Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys Provide a sysctl kern.expose_address to expose kernel ad...



details:   https://anonhg.NetBSD.org/src/rev/e7ff7fe46e19
branches:  trunk
changeset: 993860:e7ff7fe46e19
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Oct 05 22:12:37 2018 +0000

description:
Provide a sysctl kern.expose_address to expose kernel addresses in
sysctl structure returns for non-root. Defaults to off. Turning it
on will restore sockstat/fstat and friends for regular users.

diffstat:

 sys/kern/init_sysctl.c              |  46 ++++++++++++++++++++++++++++-
 sys/kern/kern_descrip.c             |  30 +++++-------------
 sys/kern/kern_proc.c                |  56 +++++++++++++-----------------------
 sys/secmodel/suser/secmodel_suser.c |  10 +++++-
 sys/sys/kauth.h                     |   3 +-
 sys/sys/systm.h                     |  10 +++++-
 6 files changed, 91 insertions(+), 64 deletions(-)

diffs (truncated from 386 to 300 lines):

diff -r 63617cf0e74f -r e7ff7fe46e19 sys/kern/init_sysctl.c
--- a/sys/kern/init_sysctl.c    Fri Oct 05 20:12:37 2018 +0000
+++ b/sys/kern/init_sysctl.c    Fri Oct 05 22:12:37 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: init_sysctl.c,v 1.217 2018/09/16 20:39:04 mrg Exp $ */
+/*     $NetBSD: init_sysctl.c,v 1.218 2018/10/05 22:12:38 christos Exp $ */
 
 /*-
  * Copyright (c) 2003, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.217 2018/09/16 20:39:04 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.218 2018/10/05 22:12:38 christos Exp $");
 
 #include "opt_sysv.h"
 #include "opt_compat_netbsd.h"
@@ -85,6 +85,8 @@
 int kern_has_sysvshm = 0;
 int kern_has_sysvsem = 0;
 
+int kern_expose_address = 0;
+
 static const u_int sysctl_lwpprflagmap[] = {
        LPR_DETACHED, L_DETACHED,
        0
@@ -127,6 +129,7 @@
 static int sysctl_kern_drivers(SYSCTLFN_PROTO);
 static int sysctl_security_setidcore(SYSCTLFN_PROTO);
 static int sysctl_security_setidcorename(SYSCTLFN_PROTO);
+static int sysctl_security_expose_address(SYSCTLFN_PROTO);
 static int sysctl_kern_cpid(SYSCTLFN_PROTO);
 static int sysctl_hw_usermem(SYSCTLFN_PROTO);
 static int sysctl_hw_cnmagic(SYSCTLFN_PROTO);
@@ -599,6 +602,12 @@
                        SYSCTL_DESCR("Kernel message verbosity"),
                        sysctl_kern_messages, 0, NULL, 0,
                        CTL_KERN, CTL_CREATE, CTL_EOL);
+       sysctl_createv(clog, 0, NULL, NULL,
+                       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+                       CTLTYPE_INT, "expose_address",
+                       SYSCTL_DESCR("Expose kernel addresses to userland"),
+                       sysctl_security_expose_address, 0, &kern_expose_address,
+                       0, CTL_KERN, CTL_CREATE, CTL_EOL);
 }
 
 SYSCTL_SETUP(sysctl_hw_misc_setup, "sysctl hw subtree misc setup")
@@ -798,7 +807,7 @@
        case AB_NORMAL:
        default:
                messageverbose = 2;
-}
+       }
 
        node = *rnode;
        node.sysctl_data = &messageverbose;
@@ -1340,6 +1349,37 @@
 }
 
 static int
+sysctl_security_expose_address(SYSCTLFN_ARGS)
+{
+       int expose_address, error;
+       struct sysctlnode node;
+
+       node = *rnode;
+       node.sysctl_data = &expose_address;
+       expose_address = *(int *)rnode->sysctl_data;
+       error = sysctl_lookup(SYSCTLFN_CALL(&node));
+       if (error || newp == NULL)
+               return error;
+
+       if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_KERNADDR,
+           0, NULL, NULL, NULL))
+               return (EPERM);
+
+       *(int *)rnode->sysctl_data = expose_address;
+
+       return 0;
+}
+
+bool
+get_expose_address(struct proc *p)
+{
+       /* allow only if sysctl variable is set or privileged */
+       return kern_expose_address || kauth_authorize_process(kauth_cred_get(),
+           KAUTH_PROCESS_CANSEE, p,
+           KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL) == 0;
+}
+
+static int
 sysctl_security_setidcorename(SYSCTLFN_ARGS)
 {
        int error;
diff -r 63617cf0e74f -r e7ff7fe46e19 sys/kern/kern_descrip.c
--- a/sys/kern/kern_descrip.c   Fri Oct 05 20:12:37 2018 +0000
+++ b/sys/kern/kern_descrip.c   Fri Oct 05 22:12:37 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_descrip.c,v 1.237 2018/09/13 14:44:09 maxv Exp $  */
+/*     $NetBSD: kern_descrip.c,v 1.238 2018/10/05 22:12:38 christos Exp $      */
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.237 2018/09/13 14:44:09 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.238 2018/10/05 22:12:38 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -2283,49 +2283,37 @@
        return error;
 }
 
-#define SET_KERN_ADDR(dst, src, allow) \
-       do {                            \
-               if (allow)              \
-                       dst = src;      \
-       } while (0);
-
 static void
 fill_file(struct kinfo_file *kp, const file_t *fp, const fdfile_t *ff,
          int i, pid_t pid)
 {
-       bool allowaddr;
-       int error;
-
-       /* If not privileged, don't expose kernel addresses. */
-       error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
-           curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
-       allowaddr = (error == 0);
+       const bool allowaddr = get_expose_address(curproc);
 
        memset(kp, 0, sizeof(*kp));
 
-       SET_KERN_ADDR(kp->ki_fileaddr, PTRTOUINT64(fp), allowaddr);
+       COND_SET_VALUE(kp->ki_fileaddr, PTRTOUINT64(fp), allowaddr);
        kp->ki_flag =           fp->f_flag;
        kp->ki_iflags =         0;
        kp->ki_ftype =          fp->f_type;
        kp->ki_count =          fp->f_count;
        kp->ki_msgcount =       fp->f_msgcount;
-       SET_KERN_ADDR(kp->ki_fucred, PTRTOUINT64(fp->f_cred), allowaddr);
+       COND_SET_VALUE(kp->ki_fucred, PTRTOUINT64(fp->f_cred), allowaddr);
        kp->ki_fuid =           kauth_cred_geteuid(fp->f_cred);
        kp->ki_fgid =           kauth_cred_getegid(fp->f_cred);
-       SET_KERN_ADDR(kp->ki_fops, PTRTOUINT64(fp->f_ops), allowaddr);
+       COND_SET_VALUE(kp->ki_fops, PTRTOUINT64(fp->f_ops), allowaddr);
        kp->ki_foffset =        fp->f_offset;
-       SET_KERN_ADDR(kp->ki_fdata, PTRTOUINT64(fp->f_data), allowaddr);
+       COND_SET_VALUE(kp->ki_fdata, PTRTOUINT64(fp->f_data), allowaddr);
 
        /* vnode information to glue this file to something */
        if (fp->f_type == DTYPE_VNODE) {
                struct vnode *vp = fp->f_vnode;
 
-               SET_KERN_ADDR(kp->ki_vun, PTRTOUINT64(vp->v_un.vu_socket),
+               COND_SET_VALUE(kp->ki_vun, PTRTOUINT64(vp->v_un.vu_socket),
                    allowaddr);
                kp->ki_vsize =  vp->v_size;
                kp->ki_vtype =  vp->v_type;
                kp->ki_vtag =   vp->v_tag;
-               SET_KERN_ADDR(kp->ki_vdata, PTRTOUINT64(vp->v_data),
+               COND_SET_VALUE(kp->ki_vdata, PTRTOUINT64(vp->v_data),
                    allowaddr);
        }
 
diff -r 63617cf0e74f -r e7ff7fe46e19 sys/kern/kern_proc.c
--- a/sys/kern/kern_proc.c      Fri Oct 05 20:12:37 2018 +0000
+++ b/sys/kern/kern_proc.c      Fri Oct 05 22:12:37 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $     */
+/*     $NetBSD: kern_proc.c,v 1.218 2018/10/05 22:12:38 christos Exp $ */
 
 /*-
  * Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.218 2018/10/05 22:12:38 christos Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_kstack.h"
@@ -2160,35 +2160,24 @@
        return error;
 }
 
-#define SET_KERN_ADDR(dst, src, allow) \
-       do {                            \
-               if (allow)              \
-                       dst = src;      \
-       } while (0);
-
 /*
  * Fill in an eproc structure for the specified process.
  */
 void
 fill_eproc(struct proc *p, struct eproc *ep, bool zombie)
 {
-       bool allowaddr;
        struct tty *tp;
        struct lwp *l;
-       int error;
 
        KASSERT(mutex_owned(proc_lock));
        KASSERT(mutex_owned(p->p_lock));
 
        memset(ep, 0, sizeof(*ep));
 
-       /* If not privileged, don't expose kernel addresses. */
-       error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
-           curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
-       allowaddr = (error == 0);
+       const bool allowaddr = get_expose_address(curproc);
 
-       SET_KERN_ADDR(ep->e_paddr, p, allowaddr);
-       SET_KERN_ADDR(ep->e_sess, p->p_session, allowaddr);
+       COND_SET_VALUE(ep->e_paddr, p, allowaddr);
+       COND_SET_VALUE(ep->e_sess, p->p_session, allowaddr);
        if (p->p_cred) {
                kauth_cred_topcred(p->p_cred, &ep->e_pcred);
                kauth_cred_toucred(p->p_cred, &ep->e_ucred);
@@ -2219,7 +2208,7 @@
                    (tp = p->p_session->s_ttyp)) {
                        ep->e_tdev = tp->t_dev;
                        ep->e_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PGID;
-                       SET_KERN_ADDR(ep->e_tsess, tp->t_session, allowaddr);
+                       COND_SET_VALUE(ep->e_tsess, tp->t_session, allowaddr);
                } else
                        ep->e_tdev = (uint32_t)NODEV;
                ep->e_flag = p->p_session->s_ttyvp ? EPROC_CTTY : 0;
@@ -2243,31 +2232,26 @@
        sigset_t ss1, ss2;
        struct rusage ru;
        struct vmspace *vm;
-       bool allowaddr;
-       int error;
 
        KASSERT(mutex_owned(proc_lock));
        KASSERT(mutex_owned(p->p_lock));
 
-       /* If not privileged, don't expose kernel addresses. */
-       error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
-           curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
-       allowaddr = (error == 0);
+       const bool allowaddr = get_expose_address(curproc);
 
        sigemptyset(&ss1);
        sigemptyset(&ss2);
        memset(ki, 0, sizeof(*ki));
 
-       SET_KERN_ADDR(ki->p_paddr, PTRTOUINT64(p), allowaddr);
-       SET_KERN_ADDR(ki->p_fd, PTRTOUINT64(p->p_fd), allowaddr);
-       SET_KERN_ADDR(ki->p_cwdi, PTRTOUINT64(p->p_cwdi), allowaddr);
-       SET_KERN_ADDR(ki->p_stats, PTRTOUINT64(p->p_stats), allowaddr);
-       SET_KERN_ADDR(ki->p_limit, PTRTOUINT64(p->p_limit), allowaddr);
-       SET_KERN_ADDR(ki->p_vmspace, PTRTOUINT64(p->p_vmspace), allowaddr);
-       SET_KERN_ADDR(ki->p_sigacts, PTRTOUINT64(p->p_sigacts), allowaddr);
-       SET_KERN_ADDR(ki->p_sess, PTRTOUINT64(p->p_session), allowaddr);
+       COND_SET_VALUE(ki->p_paddr, PTRTOUINT64(p), allowaddr);
+       COND_SET_VALUE(ki->p_fd, PTRTOUINT64(p->p_fd), allowaddr);
+       COND_SET_VALUE(ki->p_cwdi, PTRTOUINT64(p->p_cwdi), allowaddr);
+       COND_SET_VALUE(ki->p_stats, PTRTOUINT64(p->p_stats), allowaddr);
+       COND_SET_VALUE(ki->p_limit, PTRTOUINT64(p->p_limit), allowaddr);
+       COND_SET_VALUE(ki->p_vmspace, PTRTOUINT64(p->p_vmspace), allowaddr);
+       COND_SET_VALUE(ki->p_sigacts, PTRTOUINT64(p->p_sigacts), allowaddr);
+       COND_SET_VALUE(ki->p_sess, PTRTOUINT64(p->p_session), allowaddr);
        ki->p_tsess = 0;        /* may be changed if controlling tty below */
-       SET_KERN_ADDR(ki->p_ru, PTRTOUINT64(&p->p_stats->p_ru), allowaddr);
+       COND_SET_VALUE(ki->p_ru, PTRTOUINT64(&p->p_stats->p_ru), allowaddr);
        ki->p_eflag = 0;
        ki->p_exitsig = p->p_exitsig;
        ki->p_flag = L_INMEM;   /* Process never swapped out */
@@ -2293,7 +2277,7 @@
        ki->p_sticks = p->p_sticks;
        ki->p_iticks = p->p_iticks;
        ki->p_tpgid = NO_PGID;  /* may be changed if controlling tty below */
-       SET_KERN_ADDR(ki->p_tracep, PTRTOUINT64(p->p_tracep), allowaddr);
+       COND_SET_VALUE(ki->p_tracep, PTRTOUINT64(p->p_tracep), allowaddr);
        ki->p_traceflag = p->p_traceflag;
 
        memcpy(&ki->p_sigignore, &p->p_sigctx.ps_sigignore,sizeof(ki_sigset_t));
@@ -2337,7 +2321,7 @@
                ki->p_nrlwps = p->p_nrlwps;
                ki->p_forw = 0;
                ki->p_back = 0;
-               SET_KERN_ADDR(ki->p_addr, PTRTOUINT64(l->l_addr), allowaddr);
+               COND_SET_VALUE(ki->p_addr, PTRTOUINT64(l->l_addr), allowaddr);
                ki->p_stat = l->l_stat;
                ki->p_flag |= sysctl_map_flags(sysctl_lwpflagmap, l->l_flag);
                ki->p_swtime = l->l_swtime;
@@ -2350,7 +2334,7 @@
                ki->p_usrpri = l->l_priority;
                if (l->l_wchan)
                        strncpy(ki->p_wmesg, l->l_wmesg, sizeof(ki->p_wmesg));



Home | Main Index | Thread Index | Old Index