Module Name: src Committed By: christos Date: Fri Oct 5 22:12:38 UTC 2018
Modified Files: src/sys/kern: init_sysctl.c kern_descrip.c kern_proc.c src/sys/secmodel/suser: secmodel_suser.c src/sys/sys: kauth.h systm.h Log Message: Provide a sysctl kern.expose_address to expose kernel addresses in sysctl structure returns for non-root. Defaults to off. Turning it on will restore sockstat/fstat and friends for regular users. To generate a diff of this commit: cvs rdiff -u -r1.217 -r1.218 src/sys/kern/init_sysctl.c \ src/sys/kern/kern_proc.c cvs rdiff -u -r1.237 -r1.238 src/sys/kern/kern_descrip.c cvs rdiff -u -r1.48 -r1.49 src/sys/secmodel/suser/secmodel_suser.c cvs rdiff -u -r1.80 -r1.81 src/sys/sys/kauth.h cvs rdiff -u -r1.278 -r1.279 src/sys/sys/systm.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/init_sysctl.c diff -u src/sys/kern/init_sysctl.c:1.217 src/sys/kern/init_sysctl.c:1.218 --- src/sys/kern/init_sysctl.c:1.217 Sun Sep 16 16:39:04 2018 +++ src/sys/kern/init_sysctl.c Fri Oct 5 18:12:38 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: init_sysctl.c,v 1.217 2018/09/16 20:39:04 mrg Exp $ */ +/* $NetBSD: init_sysctl.c,v 1.218 2018/10/05 22:12:38 christos Exp $ */ /*- * Copyright (c) 2003, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.217 2018/09/16 20:39:04 mrg Exp $"); +__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.218 2018/10/05 22:12:38 christos Exp $"); #include "opt_sysv.h" #include "opt_compat_netbsd.h" @@ -85,6 +85,8 @@ int kern_has_sysvmsg = 0; int kern_has_sysvshm = 0; int kern_has_sysvsem = 0; +int kern_expose_address = 0; + static const u_int sysctl_lwpprflagmap[] = { LPR_DETACHED, L_DETACHED, 0 @@ -127,6 +129,7 @@ static int sysctl_kern_root_partition(SY static int sysctl_kern_drivers(SYSCTLFN_PROTO); static int sysctl_security_setidcore(SYSCTLFN_PROTO); static int sysctl_security_setidcorename(SYSCTLFN_PROTO); +static int sysctl_security_expose_address(SYSCTLFN_PROTO); static int sysctl_kern_cpid(SYSCTLFN_PROTO); static int sysctl_hw_usermem(SYSCTLFN_PROTO); static int sysctl_hw_cnmagic(SYSCTLFN_PROTO); @@ -599,6 +602,12 @@ SYSCTL_SETUP(sysctl_kern_setup, "sysctl SYSCTL_DESCR("Kernel message verbosity"), sysctl_kern_messages, 0, NULL, 0, CTL_KERN, CTL_CREATE, CTL_EOL); + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT|CTLFLAG_READWRITE, + CTLTYPE_INT, "expose_address", + SYSCTL_DESCR("Expose kernel addresses to userland"), + sysctl_security_expose_address, 0, &kern_expose_address, + 0, CTL_KERN, CTL_CREATE, CTL_EOL); } SYSCTL_SETUP(sysctl_hw_misc_setup, "sysctl hw subtree misc setup") @@ -798,7 +807,7 @@ sysctl_kern_messages(SYSCTLFN_ARGS) case AB_NORMAL: default: messageverbose = 2; -} + } node = *rnode; node.sysctl_data = &messageverbose; @@ -1340,6 +1349,37 @@ sysctl_security_setidcore(SYSCTLFN_ARGS) } static int +sysctl_security_expose_address(SYSCTLFN_ARGS) +{ + int expose_address, error; + struct sysctlnode node; + + node = *rnode; + node.sysctl_data = &expose_address; + expose_address = *(int *)rnode->sysctl_data; + error = sysctl_lookup(SYSCTLFN_CALL(&node)); + if (error || newp == NULL) + return error; + + if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_KERNADDR, + 0, NULL, NULL, NULL)) + return (EPERM); + + *(int *)rnode->sysctl_data = expose_address; + + return 0; +} + +bool +get_expose_address(struct proc *p) +{ + /* allow only if sysctl variable is set or privileged */ + return kern_expose_address || kauth_authorize_process(kauth_cred_get(), + KAUTH_PROCESS_CANSEE, p, + KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL) == 0; +} + +static int sysctl_security_setidcorename(SYSCTLFN_ARGS) { int error; Index: src/sys/kern/kern_proc.c diff -u src/sys/kern/kern_proc.c:1.217 src/sys/kern/kern_proc.c:1.218 --- src/sys/kern/kern_proc.c:1.217 Tue Sep 4 12:03:56 2018 +++ src/sys/kern/kern_proc.c Fri Oct 5 18:12:38 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $ */ +/* $NetBSD: kern_proc.c,v 1.218 2018/10/05 22:12:38 christos Exp $ */ /*- * Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.218 2018/10/05 22:12:38 christos Exp $"); #ifdef _KERNEL_OPT #include "opt_kstack.h" @@ -2160,35 +2160,24 @@ done: return error; } -#define SET_KERN_ADDR(dst, src, allow) \ - do { \ - if (allow) \ - dst = src; \ - } while (0); - /* * Fill in an eproc structure for the specified process. */ void fill_eproc(struct proc *p, struct eproc *ep, bool zombie) { - bool allowaddr; struct tty *tp; struct lwp *l; - int error; KASSERT(mutex_owned(proc_lock)); KASSERT(mutex_owned(p->p_lock)); memset(ep, 0, sizeof(*ep)); - /* If not privileged, don't expose kernel addresses. */ - error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE, - curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL); - allowaddr = (error == 0); + const bool allowaddr = get_expose_address(curproc); - SET_KERN_ADDR(ep->e_paddr, p, allowaddr); - SET_KERN_ADDR(ep->e_sess, p->p_session, allowaddr); + COND_SET_VALUE(ep->e_paddr, p, allowaddr); + COND_SET_VALUE(ep->e_sess, p->p_session, allowaddr); if (p->p_cred) { kauth_cred_topcred(p->p_cred, &ep->e_pcred); kauth_cred_toucred(p->p_cred, &ep->e_ucred); @@ -2219,7 +2208,7 @@ fill_eproc(struct proc *p, struct eproc (tp = p->p_session->s_ttyp)) { ep->e_tdev = tp->t_dev; ep->e_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PGID; - SET_KERN_ADDR(ep->e_tsess, tp->t_session, allowaddr); + COND_SET_VALUE(ep->e_tsess, tp->t_session, allowaddr); } else ep->e_tdev = (uint32_t)NODEV; ep->e_flag = p->p_session->s_ttyvp ? EPROC_CTTY : 0; @@ -2243,31 +2232,26 @@ fill_kproc2(struct proc *p, struct kinfo sigset_t ss1, ss2; struct rusage ru; struct vmspace *vm; - bool allowaddr; - int error; KASSERT(mutex_owned(proc_lock)); KASSERT(mutex_owned(p->p_lock)); - /* If not privileged, don't expose kernel addresses. */ - error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE, - curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL); - allowaddr = (error == 0); + const bool allowaddr = get_expose_address(curproc); sigemptyset(&ss1); sigemptyset(&ss2); memset(ki, 0, sizeof(*ki)); - SET_KERN_ADDR(ki->p_paddr, PTRTOUINT64(p), allowaddr); - SET_KERN_ADDR(ki->p_fd, PTRTOUINT64(p->p_fd), allowaddr); - SET_KERN_ADDR(ki->p_cwdi, PTRTOUINT64(p->p_cwdi), allowaddr); - SET_KERN_ADDR(ki->p_stats, PTRTOUINT64(p->p_stats), allowaddr); - SET_KERN_ADDR(ki->p_limit, PTRTOUINT64(p->p_limit), allowaddr); - SET_KERN_ADDR(ki->p_vmspace, PTRTOUINT64(p->p_vmspace), allowaddr); - SET_KERN_ADDR(ki->p_sigacts, PTRTOUINT64(p->p_sigacts), allowaddr); - SET_KERN_ADDR(ki->p_sess, PTRTOUINT64(p->p_session), allowaddr); + COND_SET_VALUE(ki->p_paddr, PTRTOUINT64(p), allowaddr); + COND_SET_VALUE(ki->p_fd, PTRTOUINT64(p->p_fd), allowaddr); + COND_SET_VALUE(ki->p_cwdi, PTRTOUINT64(p->p_cwdi), allowaddr); + COND_SET_VALUE(ki->p_stats, PTRTOUINT64(p->p_stats), allowaddr); + COND_SET_VALUE(ki->p_limit, PTRTOUINT64(p->p_limit), allowaddr); + COND_SET_VALUE(ki->p_vmspace, PTRTOUINT64(p->p_vmspace), allowaddr); + COND_SET_VALUE(ki->p_sigacts, PTRTOUINT64(p->p_sigacts), allowaddr); + COND_SET_VALUE(ki->p_sess, PTRTOUINT64(p->p_session), allowaddr); ki->p_tsess = 0; /* may be changed if controlling tty below */ - SET_KERN_ADDR(ki->p_ru, PTRTOUINT64(&p->p_stats->p_ru), allowaddr); + COND_SET_VALUE(ki->p_ru, PTRTOUINT64(&p->p_stats->p_ru), allowaddr); ki->p_eflag = 0; ki->p_exitsig = p->p_exitsig; ki->p_flag = L_INMEM; /* Process never swapped out */ @@ -2293,7 +2277,7 @@ fill_kproc2(struct proc *p, struct kinfo ki->p_sticks = p->p_sticks; ki->p_iticks = p->p_iticks; ki->p_tpgid = NO_PGID; /* may be changed if controlling tty below */ - SET_KERN_ADDR(ki->p_tracep, PTRTOUINT64(p->p_tracep), allowaddr); + COND_SET_VALUE(ki->p_tracep, PTRTOUINT64(p->p_tracep), allowaddr); ki->p_traceflag = p->p_traceflag; memcpy(&ki->p_sigignore, &p->p_sigctx.ps_sigignore,sizeof(ki_sigset_t)); @@ -2337,7 +2321,7 @@ fill_kproc2(struct proc *p, struct kinfo ki->p_nrlwps = p->p_nrlwps; ki->p_forw = 0; ki->p_back = 0; - SET_KERN_ADDR(ki->p_addr, PTRTOUINT64(l->l_addr), allowaddr); + COND_SET_VALUE(ki->p_addr, PTRTOUINT64(l->l_addr), allowaddr); ki->p_stat = l->l_stat; ki->p_flag |= sysctl_map_flags(sysctl_lwpflagmap, l->l_flag); ki->p_swtime = l->l_swtime; @@ -2350,7 +2334,7 @@ fill_kproc2(struct proc *p, struct kinfo ki->p_usrpri = l->l_priority; if (l->l_wchan) strncpy(ki->p_wmesg, l->l_wmesg, sizeof(ki->p_wmesg)); - SET_KERN_ADDR(ki->p_wchan, PTRTOUINT64(l->l_wchan), allowaddr); + COND_SET_VALUE(ki->p_wchan, PTRTOUINT64(l->l_wchan), allowaddr); ki->p_cpuid = cpu_index(l->l_cpu); lwp_unlock(l); LIST_FOREACH(l, &p->p_lwps, l_sibling) { @@ -2379,7 +2363,7 @@ fill_kproc2(struct proc *p, struct kinfo if ((p->p_lflag & PL_CONTROLT) && (tp = p->p_session->s_ttyp)) { ki->p_tdev = tp->t_dev; ki->p_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PGID; - SET_KERN_ADDR(ki->p_tsess, PTRTOUINT64(tp->t_session), + COND_SET_VALUE(ki->p_tsess, PTRTOUINT64(tp->t_session), allowaddr); } else { ki->p_tdev = (int32_t)NODEV; Index: src/sys/kern/kern_descrip.c diff -u src/sys/kern/kern_descrip.c:1.237 src/sys/kern/kern_descrip.c:1.238 --- src/sys/kern/kern_descrip.c:1.237 Thu Sep 13 10:44:09 2018 +++ src/sys/kern/kern_descrip.c Fri Oct 5 18:12:38 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_descrip.c,v 1.237 2018/09/13 14:44:09 maxv Exp $ */ +/* $NetBSD: kern_descrip.c,v 1.238 2018/10/05 22:12:38 christos Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.237 2018/09/13 14:44:09 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.238 2018/10/05 22:12:38 christos Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -2283,49 +2283,37 @@ sysctl_kern_file2(SYSCTLFN_ARGS) return error; } -#define SET_KERN_ADDR(dst, src, allow) \ - do { \ - if (allow) \ - dst = src; \ - } while (0); - static void fill_file(struct kinfo_file *kp, const file_t *fp, const fdfile_t *ff, int i, pid_t pid) { - bool allowaddr; - int error; - - /* If not privileged, don't expose kernel addresses. */ - error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE, - curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL); - allowaddr = (error == 0); + const bool allowaddr = get_expose_address(curproc); memset(kp, 0, sizeof(*kp)); - SET_KERN_ADDR(kp->ki_fileaddr, PTRTOUINT64(fp), allowaddr); + COND_SET_VALUE(kp->ki_fileaddr, PTRTOUINT64(fp), allowaddr); kp->ki_flag = fp->f_flag; kp->ki_iflags = 0; kp->ki_ftype = fp->f_type; kp->ki_count = fp->f_count; kp->ki_msgcount = fp->f_msgcount; - SET_KERN_ADDR(kp->ki_fucred, PTRTOUINT64(fp->f_cred), allowaddr); + COND_SET_VALUE(kp->ki_fucred, PTRTOUINT64(fp->f_cred), allowaddr); kp->ki_fuid = kauth_cred_geteuid(fp->f_cred); kp->ki_fgid = kauth_cred_getegid(fp->f_cred); - SET_KERN_ADDR(kp->ki_fops, PTRTOUINT64(fp->f_ops), allowaddr); + COND_SET_VALUE(kp->ki_fops, PTRTOUINT64(fp->f_ops), allowaddr); kp->ki_foffset = fp->f_offset; - SET_KERN_ADDR(kp->ki_fdata, PTRTOUINT64(fp->f_data), allowaddr); + COND_SET_VALUE(kp->ki_fdata, PTRTOUINT64(fp->f_data), allowaddr); /* vnode information to glue this file to something */ if (fp->f_type == DTYPE_VNODE) { struct vnode *vp = fp->f_vnode; - SET_KERN_ADDR(kp->ki_vun, PTRTOUINT64(vp->v_un.vu_socket), + COND_SET_VALUE(kp->ki_vun, PTRTOUINT64(vp->v_un.vu_socket), allowaddr); kp->ki_vsize = vp->v_size; kp->ki_vtype = vp->v_type; kp->ki_vtag = vp->v_tag; - SET_KERN_ADDR(kp->ki_vdata, PTRTOUINT64(vp->v_data), + COND_SET_VALUE(kp->ki_vdata, PTRTOUINT64(vp->v_data), allowaddr); } Index: src/sys/secmodel/suser/secmodel_suser.c diff -u src/sys/secmodel/suser/secmodel_suser.c:1.48 src/sys/secmodel/suser/secmodel_suser.c:1.49 --- src/sys/secmodel/suser/secmodel_suser.c:1.48 Tue Sep 4 10:31:19 2018 +++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 5 18:12:38 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_suser.c,v 1.48 2018/09/04 14:31:19 maxv Exp $ */ +/* $NetBSD: secmodel_suser.c,v 1.49 2018/10/05 22:12:38 christos Exp $ */ /*- * Copyright (c) 2006 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -38,7 +38,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.48 2018/09/04 14:31:19 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.49 2018/10/05 22:12:38 christos Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -446,6 +446,12 @@ secmodel_suser_system_cb(kauth_cred_t cr break; + case KAUTH_SYSTEM_KERNADDR: + if (isroot) + result = KAUTH_RESULT_ALLOW; + + break; + default: break; } Index: src/sys/sys/kauth.h diff -u src/sys/sys/kauth.h:1.80 src/sys/sys/kauth.h:1.81 --- src/sys/sys/kauth.h:1.80 Tue Sep 4 10:31:18 2018 +++ src/sys/sys/kauth.h Fri Oct 5 18:12:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kauth.h,v 1.80 2018/09/04 14:31:18 maxv Exp $ */ +/* $NetBSD: kauth.h,v 1.81 2018/10/05 22:12:37 christos Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org> @@ -144,6 +144,7 @@ enum { KAUTH_SYSTEM_FS_EXTATTR, KAUTH_SYSTEM_FS_SNAPSHOT, KAUTH_SYSTEM_INTR, + KAUTH_SYSTEM_KERNADDR, }; /* Index: src/sys/sys/systm.h diff -u src/sys/sys/systm.h:1.278 src/sys/sys/systm.h:1.279 --- src/sys/sys/systm.h:1.278 Mon Sep 17 21:25:09 2018 +++ src/sys/sys/systm.h Fri Oct 5 18:12:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: systm.h,v 1.278 2018/09/18 01:25:09 mrg Exp $ */ +/* $NetBSD: systm.h,v 1.279 2018/10/05 22:12:37 christos Exp $ */ /*- * Copyright (c) 1982, 1988, 1991, 1993 @@ -184,6 +184,14 @@ enum hashtype { }; #ifdef _KERNEL +#define COND_SET_VALUE(dst, src, allow) \ + do { \ + if (allow) \ + dst = src; \ + } while (/*CONSTCOND*/0); + + +bool get_expose_address(struct proc *); void *hashinit(u_int, enum hashtype, bool, u_long *); void hashdone(void *, enum hashtype, u_long); int seltrue(dev_t, int, struct lwp *);