Module Name: src
Committed By: christos
Date: Fri Oct 5 22:12:38 UTC 2018
Modified Files:
src/sys/kern: init_sysctl.c kern_descrip.c kern_proc.c
src/sys/secmodel/suser: secmodel_suser.c
src/sys/sys: kauth.h systm.h
Log Message:
Provide a sysctl kern.expose_address to expose kernel addresses in
sysctl structure returns for non-root. Defaults to off. Turning it
on will restore sockstat/fstat and friends for regular users.
To generate a diff of this commit:
cvs rdiff -u -r1.217 -r1.218 src/sys/kern/init_sysctl.c \
src/sys/kern/kern_proc.c
cvs rdiff -u -r1.237 -r1.238 src/sys/kern/kern_descrip.c
cvs rdiff -u -r1.48 -r1.49 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.80 -r1.81 src/sys/sys/kauth.h
cvs rdiff -u -r1.278 -r1.279 src/sys/sys/systm.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/init_sysctl.c
diff -u src/sys/kern/init_sysctl.c:1.217 src/sys/kern/init_sysctl.c:1.218
--- src/sys/kern/init_sysctl.c:1.217 Sun Sep 16 16:39:04 2018
+++ src/sys/kern/init_sysctl.c Fri Oct 5 18:12:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: init_sysctl.c,v 1.217 2018/09/16 20:39:04 mrg Exp $ */
+/* $NetBSD: init_sysctl.c,v 1.218 2018/10/05 22:12:38 christos Exp $ */
/*-
* Copyright (c) 2003, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.217 2018/09/16 20:39:04 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.218 2018/10/05 22:12:38 christos Exp $");
#include "opt_sysv.h"
#include "opt_compat_netbsd.h"
@@ -85,6 +85,8 @@ int kern_has_sysvmsg = 0;
int kern_has_sysvshm = 0;
int kern_has_sysvsem = 0;
+int kern_expose_address = 0;
+
static const u_int sysctl_lwpprflagmap[] = {
LPR_DETACHED, L_DETACHED,
0
@@ -127,6 +129,7 @@ static int sysctl_kern_root_partition(SY
static int sysctl_kern_drivers(SYSCTLFN_PROTO);
static int sysctl_security_setidcore(SYSCTLFN_PROTO);
static int sysctl_security_setidcorename(SYSCTLFN_PROTO);
+static int sysctl_security_expose_address(SYSCTLFN_PROTO);
static int sysctl_kern_cpid(SYSCTLFN_PROTO);
static int sysctl_hw_usermem(SYSCTLFN_PROTO);
static int sysctl_hw_cnmagic(SYSCTLFN_PROTO);
@@ -599,6 +602,12 @@ SYSCTL_SETUP(sysctl_kern_setup, "sysctl
SYSCTL_DESCR("Kernel message verbosity"),
sysctl_kern_messages, 0, NULL, 0,
CTL_KERN, CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, NULL, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "expose_address",
+ SYSCTL_DESCR("Expose kernel addresses to userland"),
+ sysctl_security_expose_address, 0, &kern_expose_address,
+ 0, CTL_KERN, CTL_CREATE, CTL_EOL);
}
SYSCTL_SETUP(sysctl_hw_misc_setup, "sysctl hw subtree misc setup")
@@ -798,7 +807,7 @@ sysctl_kern_messages(SYSCTLFN_ARGS)
case AB_NORMAL:
default:
messageverbose = 2;
-}
+ }
node = *rnode;
node.sysctl_data = &messageverbose;
@@ -1340,6 +1349,37 @@ sysctl_security_setidcore(SYSCTLFN_ARGS)
}
static int
+sysctl_security_expose_address(SYSCTLFN_ARGS)
+{
+ int expose_address, error;
+ struct sysctlnode node;
+
+ node = *rnode;
+ node.sysctl_data = &expose_address;
+ expose_address = *(int *)rnode->sysctl_data;
+ error = sysctl_lookup(SYSCTLFN_CALL(&node));
+ if (error || newp == NULL)
+ return error;
+
+ if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_KERNADDR,
+ 0, NULL, NULL, NULL))
+ return (EPERM);
+
+ *(int *)rnode->sysctl_data = expose_address;
+
+ return 0;
+}
+
+bool
+get_expose_address(struct proc *p)
+{
+ /* allow only if sysctl variable is set or privileged */
+ return kern_expose_address || kauth_authorize_process(kauth_cred_get(),
+ KAUTH_PROCESS_CANSEE, p,
+ KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL) == 0;
+}
+
+static int
sysctl_security_setidcorename(SYSCTLFN_ARGS)
{
int error;
Index: src/sys/kern/kern_proc.c
diff -u src/sys/kern/kern_proc.c:1.217 src/sys/kern/kern_proc.c:1.218
--- src/sys/kern/kern_proc.c:1.217 Tue Sep 4 12:03:56 2018
+++ src/sys/kern/kern_proc.c Fri Oct 5 18:12:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $ */
+/* $NetBSD: kern_proc.c,v 1.218 2018/10/05 22:12:38 christos Exp $ */
/*-
* Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.218 2018/10/05 22:12:38 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_kstack.h"
@@ -2160,35 +2160,24 @@ done:
return error;
}
-#define SET_KERN_ADDR(dst, src, allow) \
- do { \
- if (allow) \
- dst = src; \
- } while (0);
-
/*
* Fill in an eproc structure for the specified process.
*/
void
fill_eproc(struct proc *p, struct eproc *ep, bool zombie)
{
- bool allowaddr;
struct tty *tp;
struct lwp *l;
- int error;
KASSERT(mutex_owned(proc_lock));
KASSERT(mutex_owned(p->p_lock));
memset(ep, 0, sizeof(*ep));
- /* If not privileged, don't expose kernel addresses. */
- error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
- curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
- allowaddr = (error == 0);
+ const bool allowaddr = get_expose_address(curproc);
- SET_KERN_ADDR(ep->e_paddr, p, allowaddr);
- SET_KERN_ADDR(ep->e_sess, p->p_session, allowaddr);
+ COND_SET_VALUE(ep->e_paddr, p, allowaddr);
+ COND_SET_VALUE(ep->e_sess, p->p_session, allowaddr);
if (p->p_cred) {
kauth_cred_topcred(p->p_cred, &ep->e_pcred);
kauth_cred_toucred(p->p_cred, &ep->e_ucred);
@@ -2219,7 +2208,7 @@ fill_eproc(struct proc *p, struct eproc
(tp = p->p_session->s_ttyp)) {
ep->e_tdev = tp->t_dev;
ep->e_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PGID;
- SET_KERN_ADDR(ep->e_tsess, tp->t_session, allowaddr);
+ COND_SET_VALUE(ep->e_tsess, tp->t_session, allowaddr);
} else
ep->e_tdev = (uint32_t)NODEV;
ep->e_flag = p->p_session->s_ttyvp ? EPROC_CTTY : 0;
@@ -2243,31 +2232,26 @@ fill_kproc2(struct proc *p, struct kinfo
sigset_t ss1, ss2;
struct rusage ru;
struct vmspace *vm;
- bool allowaddr;
- int error;
KASSERT(mutex_owned(proc_lock));
KASSERT(mutex_owned(p->p_lock));
- /* If not privileged, don't expose kernel addresses. */
- error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
- curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
- allowaddr = (error == 0);
+ const bool allowaddr = get_expose_address(curproc);
sigemptyset(&ss1);
sigemptyset(&ss2);
memset(ki, 0, sizeof(*ki));
- SET_KERN_ADDR(ki->p_paddr, PTRTOUINT64(p), allowaddr);
- SET_KERN_ADDR(ki->p_fd, PTRTOUINT64(p->p_fd), allowaddr);
- SET_KERN_ADDR(ki->p_cwdi, PTRTOUINT64(p->p_cwdi), allowaddr);
- SET_KERN_ADDR(ki->p_stats, PTRTOUINT64(p->p_stats), allowaddr);
- SET_KERN_ADDR(ki->p_limit, PTRTOUINT64(p->p_limit), allowaddr);
- SET_KERN_ADDR(ki->p_vmspace, PTRTOUINT64(p->p_vmspace), allowaddr);
- SET_KERN_ADDR(ki->p_sigacts, PTRTOUINT64(p->p_sigacts), allowaddr);
- SET_KERN_ADDR(ki->p_sess, PTRTOUINT64(p->p_session), allowaddr);
+ COND_SET_VALUE(ki->p_paddr, PTRTOUINT64(p), allowaddr);
+ COND_SET_VALUE(ki->p_fd, PTRTOUINT64(p->p_fd), allowaddr);
+ COND_SET_VALUE(ki->p_cwdi, PTRTOUINT64(p->p_cwdi), allowaddr);
+ COND_SET_VALUE(ki->p_stats, PTRTOUINT64(p->p_stats), allowaddr);
+ COND_SET_VALUE(ki->p_limit, PTRTOUINT64(p->p_limit), allowaddr);
+ COND_SET_VALUE(ki->p_vmspace, PTRTOUINT64(p->p_vmspace), allowaddr);
+ COND_SET_VALUE(ki->p_sigacts, PTRTOUINT64(p->p_sigacts), allowaddr);
+ COND_SET_VALUE(ki->p_sess, PTRTOUINT64(p->p_session), allowaddr);
ki->p_tsess = 0; /* may be changed if controlling tty below */
- SET_KERN_ADDR(ki->p_ru, PTRTOUINT64(&p->p_stats->p_ru), allowaddr);
+ COND_SET_VALUE(ki->p_ru, PTRTOUINT64(&p->p_stats->p_ru), allowaddr);
ki->p_eflag = 0;
ki->p_exitsig = p->p_exitsig;
ki->p_flag = L_INMEM; /* Process never swapped out */
@@ -2293,7 +2277,7 @@ fill_kproc2(struct proc *p, struct kinfo
ki->p_sticks = p->p_sticks;
ki->p_iticks = p->p_iticks;
ki->p_tpgid = NO_PGID; /* may be changed if controlling tty below */
- SET_KERN_ADDR(ki->p_tracep, PTRTOUINT64(p->p_tracep), allowaddr);
+ COND_SET_VALUE(ki->p_tracep, PTRTOUINT64(p->p_tracep), allowaddr);
ki->p_traceflag = p->p_traceflag;
memcpy(&ki->p_sigignore, &p->p_sigctx.ps_sigignore,sizeof(ki_sigset_t));
@@ -2337,7 +2321,7 @@ fill_kproc2(struct proc *p, struct kinfo
ki->p_nrlwps = p->p_nrlwps;
ki->p_forw = 0;
ki->p_back = 0;
- SET_KERN_ADDR(ki->p_addr, PTRTOUINT64(l->l_addr), allowaddr);
+ COND_SET_VALUE(ki->p_addr, PTRTOUINT64(l->l_addr), allowaddr);
ki->p_stat = l->l_stat;
ki->p_flag |= sysctl_map_flags(sysctl_lwpflagmap, l->l_flag);
ki->p_swtime = l->l_swtime;
@@ -2350,7 +2334,7 @@ fill_kproc2(struct proc *p, struct kinfo
ki->p_usrpri = l->l_priority;
if (l->l_wchan)
strncpy(ki->p_wmesg, l->l_wmesg, sizeof(ki->p_wmesg));
- SET_KERN_ADDR(ki->p_wchan, PTRTOUINT64(l->l_wchan), allowaddr);
+ COND_SET_VALUE(ki->p_wchan, PTRTOUINT64(l->l_wchan), allowaddr);
ki->p_cpuid = cpu_index(l->l_cpu);
lwp_unlock(l);
LIST_FOREACH(l, &p->p_lwps, l_sibling) {
@@ -2379,7 +2363,7 @@ fill_kproc2(struct proc *p, struct kinfo
if ((p->p_lflag & PL_CONTROLT) && (tp = p->p_session->s_ttyp)) {
ki->p_tdev = tp->t_dev;
ki->p_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PGID;
- SET_KERN_ADDR(ki->p_tsess, PTRTOUINT64(tp->t_session),
+ COND_SET_VALUE(ki->p_tsess, PTRTOUINT64(tp->t_session),
allowaddr);
} else {
ki->p_tdev = (int32_t)NODEV;
Index: src/sys/kern/kern_descrip.c
diff -u src/sys/kern/kern_descrip.c:1.237 src/sys/kern/kern_descrip.c:1.238
--- src/sys/kern/kern_descrip.c:1.237 Thu Sep 13 10:44:09 2018
+++ src/sys/kern/kern_descrip.c Fri Oct 5 18:12:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_descrip.c,v 1.237 2018/09/13 14:44:09 maxv Exp $ */
+/* $NetBSD: kern_descrip.c,v 1.238 2018/10/05 22:12:38 christos Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.237 2018/09/13 14:44:09 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.238 2018/10/05 22:12:38 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -2283,49 +2283,37 @@ sysctl_kern_file2(SYSCTLFN_ARGS)
return error;
}
-#define SET_KERN_ADDR(dst, src, allow) \
- do { \
- if (allow) \
- dst = src; \
- } while (0);
-
static void
fill_file(struct kinfo_file *kp, const file_t *fp, const fdfile_t *ff,
int i, pid_t pid)
{
- bool allowaddr;
- int error;
-
- /* If not privileged, don't expose kernel addresses. */
- error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
- curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
- allowaddr = (error == 0);
+ const bool allowaddr = get_expose_address(curproc);
memset(kp, 0, sizeof(*kp));
- SET_KERN_ADDR(kp->ki_fileaddr, PTRTOUINT64(fp), allowaddr);
+ COND_SET_VALUE(kp->ki_fileaddr, PTRTOUINT64(fp), allowaddr);
kp->ki_flag = fp->f_flag;
kp->ki_iflags = 0;
kp->ki_ftype = fp->f_type;
kp->ki_count = fp->f_count;
kp->ki_msgcount = fp->f_msgcount;
- SET_KERN_ADDR(kp->ki_fucred, PTRTOUINT64(fp->f_cred), allowaddr);
+ COND_SET_VALUE(kp->ki_fucred, PTRTOUINT64(fp->f_cred), allowaddr);
kp->ki_fuid = kauth_cred_geteuid(fp->f_cred);
kp->ki_fgid = kauth_cred_getegid(fp->f_cred);
- SET_KERN_ADDR(kp->ki_fops, PTRTOUINT64(fp->f_ops), allowaddr);
+ COND_SET_VALUE(kp->ki_fops, PTRTOUINT64(fp->f_ops), allowaddr);
kp->ki_foffset = fp->f_offset;
- SET_KERN_ADDR(kp->ki_fdata, PTRTOUINT64(fp->f_data), allowaddr);
+ COND_SET_VALUE(kp->ki_fdata, PTRTOUINT64(fp->f_data), allowaddr);
/* vnode information to glue this file to something */
if (fp->f_type == DTYPE_VNODE) {
struct vnode *vp = fp->f_vnode;
- SET_KERN_ADDR(kp->ki_vun, PTRTOUINT64(vp->v_un.vu_socket),
+ COND_SET_VALUE(kp->ki_vun, PTRTOUINT64(vp->v_un.vu_socket),
allowaddr);
kp->ki_vsize = vp->v_size;
kp->ki_vtype = vp->v_type;
kp->ki_vtag = vp->v_tag;
- SET_KERN_ADDR(kp->ki_vdata, PTRTOUINT64(vp->v_data),
+ COND_SET_VALUE(kp->ki_vdata, PTRTOUINT64(vp->v_data),
allowaddr);
}
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.48 src/sys/secmodel/suser/secmodel_suser.c:1.49
--- src/sys/secmodel/suser/secmodel_suser.c:1.48 Tue Sep 4 10:31:19 2018
+++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 5 18:12:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.48 2018/09/04 14:31:19 maxv Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.49 2018/10/05 22:12:38 christos Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <[email protected]>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.48 2018/09/04 14:31:19 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.49 2018/10/05 22:12:38 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -446,6 +446,12 @@ secmodel_suser_system_cb(kauth_cred_t cr
break;
+ case KAUTH_SYSTEM_KERNADDR:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
default:
break;
}
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.80 src/sys/sys/kauth.h:1.81
--- src/sys/sys/kauth.h:1.80 Tue Sep 4 10:31:18 2018
+++ src/sys/sys/kauth.h Fri Oct 5 18:12:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.80 2018/09/04 14:31:18 maxv Exp $ */
+/* $NetBSD: kauth.h,v 1.81 2018/10/05 22:12:37 christos Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <[email protected]>
@@ -144,6 +144,7 @@ enum {
KAUTH_SYSTEM_FS_EXTATTR,
KAUTH_SYSTEM_FS_SNAPSHOT,
KAUTH_SYSTEM_INTR,
+ KAUTH_SYSTEM_KERNADDR,
};
/*
Index: src/sys/sys/systm.h
diff -u src/sys/sys/systm.h:1.278 src/sys/sys/systm.h:1.279
--- src/sys/sys/systm.h:1.278 Mon Sep 17 21:25:09 2018
+++ src/sys/sys/systm.h Fri Oct 5 18:12:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: systm.h,v 1.278 2018/09/18 01:25:09 mrg Exp $ */
+/* $NetBSD: systm.h,v 1.279 2018/10/05 22:12:37 christos Exp $ */
/*-
* Copyright (c) 1982, 1988, 1991, 1993
@@ -184,6 +184,14 @@ enum hashtype {
};
#ifdef _KERNEL
+#define COND_SET_VALUE(dst, src, allow) \
+ do { \
+ if (allow) \
+ dst = src; \
+ } while (/*CONSTCOND*/0);
+
+
+bool get_expose_address(struct proc *);
void *hashinit(u_int, enum hashtype, bool, u_long *);
void hashdone(void *, enum hashtype, u_long);
int seltrue(dev_t, int, struct lwp *);
