procfs/procfs_ctl.c b/sys/fs/procfs/procfs_ctl.c index a507349..30b61f2 100644 --- a/sys/fs/procfs/procfs_ctl.c +++ b/sys/fs/procfs/procfs_ctl.c @@ -119,7 +119,7 @@ procfs_control(curp, p, op) * debug. */ if (op != PROCFS_CTL_DETACH && - ((error = p_can(curp, p, P_CAN_DEBUG, NULL)))) + ((error = p_candebug(curp, p)))) return (error); /* diff --git a/sys/fs/procfs/procfs_dbregs.c b/sys/fs/procfs/procfs_dbregs.c index cd64a34..d61b8c9 100644 --- a/sys/fs/procfs/procfs_dbregs.c +++ b/sys/fs/procfs/procfs_dbregs.c @@ -68,7 +68,7 @@ procfs_dodbregs(curp, p, pfs, uio) char *kv; int kl; - if (p_can(curp, p, P_CAN_DEBUG, NULL)) + if (p_candebug(curp, p)) return (EPERM); kl = sizeof(r); kv = (char *) &r; diff --git a/sys/fs/procfs/procfs_fpregs.c b/sys/fs/procfs/procfs_fpregs.c index c71e444..9b6cd3a 100644 --- a/sys/fs/procfs/procfs_fpregs.c +++ b/sys/fs/procfs/procfs_fpregs.c @@ -65,7 +65,7 @@ procfs_dofpregs(curp, p, pfs, uio) char *kv; int kl; - if (p_can(curp, p, P_CAN_DEBUG, NULL)) + if (p_candebug(curp, p)) return EPERM; kl = sizeof(r); kv = (char *) &r; diff --git a/sys/fs/procfs/procfs_mem.c b/sys/fs/procfs/procfs_mem.c index e109146..dcba9b0 100644 --- a/sys/fs/procfs/procfs_mem.c +++ b/sys/fs/procfs/procfs_mem.c @@ -263,7 +263,7 @@ procfs_domem(curp, p, pfs, uio) * All in all, quite yucky. */ - if (p_can(curp, p, P_CAN_DEBUG, NULL) && + if (p_candebug(curp, p) && !(uio->uio_rw == UIO_READ && procfs_kmemaccess(curp))) return EPERM; diff --git a/sys/fs/procfs/procfs_regs.c b/sys/fs/procfs/procfs_regs.c index c7eeb1c..6a00ecd 100644 --- a/sys/fs/procfs/procfs_regs.c +++ b/sys/fs/procfs/procfs_regs.c @@ -66,7 +66,7 @@ procfs_doregs(curp, p, pfs, uio) char *kv; int kl; - if (p_can(curp, p, P_CAN_DEBUG, NULL)) + if (p_candebug(curp, p)) return EPERM; kl = sizeof(r); kv = (char *) &r; diff --git a/sys/fs/procfs/procfs_status.c b/sys/fs/procfs/procfs_status.c index 0f57e49..3a2a814 100644 --- a/sys/fs/procfs/procfs_status.c +++ b/sys/fs/procfs/procfs_status.c @@ -219,7 +219,7 @@ procfs_docmdline(curp, p, pfs, uio) * Linux behaviour is to return zero-length in this case. */ - if (p->p_args && (ps_argsopen || !p_can(curp, p, P_CAN_SEE, NULL))) { + if (p->p_args && (ps_argsopen || !p_cansee(curp, p))) { bp = p->p_args->ar_args; buflen = p->p_args->ar_length; buf = 0; diff --git a/sys/fs/procfs/procfs_vnops.c b/sys/fs/procfs/procfs_vnops.c index 4ca89ac..bc280c78 100644 --- a/sys/fs/procfs/procfs_vnops.c +++ b/sys/fs/procfs/procfs_vnops.c @@ -143,7 +143,7 @@ procfs_open(ap) p2 = PFIND(pfs->pfs_pid); if (p2 == NULL) return (ENOENT); - if (pfs->pfs_pid && p_can(ap->a_p, p2, P_CAN_SEE, NULL)) { + if (pfs->pfs_pid && p_cansee(ap->a_p, p2)) { error = ENOENT; goto out; } @@ -157,7 +157,7 @@ procfs_open(ap) } p1 = ap->a_p; - if (p_can(p1, p2, P_CAN_DEBUG, NULL) && + if (p_candebug(p1, p2) && !procfs_kmemaccess(p1)) { error = EPERM; } @@ -242,7 +242,7 @@ procfs_ioctl(ap) return ENOTTY; } - if ((error = p_can(p, procp, P_CAN_DEBUG, NULL))) { + if ((error = p_candebug(p, procp))) { PROC_UNLOCK(procp); return (error == ESRCH ? ENOENT : error); } @@ -408,7 +408,7 @@ procfs_getattr(ap) return (ENOENT); } - if (p_can(ap->a_p, procp, P_CAN_SEE, NULL)) { + if (p_cansee(ap->a_p, procp)) { PROC_UNLOCK(procp); return (ENOENT); } @@ -625,7 +625,7 @@ procfs_access(ap) procp = PFIND(pfs->pfs_pid); if (procp == NULL) return (ENOENT); - if (p_can(ap->a_p, procp, P_CAN_SEE, NULL)) { + if (p_cansee(ap->a_p, procp)) { PROC_UNLOCK(procp); return (ENOENT); } @@ -699,7 +699,7 @@ procfs_lookup(ap) if (p == NULL) break; - if (p_can(curp, p, P_CAN_SEE, NULL)) { + if (p_cansee(curp, p)) { PROC_UNLOCK(p); break; } @@ -800,7 +800,7 @@ procfs_readdir(ap) p = PFIND(pfs->pfs_pid); if (p == NULL) break; - if (p_can(curproc, p, P_CAN_SEE, NULL)) { + if (p_cansee(curproc, p)) { PROC_UNLOCK(p); break; } @@ -868,11 +868,11 @@ procfs_readdir(ap) p = LIST_NEXT(p, p_list); if (p == NULL) goto done; - if (p_can(curproc, p, P_CAN_SEE, NULL)) + if (p_cansee(curproc, p)) continue; pcnt++; } - while (p_can(curproc, p, P_CAN_SEE, NULL)) { + while (p_cansee(curproc, p)) { p = LIST_NEXT(p, p_list); if (p == NULL) goto done; diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index d4d588e..4f8b61b 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -172,7 +172,7 @@ filt_procattach(struct knote *kn) p = pfind(kn->kn_id); if (p == NULL) return (ESRCH); - if ((error = p_can(curproc, p, P_CAN_SEE, NULL))) { + if ((error = p_cansee(curproc, p))) { PROC_UNLOCK(p); return (error); } diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 15b51c8..a37ad22 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -521,30 +521,20 @@ ktrwrite(vp, kth, uio) * more permissions than the caller. KTRFAC_ROOT signifies that * root previously set the tracing status on the target process, and * so, only root may further change it. - * - * XXX: These checks are stronger than for ptrace() - * XXX: This check should be p_can(... P_CAN_DEBUG ...); - * - * TODO: check groups. use caller effective gid. */ static int ktrcanset(callp, targetp) struct proc *callp, *targetp; { - struct ucred *callcr = callp->p_ucred; - struct ucred *targetcr = targetp->p_ucred; - if (prison_check(callcr, targetcr)) + if (targetp->p_traceflag & KTRFAC_ROOT && + suser_xxx(NULL, callp, PRISON_ROOT)) return (0); - if ((callcr->cr_uid == targetcr->cr_ruid && - targetcr->cr_ruid == targetcr->cr_svuid && - callcr->cr_rgid == targetcr->cr_rgid && /* XXX */ - targetcr->cr_rgid == targetcr->cr_svgid && - (targetp->p_traceflag & KTRFAC_ROOT) == 0) || - !suser_xxx(callcr, NULL, PRISON_ROOT)) - return (1); - return (0); + if (p_candebug(callp, targetp) != 0) + return (0); + + return (1); } #endif /* KTRACE */ diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index 883e2fa..50f3446 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -585,7 +585,7 @@ sysctl_kern_proc(SYSCTL_HANDLER_ARGS) p = pfind((pid_t)name[0]); if (!p) return (0); - if (p_can(curproc, p, P_CAN_SEE, NULL)) { + if (p_cansee(curproc, p)) { PROC_UNLOCK(p); return (0); } @@ -616,7 +616,7 @@ sysctl_kern_proc(SYSCTL_HANDLER_ARGS) /* * Show a user only appropriate processes. */ - if (p_can(curproc, p, P_CAN_SEE, NULL)) + if (p_cansee(curproc, p)) continue; /* * Skip embryonic processes. @@ -658,7 +658,7 @@ sysctl_kern_proc(SYSCTL_HANDLER_ARGS) break; } - if (p_can(curproc, p, P_CAN_SEE, NULL)) + if (p_cansee(curproc, p)) continue; error = sysctl_out_proc(p, req, doingzomb); @@ -694,7 +694,7 @@ sysctl_kern_proc_args(SYSCTL_HANDLER_ARGS) if (!p) return (0); - if ((!ps_argsopen) && p_can(curproc, p, P_CAN_SEE, NULL)) { + if ((!ps_argsopen) && p_cansee(curproc, p)) { PROC_UNLOCK(p); return (0); } diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index ceb8f5a..1c6ce77 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -151,7 +151,7 @@ getpgid(p, uap) else { if ((pt = pfind(uap->pid)) == NULL) return ESRCH; - if ((error = p_can(p, pt, P_CAN_SEE, NULL))) { + if ((error = p_cansee(p, pt))) { PROC_UNLOCK(pt); return (error); } @@ -183,7 +183,7 @@ getsid(p, uap) else { if ((pt = pfind(uap->pid)) == NULL) return ESRCH; - if ((error = p_can(p, pt, P_CAN_SEE, NULL))) { + if ((error = p_cansee(p, pt))) { PROC_UNLOCK(pt); return (error); } @@ -370,7 +370,7 @@ setpgid(curp, uap) PROC_UNLOCK(targp); return (ESRCH); } - if ((error = p_can(curproc, targp, P_CAN_SEE, NULL))) { + if ((error = p_cansee(curproc, targp))) { PROC_UNLOCK(targp); return (error); } @@ -1086,13 +1086,10 @@ u_cansee(struct ucred *u1, struct ucred *u2) return (0); } -static int -p_cansee(struct proc *p1, struct proc *p2, int *privused) +int +p_cansee(struct proc *p1, struct proc *p2) { - /* XXX: privused is going away, so don't do that here. */ - if (privused != NULL) - *privused = 0; /* Wrap u_cansee() for all functionality. */ return (u_cansee(p1->p_ucred, p2->p_ucred)); } @@ -1167,14 +1164,11 @@ p_cansignal(struct proc *p1, struct proc *p2, int signum) return (0); } -static int -p_cansched(struct proc *p1, struct proc *p2, int *privused) +int +p_cansched(struct proc *p1, struct proc *p2) { int error; - if (privused != NULL) - *privused = 0; - if (p1 == p2) return (0); @@ -1186,31 +1180,22 @@ p_cansched(struct proc *p1, struct proc *p2, int *privused) if (p1->p_ucred->cr_uid == p2->p_ucred->cr_ruid) return (0); - if (!suser_xxx(0, p1, PRISON_ROOT)) { - if (privused != NULL) - *privused = 1; + if (!suser_xxx(0, p1, PRISON_ROOT)) return (0); - } #ifdef CAPABILITIES - if (!cap_check_xxx(0, p1, CAP_SYS_NICE, PRISON_ROOT)) { - if (privused != NULL) - *privused = 1; + if (!cap_check_xxx(0, p1, CAP_SYS_NICE, PRISON_ROOT)) return (0); - } #endif return (EPERM); } -static int -p_candebug(struct proc *p1, struct proc *p2, int *privused) +int +p_candebug(struct proc *p1, struct proc *p2) { int error; - if (privused != NULL) - *privused = 0; - if (p1 == p2) return (0); @@ -1222,12 +1207,9 @@ p_candebug(struct proc *p1, struct proc *p2, int *privused) if (p1->p_ucred->cr_uid != p2->p_ucred->cr_uid || p1->p_ucred->cr_uid != p2->p_ucred->cr_svuid || p1->p_ucred->cr_uid != p2->p_ucred->cr_ruid || - p2->p_flag & P_SUGID) { + p2->p_flag & P_SUGID) if ((error = suser_xxx(0, p1, PRISON_ROOT))) return (error); - if (privused != NULL) - *privused = 1; - } /* can't trace init when securelevel > 0 */ if (securelevel > 0 && p2->p_pid == 1) @@ -1236,27 +1218,6 @@ p_candebug(struct proc *p1, struct proc *p2, int *privused) return (0); } -int -p_can(struct proc *p1, struct proc *p2, int operation, - int *privused) -{ - - switch(operation) { - case P_CAN_SEE: - return (p_cansee(p1, p2, privused)); - - case P_CAN_SCHED: - return (p_cansched(p1, p2, privused)); - - case P_CAN_DEBUG: - return (p_candebug(p1, p2, privused)); - - default: - panic("p_can: invalid operation"); - } -} - - /* * Allocate a zeroed cred structure. */ diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index f7503db..6e9ee85 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -99,7 +99,7 @@ getpriority(curp, uap) p = pfind(uap->who); if (p == NULL) break; - if (p_can(curp, p, P_CAN_SEE, NULL) == 0) + if (p_cansee(curp, p) == 0) low = p->p_nice; PROC_UNLOCK(p); } @@ -113,7 +113,7 @@ getpriority(curp, uap) else if ((pg = pgfind(uap->who)) == NULL) break; LIST_FOREACH(p, &pg->pg_members, p_pglist) { - if (!p_can(curp, p, P_CAN_SEE, NULL) && p->p_nice < low) + if (!p_cansee(curp, p) && p->p_nice < low) low = p->p_nice; } break; @@ -124,7 +124,7 @@ getpriority(curp, uap) uap->who = curp->p_ucred->cr_uid; sx_slock(&allproc_lock); LIST_FOREACH(p, &allproc, p_list) - if (!p_can(curp, p, P_CAN_SEE, NULL) && + if (!p_cansee(curp, p) && p->p_ucred->cr_uid == uap->who && p->p_nice < low) low = p->p_nice; @@ -165,7 +165,7 @@ setpriority(curp, uap) p = pfind(uap->who); if (p == 0) break; - if (p_can(curp, p, P_CAN_SEE, NULL) == 0) + if (p_cansee(curp, p) == 0) error = donice(curp, p, uap->prio); PROC_UNLOCK(p); } @@ -180,7 +180,7 @@ setpriority(curp, uap) else if ((pg = pgfind(uap->who)) == NULL) break; LIST_FOREACH(p, &pg->pg_members, p_pglist) { - if (!p_can(curp, p, P_CAN_SEE, NULL)) { + if (!p_cansee(curp, p)) { error = donice(curp, p, uap->prio); found++; } @@ -194,7 +194,7 @@ setpriority(curp, uap) sx_slock(&allproc_lock); LIST_FOREACH(p, &allproc, p_list) if (p->p_ucred->cr_uid == uap->who && - !p_can(curp, p, P_CAN_SEE, NULL)) { + !p_cansee(curp, p)) { error = donice(curp, p, uap->prio); found++; } @@ -216,7 +216,7 @@ donice(curp, chgp, n) { int error; - if ((error = p_can(curp, chgp, P_CAN_SCHED, NULL))) + if ((error = p_cansched(curp, chgp))) return (error); if (n > PRIO_MAX) n = PRIO_MAX; @@ -263,13 +263,13 @@ rtprio(curp, uap) switch (uap->function) { case RTP_LOOKUP: - if ((error = p_can(curp, p, P_CAN_SEE, NULL))) + if ((error = p_cansee(curp, p))) break; pri_to_rtp(&p->p_pri, &rtp); error = copyout(&rtp, uap->rtp, sizeof(struct rtprio)); break; case RTP_SET: - if ((error = p_can(curp, p, P_CAN_SCHED, NULL)) || + if ((error = p_cansched(curp, p)) || (error = copyin(uap->rtp, &rtp, sizeof(struct rtprio)))) break; /* disallow setting rtprio in most cases if not superuser */ diff --git a/sys/kern/p1003_1b.c b/sys/kern/p1003_1b.c index 5b9bee0..1c356e3 100644 --- a/sys/kern/p1003_1b.c +++ b/sys/kern/p1003_1b.c @@ -122,7 +122,7 @@ int sched_setparam(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SCHED, NULL); + e = p_cansched(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -148,7 +148,7 @@ int sched_getparam(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SEE, NULL); + e = p_cansee(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -180,7 +180,7 @@ int sched_setscheduler(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SCHED, NULL); + e = p_cansched(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -205,7 +205,7 @@ int sched_getscheduler(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SEE, NULL); + e = p_cansee(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -246,7 +246,7 @@ int sched_rr_get_interval(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SEE, NULL); + e = p_cansee(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 799608d..66d7e67 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -220,7 +220,7 @@ ptrace(curp, uap) if ((p = pfind(uap->pid)) == NULL) return ESRCH; } - if (p_can(curp, p, P_CAN_SEE, NULL)) { + if (p_cansee(curp, p)) { PROC_UNLOCK(p); return (ESRCH); } @@ -246,7 +246,7 @@ ptrace(curp, uap) return EBUSY; } - if ((error = p_can(curp, p, P_CAN_DEBUG, NULL))) { + if ((error = p_candebug(curp, p))) { PROC_UNLOCK(p); return error; } diff --git a/sys/posix4/p1003_1b.c b/sys/posix4/p1003_1b.c index 5b9bee0..1c356e3 100644 --- a/sys/posix4/p1003_1b.c +++ b/sys/posix4/p1003_1b.c @@ -122,7 +122,7 @@ int sched_setparam(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SCHED, NULL); + e = p_cansched(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -148,7 +148,7 @@ int sched_getparam(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SEE, NULL); + e = p_cansee(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -180,7 +180,7 @@ int sched_setscheduler(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SCHED, NULL); + e = p_cansched(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -205,7 +205,7 @@ int sched_getscheduler(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SEE, NULL); + e = p_cansee(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -246,7 +246,7 @@ int sched_rr_get_interval(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SEE, NULL); + e = p_cansee(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); diff --git a/sys/sys/proc.h b/sys/sys/proc.h index 277fbee..35b5ea4 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -518,8 +518,9 @@ void fork_return __P((struct proc *, struct trapframe *)); int inferior __P((struct proc *p)); int leavepgrp __P((struct proc *p)); void mi_switch __P((void)); -int p_can __P((struct proc *p1, struct proc *p2, int operation, - int *privused)); +int p_candebug __P((struct proc *p1, struct proc *p2)); +int p_cansee __P((struct proc *p1, struct proc *p2)); +int p_cansched __P((struct proc *p1, struct proc *p2)); int p_cansignal __P((struct proc *p1, struct proc *p2, int signum)); int p_trespass __P((struct proc *p1, struct proc *p2)); void procinit __P((void)); |