[src/trunk]: src/sys Add new sysctl variable proc.curproc.paxflags so a proce...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys Add new sysctl variable proc.curproc.paxflags so a proce...
From: pgoyette <pgoyette%NetBSD.org@localhost>
Date: Tue, 31 Jul 2018 21:00:36 +0000

details:   https://anonhg.NetBSD.org/src/rev/96e560c2a49c
branches:  trunk
changeset: 352302:96e560c2a49c
user:      pgoyette <pgoyette%NetBSD.org@localhost>
date:      Fri Mar 24 21:43:20 2017 +0000

description:
Add new sysctl variable proc.curproc.paxflags so a process can determine
which flags were set for it.  Define some values for the variable:

        CTL_PROC_PAXFLAGS_{ASLR,MPROTECT,GUARD}

diffstat:

 sys/kern/kern_resource.c |  54 ++++++++++++++++++++++++++++++++++++++++++++++-
 sys/sys/sysctl.h         |  16 ++++++++++++-
 2 files changed, 66 insertions(+), 4 deletions(-)

diffs (126 lines):

diff -r cfb84c523ccd -r 96e560c2a49c sys/kern/kern_resource.c
--- a/sys/kern/kern_resource.c  Fri Mar 24 21:28:03 2017 +0000
+++ b/sys/kern/kern_resource.c  Fri Mar 24 21:43:20 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_resource.c,v 1.175 2016/07/13 09:52:00 njoly Exp $        */
+/*     $NetBSD: kern_resource.c,v 1.176 2017/03/24 21:43:20 pgoyette Exp $     */
 
 /*-
  * Copyright (c) 1982, 1986, 1991, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.175 2016/07/13 09:52:00 njoly Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.176 2017/03/24 21:43:20 pgoyette Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -813,6 +813,49 @@
 }
 
 /*
+ * sysctl_proc_paxflags: helper routine to get process's paxctl flags
+ */
+static int
+sysctl_proc_paxflags(SYSCTLFN_ARGS)
+{
+       struct proc *p;
+       struct sysctlnode node;
+       int paxflags;
+       int error;
+
+       /* First, validate the request. */
+       if (namelen != 0 || name[-1] != PROC_PID_PAXFLAGS)
+               return EINVAL;
+
+       /* Find the process.  Hold a reference (p_reflock), if found. */
+       error = sysctl_proc_findproc(l, (pid_t)name[-2], &p);
+       if (error)
+               return error;
+
+       /* XXX-elad */
+       error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p,
+           KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
+       if (error) {
+               rw_exit(&p->p_reflock);
+               return error;
+       }
+
+       /* Retrieve the limits. */
+       node = *rnode;
+       paxflags = p->p_pax;
+       node.sysctl_data = &paxflags;
+
+       error = sysctl_lookup(SYSCTLFN_CALL(&node));
+
+       /* If attempting to write new value, it's an error */
+       if (error == 0 && newp != NULL)
+               error = EACCES;
+
+       rw_exit(&p->p_reflock);
+       return error;
+}
+
+/*
  * sysctl_proc_corename: helper routine to get or set the core file name
  * for a process specified by PID.
  */
@@ -1048,6 +1091,13 @@
                       CTL_PROC, PROC_CURPROC, CTL_EOL);
 
        sysctl_createv(&proc_sysctllog, 0, NULL, NULL,
+                      CTLFLAG_PERMANENT|CTLFLAG_READONLY,
+                      CTLTYPE_INT, "paxflags",
+                      SYSCTL_DESCR("Process PAX control flags"),
+                      sysctl_proc_paxflags, 0, NULL, 0,
+                      CTL_PROC, PROC_CURPROC, PROC_PID_PAXFLAGS, CTL_EOL);
+
+       sysctl_createv(&proc_sysctllog, 0, NULL, NULL,
                       CTLFLAG_PERMANENT|CTLFLAG_READWRITE|CTLFLAG_ANYWRITE,
                       CTLTYPE_STRING, "corename",
                       SYSCTL_DESCR("Core file name"),
diff -r cfb84c523ccd -r 96e560c2a49c sys/sys/sysctl.h
--- a/sys/sys/sysctl.h  Fri Mar 24 21:28:03 2017 +0000
+++ b/sys/sys/sysctl.h  Fri Mar 24 21:43:20 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sysctl.h,v 1.221 2016/04/04 23:31:46 christos Exp $    */
+/*     $NetBSD: sysctl.h,v 1.222 2017/03/24 21:43:21 pgoyette Exp $    */
 
 /*
  * Copyright (c) 1989, 1993
@@ -1026,7 +1026,8 @@
 #define        PROC_PID_STOPFORK       3
 #define        PROC_PID_STOPEXEC       4
 #define        PROC_PID_STOPEXIT       5
-#define        PROC_PID_MAXID          6
+#define        PROC_PID_PAXFLAGS       6
+#define        PROC_PID_MAXID          7
 
 #define        PROC_PID_NAMES { \
        { 0, 0 }, \
@@ -1035,6 +1036,7 @@
        { "stopfork", CTLTYPE_INT }, \
        { "stopexec", CTLTYPE_INT }, \
        { "stopexit", CTLTYPE_INT }, \
+       { "paxflags", CTLTYPE_INT }, \
 }
 
 /* Limit types from <sys/resources.h> */
@@ -1079,6 +1081,16 @@
 }
 
 /*
+ * Export PAX flag definitions to userland.
+ *
+ * XXX These are duplicated from sys/pax.h but that header is not
+ * XXX installed.
+ */
+#define        CTL_PROC_PAXFLAGS_ASLR          0x01
+#define        CTL_PROC_PAXFLAGS_MPROTECT      0x02
+#define        CTL_PROC_PAXFLAGS_GUARD         0x04
+
+/*
  * CTL_EMUL definitions
  *
  * Second level identifier specifies which emulation variable.

Prev by Date: [src/trunk]: src/sys/dev/pci support screen blanking
Next by Date: [src/trunk]: src/share/man/man7 Document new proc.curproc.paxflags variable.
Previous by Thread: [src/trunk]: src/sys/dev/pci support screen blanking
Next by Thread: [src/trunk]: src/share/man/man7 Document new proc.curproc.paxflags variable.
Indexes:

Home | Main Index | Thread Index | Old Index