https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262186
Bug ID: 262186
Summary: cpu_procctl() should check target process debug
permission for some commands?
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
kern_procctl() generally checks it for commands that change something, but when
it passes the command to cpu_procctl() there's no check.
diff --git a/sys/amd64/amd64/vm_machdep.c b/sys/amd64/amd64/vm_machdep.c
index 232e53c63952..8a336ad70fcb 100644
--- a/sys/amd64/amd64/vm_machdep.c
+++ b/sys/amd64/amd64/vm_machdep.c
@@ -490,6 +490,7 @@ cpu_procctl(struct thread *td, int idtype, id_t id, int
com, void *data)
{
struct proc *p;
int error, val;
+ bool need_candebug;
switch (com) {
case PROC_KPTI_CTL:
@@ -507,10 +508,12 @@ cpu_procctl(struct thread *td, int idtype, id_t id, int
com, void *data)
break;
}
if (com == PROC_KPTI_CTL || com == PROC_LA_CTL) {
+ need_candebug = true;
error = copyin(data, &val, sizeof(val));
if (error != 0)
break;
- }
+ } else
+ need_candebug = false;
if (com == PROC_KPTI_CTL &&
val != PROC_KPTI_CTL_ENABLE_ON_EXEC &&
val != PROC_KPTI_CTL_DISABLE_ON_EXEC) {
@@ -524,7 +527,8 @@ cpu_procctl(struct thread *td, int idtype, id_t id, int
com, void *data)
error = EINVAL;
break;
}
- error = pget(id, PGET_CANSEE | PGET_NOTWEXIT | PGET_NOTID, &p);
+ error = pget(id, (need_candebug ? PGET_CANDEBUG : PGET_CANSEE)
|
+ PGET_NOTWEXIT | PGET_NOTID, &p);
if (error != 0)
break;
switch (com) {
--
You are receiving this mail because:
You are the assignee for the bug.
