[src/trunk]: src/sys/dev/filemon filemon_pid_check:

[sjg <sjg%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/abf5f01710ce
branches:  trunk
changeset: 782767:abf5f01710ce
user:      sjg <sjg%NetBSD.org@localhost>
date:      Mon Nov 19 22:20:10 2012 +0000

description:
filemon_pid_check:
Avoid recursion, and hold a reader lock on p_reflock while we
check for filemon, and until we have p_pptr.

filemon_ioctl:
Do not allow FILEMON_SET_PID unless caller would be allowed
to ptrace the target pid.

filemon_wrapper_deinstall:
Do not touch syscalls if they no longer point to us, return EBUSY.

filemon_unload:
return EBUSY if filemon_wrapper_deinstall() fails.

diffstat:

 sys/dev/filemon/filemon.c         |  47 ++++++++++++++++++++++++++++----------
 sys/dev/filemon/filemon.h         |   4 +-
 sys/dev/filemon/filemon_wrapper.c |   7 ++++-
 3 files changed, 41 insertions(+), 17 deletions(-)

diffs (145 lines):

diff -r 4e6e569b0410 -r abf5f01710ce sys/dev/filemon/filemon.c
--- a/sys/dev/filemon/filemon.c Mon Nov 19 19:41:31 2012 +0000
+++ b/sys/dev/filemon/filemon.c Mon Nov 19 22:20:10 2012 +0000
@@ -24,7 +24,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: filemon.c,v 1.4 2011/10/15 00:23:08 sjg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: filemon.c,v 1.5 2012/11/19 22:20:10 sjg Exp $");
 
 #include <sys/param.h>
 #include <sys/kernel.h>
@@ -41,6 +41,7 @@
 #include <sys/proc.h>
 #include <sys/kmem.h>
 #include <sys/syslog.h>
+#include <sys/kauth.h>
 
 #include "filemon.h"
 
@@ -137,16 +138,27 @@
 filemon_pid_check(struct proc * p)
 {
        struct filemon *filemon;
+       struct proc * lp;
 
-       TAILQ_FOREACH(filemon, &filemons_inuse, fm_link) {
-               if (p->p_pid == filemon->fm_pid)
-                       return (filemon);
+       if (!TAILQ_EMPTY(&filemons_inuse)) {
+               while (p) {
+                       /*
+                        * make sure p cannot exit
+                        * until we have moved on to p_pptr
+                        */
+                       rw_enter(&p->p_reflock, RW_READER);
+                       TAILQ_FOREACH(filemon, &filemons_inuse, fm_link) {
+                               if (p->p_pid == filemon->fm_pid) {
+                                       rw_exit(&p->p_reflock);
+                                       return (filemon);
+                               }
+                       }
+                       lp = p;
+                       p = p->p_pptr;
+                       rw_exit(&lp->p_reflock);
+               }
        }
-
-       if (p->p_pptr == NULL)
-               return (NULL);
-
-       return (filemon_pid_check(p->p_pptr));
+       return (NULL);
 }
 
 /*
@@ -254,7 +266,7 @@
 {
        int error = 0;
        struct filemon *filemon;
-
+       struct proc *tp;
 
 #ifdef DEBUG
        log(logLevel, "filemon_ioctl(%lu)", cmd);;
@@ -280,8 +292,17 @@
                break;
 
        case FILEMON_SET_PID:
-               /* Set the monitored process ID. */
-               filemon->fm_pid = *((pid_t *) data);
+               /* Set the monitored process ID - if allowed. */
+               mutex_enter(proc_lock);
+               tp = proc_find(*((pid_t *) data));
+               mutex_exit(proc_lock);
+               error = kauth_authorize_process(curproc->p_cred,
+                   KAUTH_PROCESS_CANSEE, tp,
+                   KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
+               if (!error) {
+                       filemon->fm_pid = tp->p_pid;
+
+               }
                break;
 
        default:
@@ -325,7 +346,7 @@
                error = EBUSY;
        else {
                /* Deinstall the syscall wrappers. */
-               filemon_wrapper_deinstall();
+               error = filemon_wrapper_deinstall();
        }
        rw_exit(&filemon_mtx);
 
diff -r 4e6e569b0410 -r abf5f01710ce sys/dev/filemon/filemon.h
--- a/sys/dev/filemon/filemon.h Mon Nov 19 19:41:31 2012 +0000
+++ b/sys/dev/filemon/filemon.h Mon Nov 19 22:20:10 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: filemon.h,v 1.3 2011/09/24 18:08:15 sjg Exp $ */
+/* $NetBSD: filemon.h,v 1.4 2012/11/19 22:20:10 sjg Exp $ */
 /*
  * Copyright (c) 2010, Juniper Networks, Inc.
  *
@@ -48,7 +48,7 @@
 struct filemon * filemon_lookup(struct proc *);
 void filemon_output(struct filemon *, char *, size_t);
 void filemon_wrapper_install(void);
-void filemon_wrapper_deinstall(void);
+int  filemon_wrapper_deinstall(void);
 #endif
 
 #endif
diff -r 4e6e569b0410 -r abf5f01710ce sys/dev/filemon/filemon_wrapper.c
--- a/sys/dev/filemon/filemon_wrapper.c Mon Nov 19 19:41:31 2012 +0000
+++ b/sys/dev/filemon/filemon_wrapper.c Mon Nov 19 22:20:10 2012 +0000
@@ -24,7 +24,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: filemon_wrapper.c,v 1.3 2011/09/24 18:08:15 sjg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: filemon_wrapper.c,v 1.4 2012/11/19 22:20:10 sjg Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -378,11 +378,13 @@
        sv_table[SYS_vfork].sy_call = (sy_call_t *) filemon_wrapper_vfork;
 }
 
-void
+int
 filemon_wrapper_deinstall(void)
 {
        struct sysent *sv_table = curproc->p_emul->e_sysent;
 
+       if (sv_table[SYS_chdir].sy_call != (sy_call_t *) filemon_wrapper_chdir)
+           return EBUSY;
        sv_table[SYS_chdir].sy_call = (sy_call_t *) sys_chdir;
        sv_table[SYS_execve].sy_call = (sy_call_t *) sys_execve;
        sv_table[SYS_exit].sy_call = (sy_call_t *) sys_exit;
@@ -393,4 +395,5 @@
        sv_table[SYS_symlink].sy_call = (sy_call_t *) sys_symlink;
        sv_table[SYS_unlink].sy_call = (sy_call_t *) sys_unlink;
        sv_table[SYS_vfork].sy_call = (sy_call_t *) sys_vfork;
+       return 0;
 }