Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Introduce security.pax.mprotect.ptrace sysctl which can ...
details: https://anonhg.NetBSD.org/src/rev/1196ae67a8fc
branches: trunk
changeset: 345413:1196ae67a8fc
user: christos <christos%NetBSD.org@localhost>
date: Wed May 25 17:43:58 2016 +0000
description:
Introduce security.pax.mprotect.ptrace sysctl which can be used to bypass
mprotect settings so that debuggers can write to the text segment of traced
processes so that they can insert breakpoints. Turned off by default.
Ok: chuq (for now)
diffstat:
sys/kern/kern_pax.c | 31 +++++++++++++++++++++++++++++--
sys/kern/kern_proc.c | 6 +++---
sys/kern/subr_copy.c | 8 ++++----
sys/kern/sys_process.c | 8 +++++---
sys/rump/librump/rumpkern/rumpcopy.c | 6 +++---
sys/sys/pax.h | 4 +++-
sys/uvm/uvm_extern.h | 4 ++--
sys/uvm/uvm_io.c | 10 +++++-----
sys/uvm/uvm_map.c | 16 +++++++++++-----
sys/uvm/uvm_map.h | 3 ++-
10 files changed, 67 insertions(+), 29 deletions(-)
diffs (truncated from 343 to 300 lines):
diff -r 34f9e8e9b1d6 -r 1196ae67a8fc sys/kern/kern_pax.c
--- a/sys/kern/kern_pax.c Wed May 25 17:25:32 2016 +0000
+++ b/sys/kern/kern_pax.c Wed May 25 17:43:58 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_pax.c,v 1.51 2016/05/25 17:25:32 christos Exp $ */
+/* $NetBSD: kern_pax.c,v 1.52 2016/05/25 17:43:58 christos Exp $ */
/*
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.51 2016/05/25 17:25:32 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.52 2016/05/25 17:43:58 christos Exp $");
#include "opt_pax.h"
@@ -117,6 +117,7 @@
#ifdef PAX_MPROTECT
static int pax_mprotect_enabled = 1;
static int pax_mprotect_global = PAX_MPROTECT;
+static int pax_mprotect_ptrace = 0;
static bool pax_mprotect_elf_flags_active(uint32_t);
#endif /* PAX_MPROTECT */
#ifdef PAX_MPROTECT_DEBUG
@@ -206,6 +207,14 @@
"all processes."),
NULL, 0, &pax_mprotect_global, 0,
CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, &rnode, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "ptrace",
+ SYSCTL_DESCR("When enabled, allow ptrace(2) to "
+ "override mprotect permissions on traced "
+ "processes"),
+ NULL, 0, &pax_mprotect_ptrace, 0,
+ CTL_CREATE, CTL_EOL);
#ifdef PAX_MPROTECT_DEBUG
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
@@ -433,6 +442,24 @@
*maxprot &= ~VM_PROT_WRITE;
}
}
+
+/*
+ * Bypass MPROTECT for traced processes
+ */
+int
+pax_mprotect_prot(struct lwp *l)
+{
+ uint32_t flags;
+
+ flags = l->l_proc->p_pax;
+ if (!pax_flags_active(flags, P_PAX_MPROTECT))
+ return 0;
+ if (!pax_mprotect_ptrace)
+ return 0;
+ return UVM_EXTRACT_PROT_ALL;
+}
+
+
#endif /* PAX_MPROTECT */
#ifdef PAX_ASLR
diff -r 34f9e8e9b1d6 -r 1196ae67a8fc sys/kern/kern_proc.c
--- a/sys/kern/kern_proc.c Wed May 25 17:25:32 2016 +0000
+++ b/sys/kern/kern_proc.c Wed May 25 17:43:58 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_proc.c,v 1.195 2016/04/04 20:47:57 christos Exp $ */
+/* $NetBSD: kern_proc.c,v 1.196 2016/05/25 17:43:58 christos Exp $ */
/*-
* Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.195 2016/04/04 20:47:57 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.196 2016/05/25 17:43:58 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_kstack.h"
@@ -2114,7 +2114,7 @@
auio.uio_resid = xlen;
auio.uio_rw = UIO_READ;
UIO_SETUP_SYSSPACE(&auio);
- error = uvm_io(&vmspace->vm_map, &auio);
+ error = uvm_io(&vmspace->vm_map, &auio, 0);
if (error)
goto done;
diff -r 34f9e8e9b1d6 -r 1196ae67a8fc sys/kern/subr_copy.c
--- a/sys/kern/subr_copy.c Wed May 25 17:25:32 2016 +0000
+++ b/sys/kern/subr_copy.c Wed May 25 17:43:58 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_copy.c,v 1.6 2015/04/21 13:17:25 riastradh Exp $ */
+/* $NetBSD: subr_copy.c,v 1.7 2016/05/25 17:43:58 christos Exp $ */
/*-
* Copyright (c) 1997, 1998, 1999, 2002, 2007, 2008 The NetBSD Foundation, Inc.
@@ -79,7 +79,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_copy.c,v 1.6 2015/04/21 13:17:25 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_copy.c,v 1.7 2016/05/25 17:43:58 christos Exp $");
#include <sys/param.h>
#include <sys/fcntl.h>
@@ -223,7 +223,7 @@
uio.uio_resid = len;
uio.uio_rw = UIO_READ;
UIO_SETUP_SYSSPACE(&uio);
- error = uvm_io(&vm->vm_map, &uio);
+ error = uvm_io(&vm->vm_map, &uio, 0);
return (error);
}
@@ -256,7 +256,7 @@
uio.uio_resid = len;
uio.uio_rw = UIO_WRITE;
UIO_SETUP_SYSSPACE(&uio);
- error = uvm_io(&vm->vm_map, &uio);
+ error = uvm_io(&vm->vm_map, &uio, 0);
return (error);
}
diff -r 34f9e8e9b1d6 -r 1196ae67a8fc sys/kern/sys_process.c
--- a/sys/kern/sys_process.c Wed May 25 17:25:32 2016 +0000
+++ b/sys/kern/sys_process.c Wed May 25 17:43:58 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_process.c,v 1.168 2016/04/04 20:47:57 christos Exp $ */
+/* $NetBSD: sys_process.c,v 1.169 2016/05/25 17:43:58 christos Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,16 +118,18 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.168 2016/04/04 20:47:57 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.169 2016/05/25 17:43:58 christos Exp $");
#include "opt_ptrace.h"
#include "opt_ktrace.h"
+#include "opt_pax.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/errno.h>
#include <sys/exec.h>
+#include <sys/pax.h>
#include <sys/ptrace.h>
#include <sys/uio.h>
#include <sys/ras.h>
@@ -1118,7 +1120,7 @@
mutex_exit(&vm->vm_map.misc_lock);
if (error != 0)
return (error);
- error = uvm_io(&vm->vm_map, uio);
+ error = uvm_io(&vm->vm_map, uio, pax_mprotect_prot(l));
uvmspace_free(vm);
#ifdef PMAP_NEED_PROCWR
diff -r 34f9e8e9b1d6 -r 1196ae67a8fc sys/rump/librump/rumpkern/rumpcopy.c
--- a/sys/rump/librump/rumpkern/rumpcopy.c Wed May 25 17:25:32 2016 +0000
+++ b/sys/rump/librump/rumpkern/rumpcopy.c Wed May 25 17:43:58 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rumpcopy.c,v 1.21 2016/01/26 23:12:17 pooka Exp $ */
+/* $NetBSD: rumpcopy.c,v 1.22 2016/05/25 17:43:58 christos Exp $ */
/*
* Copyright (c) 2009 Antti Kantee. All Rights Reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rumpcopy.c,v 1.21 2016/01/26 23:12:17 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rumpcopy.c,v 1.22 2016/05/25 17:43:58 christos Exp $");
#include <sys/param.h>
#include <sys/lwp.h>
@@ -180,7 +180,7 @@
* i.e. the current thread does not have an appropriate vm context.
*/
int
-uvm_io(struct vm_map *vm, struct uio *uio)
+uvm_io(struct vm_map *vm, struct uio *uio, int flag)
{
int error = 0;
diff -r 34f9e8e9b1d6 -r 1196ae67a8fc sys/sys/pax.h
--- a/sys/sys/pax.h Wed May 25 17:25:32 2016 +0000
+++ b/sys/sys/pax.h Wed May 25 17:43:58 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pax.h,v 1.22 2016/05/25 17:25:32 christos Exp $ */
+/* $NetBSD: pax.h,v 1.23 2016/05/25 17:43:58 christos Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -67,6 +67,7 @@
struct lwp *, vm_prot_t *, vm_prot_t *);
#ifndef PAX_MPROTECT
# define PAX_MPROTECT_ADJUST(a, b, c)
+# define pax_mprotect_prot(l) 0
#else
# ifdef PAX_MPROTECT_DEBUG
# define PAX_MPROTECT_ADJUST(a, b, c) \
@@ -75,6 +76,7 @@
# define PAX_MPROTECT_ADJUST(a, b, c) \
pax_mprotect_adjust((a), (b), (c))
# endif
+extern int pax_mprotect_prot(struct lwp *);
#endif
int pax_segvguard(struct lwp *, struct vnode *, const char *, bool);
diff -r 34f9e8e9b1d6 -r 1196ae67a8fc sys/uvm/uvm_extern.h
--- a/sys/uvm/uvm_extern.h Wed May 25 17:25:32 2016 +0000
+++ b/sys/uvm/uvm_extern.h Wed May 25 17:43:58 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_extern.h,v 1.196 2016/02/05 04:18:55 christos Exp $ */
+/* $NetBSD: uvm_extern.h,v 1.197 2016/05/25 17:43:58 christos Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -622,7 +622,7 @@
void uvm_init(void);
/* uvm_io.c */
-int uvm_io(struct vm_map *, struct uio *);
+int uvm_io(struct vm_map *, struct uio *, int);
/* uvm_km.c */
vaddr_t uvm_km_alloc(struct vm_map *, vsize_t, vsize_t,
diff -r 34f9e8e9b1d6 -r 1196ae67a8fc sys/uvm/uvm_io.c
--- a/sys/uvm/uvm_io.c Wed May 25 17:25:32 2016 +0000
+++ b/sys/uvm/uvm_io.c Wed May 25 17:43:58 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_io.c,v 1.27 2012/01/27 19:48:41 para Exp $ */
+/* $NetBSD: uvm_io.c,v 1.28 2016/05/25 17:43:58 christos Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_io.c,v 1.27 2012/01/27 19:48:41 para Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_io.c,v 1.28 2016/05/25 17:43:58 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -53,7 +53,7 @@
*/
int
-uvm_io(struct vm_map *map, struct uio *uio)
+uvm_io(struct vm_map *map, struct uio *uio, int flags)
{
vaddr_t baseva, endva, pageoffset, kva;
vsize_t chunksz, togo, sz;
@@ -86,6 +86,7 @@
chunksz = MIN(round_page(togo + pageoffset), trunc_page(MAXPHYS));
error = 0;
+ flags |= UVM_EXTRACT_QREF | UVM_EXTRACT_CONTIG | UVM_EXTRACT_FIXPROT;
/*
* step 1: main loop... while we've got data to move
*/
@@ -97,8 +98,7 @@
*/
error = uvm_map_extract(map, baseva, chunksz, kernel_map, &kva,
- UVM_EXTRACT_QREF | UVM_EXTRACT_CONTIG |
- UVM_EXTRACT_FIXPROT);
+ flags);
if (error) {
/* retry with a smaller chunk... */
diff -r 34f9e8e9b1d6 -r 1196ae67a8fc sys/uvm/uvm_map.c
--- a/sys/uvm/uvm_map.c Wed May 25 17:25:32 2016 +0000
+++ b/sys/uvm/uvm_map.c Wed May 25 17:43:58 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_map.c,v 1.336 2015/11/05 00:10:48 pgoyette Exp $ */
+/* $NetBSD: uvm_map.c,v 1.337 2016/05/25 17:43:58 christos Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_map.c,v 1.336 2015/11/05 00:10:48 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_map.c,v 1.337 2016/05/25 17:43:58 christos Exp $");
#include "opt_ddb.h"
#include "opt_uvmhist.h"
Home |
Main Index |
Thread Index |
Old Index