CVS commit: src/sys/kern

Tue, 04 Sep 2018 09:04:21 -0700 

Module Name:    src
Committed By:   maxv
Date:           Tue Sep  4 16:03:56 UTC 2018

Modified Files:
        src/sys/kern: kern_proc.c

Log Message:
Clear the kernel pointers from kern.proc and kern.proc2 when the user is
not privileged.


To generate a diff of this commit:
cvs rdiff -u -r1.216 -r1.217 src/sys/kern/kern_proc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_proc.c
diff -u src/sys/kern/kern_proc.c:1.216 src/sys/kern/kern_proc.c:1.217
--- src/sys/kern/kern_proc.c:1.216	Tue Sep  4 15:48:44 2018
+++ src/sys/kern/kern_proc.c	Tue Sep  4 16:03:56 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_proc.c,v 1.216 2018/09/04 15:48:44 maxv Exp $	*/
+/*	$NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.216 2018/09/04 15:48:44 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_kstack.h"
@@ -2160,22 +2160,35 @@ done:
 	return error;
 }
 
+#define SET_KERN_ADDR(dst, src, allow)	\
+	do {				\
+		if (allow)		\
+			dst = src;	\
+	} while (0);
+
 /*
  * Fill in an eproc structure for the specified process.
  */
 void
 fill_eproc(struct proc *p, struct eproc *ep, bool zombie)
 {
+	bool allowaddr;
 	struct tty *tp;
 	struct lwp *l;
+	int error;
 
 	KASSERT(mutex_owned(proc_lock));
 	KASSERT(mutex_owned(p->p_lock));
 
 	memset(ep, 0, sizeof(*ep));
 
-	ep->e_paddr = p;
-	ep->e_sess = p->p_session;
+	/* If not privileged, don't expose kernel addresses. */
+	error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
+	    curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
+	allowaddr = (error == 0);
+
+	SET_KERN_ADDR(ep->e_paddr, p, allowaddr);
+	SET_KERN_ADDR(ep->e_sess, p->p_session, allowaddr);
 	if (p->p_cred) {
 		kauth_cred_topcred(p->p_cred, &ep->e_pcred);
 		kauth_cred_toucred(p->p_cred, &ep->e_ucred);
@@ -2206,7 +2219,7 @@ fill_eproc(struct proc *p, struct eproc 
 		    (tp = p->p_session->s_ttyp)) {
 			ep->e_tdev = tp->t_dev;
 			ep->e_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PGID;
-			ep->e_tsess = tp->t_session;
+			SET_KERN_ADDR(ep->e_tsess, tp->t_session, allowaddr);
 		} else
 			ep->e_tdev = (uint32_t)NODEV;
 		ep->e_flag = p->p_session->s_ttyvp ? EPROC_CTTY : 0;
@@ -2230,24 +2243,31 @@ fill_kproc2(struct proc *p, struct kinfo
 	sigset_t ss1, ss2;
 	struct rusage ru;
 	struct vmspace *vm;
+	bool allowaddr;
+	int error;
 
 	KASSERT(mutex_owned(proc_lock));
 	KASSERT(mutex_owned(p->p_lock));
 
+	/* If not privileged, don't expose kernel addresses. */
+	error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
+	    curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
+	allowaddr = (error == 0);
+
 	sigemptyset(&ss1);
 	sigemptyset(&ss2);
 	memset(ki, 0, sizeof(*ki));
 
-	ki->p_paddr = PTRTOUINT64(p);
-	ki->p_fd = PTRTOUINT64(p->p_fd);
-	ki->p_cwdi = PTRTOUINT64(p->p_cwdi);
-	ki->p_stats = PTRTOUINT64(p->p_stats);
-	ki->p_limit = PTRTOUINT64(p->p_limit);
-	ki->p_vmspace = PTRTOUINT64(p->p_vmspace);
-	ki->p_sigacts = PTRTOUINT64(p->p_sigacts);
-	ki->p_sess = PTRTOUINT64(p->p_session);
+	SET_KERN_ADDR(ki->p_paddr, PTRTOUINT64(p), allowaddr);
+	SET_KERN_ADDR(ki->p_fd, PTRTOUINT64(p->p_fd), allowaddr);
+	SET_KERN_ADDR(ki->p_cwdi, PTRTOUINT64(p->p_cwdi), allowaddr);
+	SET_KERN_ADDR(ki->p_stats, PTRTOUINT64(p->p_stats), allowaddr);
+	SET_KERN_ADDR(ki->p_limit, PTRTOUINT64(p->p_limit), allowaddr);
+	SET_KERN_ADDR(ki->p_vmspace, PTRTOUINT64(p->p_vmspace), allowaddr);
+	SET_KERN_ADDR(ki->p_sigacts, PTRTOUINT64(p->p_sigacts), allowaddr);
+	SET_KERN_ADDR(ki->p_sess, PTRTOUINT64(p->p_session), allowaddr);
 	ki->p_tsess = 0;	/* may be changed if controlling tty below */
-	ki->p_ru = PTRTOUINT64(&p->p_stats->p_ru);
+	SET_KERN_ADDR(ki->p_ru, PTRTOUINT64(&p->p_stats->p_ru), allowaddr);
 	ki->p_eflag = 0;
 	ki->p_exitsig = p->p_exitsig;
 	ki->p_flag = L_INMEM;   /* Process never swapped out */
@@ -2273,7 +2293,7 @@ fill_kproc2(struct proc *p, struct kinfo
 	ki->p_sticks = p->p_sticks;
 	ki->p_iticks = p->p_iticks;
 	ki->p_tpgid = NO_PGID;	/* may be changed if controlling tty below */
-	ki->p_tracep = PTRTOUINT64(p->p_tracep);
+	SET_KERN_ADDR(ki->p_tracep, PTRTOUINT64(p->p_tracep), allowaddr);
 	ki->p_traceflag = p->p_traceflag;
 
 	memcpy(&ki->p_sigignore, &p->p_sigctx.ps_sigignore,sizeof(ki_sigset_t));
@@ -2317,7 +2337,7 @@ fill_kproc2(struct proc *p, struct kinfo
 		ki->p_nrlwps = p->p_nrlwps;
 		ki->p_forw = 0;
 		ki->p_back = 0;
-		ki->p_addr = PTRTOUINT64(l->l_addr);
+		SET_KERN_ADDR(ki->p_addr, PTRTOUINT64(l->l_addr), allowaddr);
 		ki->p_stat = l->l_stat;
 		ki->p_flag |= sysctl_map_flags(sysctl_lwpflagmap, l->l_flag);
 		ki->p_swtime = l->l_swtime;
@@ -2330,7 +2350,7 @@ fill_kproc2(struct proc *p, struct kinfo
 		ki->p_usrpri = l->l_priority;
 		if (l->l_wchan)
 			strncpy(ki->p_wmesg, l->l_wmesg, sizeof(ki->p_wmesg));
-		ki->p_wchan = PTRTOUINT64(l->l_wchan);
+		SET_KERN_ADDR(ki->p_wchan, PTRTOUINT64(l->l_wchan), allowaddr);
 		ki->p_cpuid = cpu_index(l->l_cpu);
 		lwp_unlock(l);
 		LIST_FOREACH(l, &p->p_lwps, l_sibling) {
@@ -2359,7 +2379,8 @@ fill_kproc2(struct proc *p, struct kinfo
 		if ((p->p_lflag & PL_CONTROLT) && (tp = p->p_session->s_ttyp)) {
 			ki->p_tdev = tp->t_dev;
 			ki->p_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PGID;
-			ki->p_tsess = PTRTOUINT64(tp->t_session);
+			SET_KERN_ADDR(ki->p_tsess, PTRTOUINT64(tp->t_session),
+			    allowaddr);
 		} else {
 			ki->p_tdev = (int32_t)NODEV;
 		}

Reply via email to