Re: remove kevent perm check
That seems a bit excessive to crash the program when all you may want to do is track the exit of a child. Does the pledge proc flag dictate that you can't do wait() as well?
Re: remove kevent perm check
Theo de Raadt wrote: > > > > I think we should remove the check. It doesn't make sense, and it's > > > > different > > > > from other systems using kqueue. (I also had to work around it in > > > > rebound, > > > > where some code could be organized better if it weren't for the need to > > > > call > > > > kevent before switching IDs.) > > > > > > FreeBSD has process visibility controls and checks them in this > > > location. We don't have any such controls, so removing that chunk > > > should be fine. OK millert@ > > > > Unless we have someone who wants to go down that road... > > Or, should this specific bit be disallowed if pledge'd, but lacking "proc"? That is consistent. Index: kern_event.c === RCS file: /cvs/src/sys/kern/kern_event.c,v retrieving revision 1.71 diff -u -p -r1.71 kern_event.c --- kern_event.c6 Jan 2016 17:58:46 - 1.71 +++ kern_event.c12 May 2016 17:32:05 - @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -211,6 +212,10 @@ filt_procattach(struct knote *kn) { struct process *pr; + if ((curproc->p_p->ps_flags & PS_PLEDGE) && + (curproc->p_p->ps_pledge & PLEDGE_PROC) == 0) + return pledge_fail(curproc, EPERM, PLEDGE_PROC); + pr = prfind(kn->kn_id); if (pr == NULL) return (ESRCH); @@ -218,15 +223,6 @@ filt_procattach(struct knote *kn) /* exiting processes can't be specified */ if (pr->ps_flags & PS_EXITING) return (ESRCH); - - /* -* Fail if it's not owned by you, or the last exec gave us -* setuid/setgid privs (unless you're root). -*/ - if (pr != curproc->p_p && - (pr->ps_ucred->cr_ruid != curproc->p_ucred->cr_ruid || - (pr->ps_flags & PS_SUGID)) && suser(curproc, 0) != 0) - return (EACCES); kn->kn_ptr.p_process = pr; kn->kn_flags |= EV_CLEAR; /* automatically set */
Re: remove kevent perm check
> > > I think we should remove the check. It doesn't make sense, and it's > > > different > > > from other systems using kqueue. (I also had to work around it in rebound, > > > where some code could be organized better if it weren't for the need to > > > call > > > kevent before switching IDs.) > > > > FreeBSD has process visibility controls and checks them in this > > location. We don't have any such controls, so removing that chunk > > should be fine. OK millert@ > > Unless we have someone who wants to go down that road... Or, should this specific bit be disallowed if pledge'd, but lacking "proc"?
Re: remove kevent perm check
> > I think we should remove the check. It doesn't make sense, and it's > > different > > from other systems using kqueue. (I also had to work around it in rebound, > > where some code could be organized better if it weren't for the need to call > > kevent before switching IDs.) > > FreeBSD has process visibility controls and checks them in this > location. We don't have any such controls, so removing that chunk > should be fine. OK millert@ Unless we have someone who wants to go down that road...
Re: remove kevent perm check
On Thu, 12 May 2016 12:07:43 -0400, "Ted Unangst" wrote: > I think we should remove the check. It doesn't make sense, and it's different > from other systems using kqueue. (I also had to work around it in rebound, > where some code could be organized better if it weren't for the need to call > kevent before switching IDs.) FreeBSD has process visibility controls and checks them in this location. We don't have any such controls, so removing that chunk should be fine. OK millert@ - todd