Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Provide a sysctl kern.expose_address to expose kernel addresses in 

sysctl structure returns for non-root. Defaults to off. Turning it
on will restore sockstat/fstat and friends for regular users.
This commit is contained in:
christos 2018-10-05 22:12:37 +00:00
parent 52b4b66650
commit 6015b4b38b
6 changed files with 91 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
sys/kern/init_sysctl.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: init_sysctl.c,v 1.217 2018/09/16 20:39:04 mrg Exp $ */
/* $NetBSD: init_sysctl.c,v 1.218 2018/10/05 22:12:38 christos Exp $ */
/*-
* Copyright (c) 2003, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.217 2018/09/16 20:39:04 mrg Exp $");
__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.218 2018/10/05 22:12:38 christos Exp $");
#include "opt_sysv.h"
#include "opt_compat_netbsd.h"
@ -85,6 +85,8 @@ int kern_has_sysvmsg = 0;
int kern_has_sysvshm = 0;
int kern_has_sysvsem = 0;
int kern_expose_address = 0;
static const u_int sysctl_lwpprflagmap[] = {
LPR_DETACHED, L_DETACHED,
0
@ -127,6 +129,7 @@ static int sysctl_kern_root_partition(SYSCTLFN_PROTO);
static int sysctl_kern_drivers(SYSCTLFN_PROTO);
static int sysctl_security_setidcore(SYSCTLFN_PROTO);
static int sysctl_security_setidcorename(SYSCTLFN_PROTO);
static int sysctl_security_expose_address(SYSCTLFN_PROTO);
static int sysctl_kern_cpid(SYSCTLFN_PROTO);
static int sysctl_hw_usermem(SYSCTLFN_PROTO);
static int sysctl_hw_cnmagic(SYSCTLFN_PROTO);
@ -599,6 +602,12 @@ SYSCTL_SETUP(sysctl_kern_setup, "sysctl kern subtree setup")
SYSCTL_DESCR("Kernel message verbosity"),
sysctl_kern_messages, 0, NULL, 0,
CTL_KERN, CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "expose_address",
SYSCTL_DESCR("Expose kernel addresses to userland"),
sysctl_security_expose_address, 0, &kern_expose_address,
0, CTL_KERN, CTL_CREATE, CTL_EOL);
}
SYSCTL_SETUP(sysctl_hw_misc_setup, "sysctl hw subtree misc setup")
@ -798,7 +807,7 @@ sysctl_kern_messages(SYSCTLFN_ARGS)
case AB_NORMAL:
default:
messageverbose = 2;
}
}
node = *rnode;
node.sysctl_data = &messageverbose;
@ -1339,6 +1348,37 @@ sysctl_security_setidcore(SYSCTLFN_ARGS)
return 0;
}
static int
sysctl_security_expose_address(SYSCTLFN_ARGS)
{
int expose_address, error;
struct sysctlnode node;
node = *rnode;
node.sysctl_data = &expose_address;
expose_address = *(int *)rnode->sysctl_data;
error = sysctl_lookup(SYSCTLFN_CALL(&node));
if (error || newp == NULL)
return error;
if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_KERNADDR,
0, NULL, NULL, NULL))
return (EPERM);
*(int *)rnode->sysctl_data = expose_address;
return 0;
}
bool
get_expose_address(struct proc *p)
{
/* allow only if sysctl variable is set or privileged */
return kern_expose_address || kauth_authorize_process(kauth_cred_get(),
KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL) == 0;
}
static int
sysctl_security_setidcorename(SYSCTLFN_ARGS)
{

30
sys/kern/kern_descrip.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_descrip.c,v 1.237 2018/09/13 14:44:09 maxv Exp $ */
/* $NetBSD: kern_descrip.c,v 1.238 2018/10/05 22:12:38 christos Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.237 2018/09/13 14:44:09 maxv Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.238 2018/10/05 22:12:38 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -2283,49 +2283,37 @@ sysctl_kern_file2(SYSCTLFN_ARGS)
return error;
}
#define SET_KERN_ADDR(dst, src, allow) \
do { \
if (allow) \
dst = src; \
} while (0);
static void
fill_file(struct kinfo_file *kp, const file_t *fp, const fdfile_t *ff,
int i, pid_t pid)
{
bool allowaddr;
int error;
/* If not privileged, don't expose kernel addresses. */
error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
allowaddr = (error == 0);
const bool allowaddr = get_expose_address(curproc);
memset(kp, 0, sizeof(*kp));
SET_KERN_ADDR(kp->ki_fileaddr, PTRTOUINT64(fp), allowaddr);
COND_SET_VALUE(kp->ki_fileaddr, PTRTOUINT64(fp), allowaddr);
kp->ki_flag = fp->f_flag;
kp->ki_iflags = 0;
kp->ki_ftype = fp->f_type;
kp->ki_count = fp->f_count;
kp->ki_msgcount = fp->f_msgcount;
SET_KERN_ADDR(kp->ki_fucred, PTRTOUINT64(fp->f_cred), allowaddr);
COND_SET_VALUE(kp->ki_fucred, PTRTOUINT64(fp->f_cred), allowaddr);
kp->ki_fuid = kauth_cred_geteuid(fp->f_cred);
kp->ki_fgid = kauth_cred_getegid(fp->f_cred);
SET_KERN_ADDR(kp->ki_fops, PTRTOUINT64(fp->f_ops), allowaddr);
COND_SET_VALUE(kp->ki_fops, PTRTOUINT64(fp->f_ops), allowaddr);
kp->ki_foffset = fp->f_offset;
SET_KERN_ADDR(kp->ki_fdata, PTRTOUINT64(fp->f_data), allowaddr);
COND_SET_VALUE(kp->ki_fdata, PTRTOUINT64(fp->f_data), allowaddr);
/* vnode information to glue this file to something */
if (fp->f_type == DTYPE_VNODE) {
struct vnode *vp = fp->f_vnode;
SET_KERN_ADDR(kp->ki_vun, PTRTOUINT64(vp->v_un.vu_socket),
COND_SET_VALUE(kp->ki_vun, PTRTOUINT64(vp->v_un.vu_socket),
allowaddr);
kp->ki_vsize = vp->v_size;
kp->ki_vtype = vp->v_type;
kp->ki_vtag = vp->v_tag;
SET_KERN_ADDR(kp->ki_vdata, PTRTOUINT64(vp->v_data),
COND_SET_VALUE(kp->ki_vdata, PTRTOUINT64(vp->v_data),
allowaddr);
}

56
sys/kern/kern_proc.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $ */
/* $NetBSD: kern_proc.c,v 1.218 2018/10/05 22:12:38 christos Exp $ */
/*-
* Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.217 2018/09/04 16:03:56 maxv Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.218 2018/10/05 22:12:38 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_kstack.h"
@ -2160,35 +2160,24 @@ done:
return error;
}
#define SET_KERN_ADDR(dst, src, allow) \
do { \
if (allow) \
dst = src; \
} while (0);
/*
* Fill in an eproc structure for the specified process.
*/
void
fill_eproc(struct proc *p, struct eproc *ep, bool zombie)
{
bool allowaddr;
struct tty *tp;
struct lwp *l;
int error;
KASSERT(mutex_owned(proc_lock));
KASSERT(mutex_owned(p->p_lock));
memset(ep, 0, sizeof(*ep));
/* If not privileged, don't expose kernel addresses. */
error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
allowaddr = (error == 0);
const bool allowaddr = get_expose_address(curproc);
SET_KERN_ADDR(ep->e_paddr, p, allowaddr);
SET_KERN_ADDR(ep->e_sess, p->p_session, allowaddr);
COND_SET_VALUE(ep->e_paddr, p, allowaddr);
COND_SET_VALUE(ep->e_sess, p->p_session, allowaddr);
if (p->p_cred) {
kauth_cred_topcred(p->p_cred, &ep->e_pcred);
kauth_cred_toucred(p->p_cred, &ep->e_ucred);
@ -2219,7 +2208,7 @@ fill_eproc(struct proc *p, struct eproc *ep, bool zombie)
(tp = p->p_session->s_ttyp)) {
ep->e_tdev = tp->t_dev;
ep->e_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PGID;
SET_KERN_ADDR(ep->e_tsess, tp->t_session, allowaddr);
COND_SET_VALUE(ep->e_tsess, tp->t_session, allowaddr);
} else
ep->e_tdev = (uint32_t)NODEV;
ep->e_flag = p->p_session->s_ttyvp ? EPROC_CTTY : 0;
@ -2243,31 +2232,26 @@ fill_kproc2(struct proc *p, struct kinfo_proc2 *ki, bool zombie)
sigset_t ss1, ss2;
struct rusage ru;
struct vmspace *vm;
bool allowaddr;
int error;
KASSERT(mutex_owned(proc_lock));
KASSERT(mutex_owned(p->p_lock));
/* If not privileged, don't expose kernel addresses. */
error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
allowaddr = (error == 0);
const bool allowaddr = get_expose_address(curproc);
sigemptyset(&ss1);
sigemptyset(&ss2);
memset(ki, 0, sizeof(*ki));
SET_KERN_ADDR(ki->p_paddr, PTRTOUINT64(p), allowaddr);
SET_KERN_ADDR(ki->p_fd, PTRTOUINT64(p->p_fd), allowaddr);
SET_KERN_ADDR(ki->p_cwdi, PTRTOUINT64(p->p_cwdi), allowaddr);
SET_KERN_ADDR(ki->p_stats, PTRTOUINT64(p->p_stats), allowaddr);
SET_KERN_ADDR(ki->p_limit, PTRTOUINT64(p->p_limit), allowaddr);
SET_KERN_ADDR(ki->p_vmspace, PTRTOUINT64(p->p_vmspace), allowaddr);
SET_KERN_ADDR(ki->p_sigacts, PTRTOUINT64(p->p_sigacts), allowaddr);
SET_KERN_ADDR(ki->p_sess, PTRTOUINT64(p->p_session), allowaddr);
COND_SET_VALUE(ki->p_paddr, PTRTOUINT64(p), allowaddr);
COND_SET_VALUE(ki->p_fd, PTRTOUINT64(p->p_fd), allowaddr);
COND_SET_VALUE(ki->p_cwdi, PTRTOUINT64(p->p_cwdi), allowaddr);
COND_SET_VALUE(ki->p_stats, PTRTOUINT64(p->p_stats), allowaddr);
COND_SET_VALUE(ki->p_limit, PTRTOUINT64(p->p_limit), allowaddr);
COND_SET_VALUE(ki->p_vmspace, PTRTOUINT64(p->p_vmspace), allowaddr);
COND_SET_VALUE(ki->p_sigacts, PTRTOUINT64(p->p_sigacts), allowaddr);
COND_SET_VALUE(ki->p_sess, PTRTOUINT64(p->p_session), allowaddr);
ki->p_tsess = 0; /* may be changed if controlling tty below */
SET_KERN_ADDR(ki->p_ru, PTRTOUINT64(&p->p_stats->p_ru), allowaddr);
COND_SET_VALUE(ki->p_ru, PTRTOUINT64(&p->p_stats->p_ru), allowaddr);
ki->p_eflag = 0;
ki->p_exitsig = p->p_exitsig;
ki->p_flag = L_INMEM; /* Process never swapped out */
@ -2293,7 +2277,7 @@ fill_kproc2(struct proc *p, struct kinfo_proc2 *ki, bool zombie)
ki->p_sticks = p->p_sticks;
ki->p_iticks = p->p_iticks;
ki->p_tpgid = NO_PGID; /* may be changed if controlling tty below */
SET_KERN_ADDR(ki->p_tracep, PTRTOUINT64(p->p_tracep), allowaddr);
COND_SET_VALUE(ki->p_tracep, PTRTOUINT64(p->p_tracep), allowaddr);
ki->p_traceflag = p->p_traceflag;
memcpy(&ki->p_sigignore, &p->p_sigctx.ps_sigignore,sizeof(ki_sigset_t));
@ -2337,7 +2321,7 @@ fill_kproc2(struct proc *p, struct kinfo_proc2 *ki, bool zombie)
ki->p_nrlwps = p->p_nrlwps;
ki->p_forw = 0;
ki->p_back = 0;
SET_KERN_ADDR(ki->p_addr, PTRTOUINT64(l->l_addr), allowaddr);
COND_SET_VALUE(ki->p_addr, PTRTOUINT64(l->l_addr), allowaddr);
ki->p_stat = l->l_stat;
ki->p_flag |= sysctl_map_flags(sysctl_lwpflagmap, l->l_flag);
ki->p_swtime = l->l_swtime;
@ -2350,7 +2334,7 @@ fill_kproc2(struct proc *p, struct kinfo_proc2 *ki, bool zombie)
ki->p_usrpri = l->l_priority;
if (l->l_wchan)
strncpy(ki->p_wmesg, l->l_wmesg, sizeof(ki->p_wmesg));
SET_KERN_ADDR(ki->p_wchan, PTRTOUINT64(l->l_wchan), allowaddr);
COND_SET_VALUE(ki->p_wchan, PTRTOUINT64(l->l_wchan), allowaddr);
ki->p_cpuid = cpu_index(l->l_cpu);
lwp_unlock(l);
LIST_FOREACH(l, &p->p_lwps, l_sibling) {
@ -2379,7 +2363,7 @@ fill_kproc2(struct proc *p, struct kinfo_proc2 *ki, bool zombie)
if ((p->p_lflag & PL_CONTROLT) && (tp = p->p_session->s_ttyp)) {
ki->p_tdev = tp->t_dev;
ki->p_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PGID;
SET_KERN_ADDR(ki->p_tsess, PTRTOUINT64(tp->t_session),
COND_SET_VALUE(ki->p_tsess, PTRTOUINT64(tp->t_session),
allowaddr);
} else {
ki->p_tdev = (int32_t)NODEV;

10
sys/secmodel/suser/secmodel_suser.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: secmodel_suser.c,v 1.48 2018/09/04 14:31:19 maxv Exp $ */
/* $NetBSD: secmodel_suser.c,v 1.49 2018/10/05 22:12:38 christos Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.48 2018/09/04 14:31:19 maxv Exp $");
__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.49 2018/10/05 22:12:38 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -446,6 +446,12 @@ secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
break;
case KAUTH_SYSTEM_KERNADDR:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}

3
sys/sys/kauth.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: kauth.h,v 1.80 2018/09/04 14:31:18 maxv Exp $ */
/* $NetBSD: kauth.h,v 1.81 2018/10/05 22:12:37 christos Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@ -144,6 +144,7 @@ enum {
KAUTH_SYSTEM_FS_EXTATTR,
KAUTH_SYSTEM_FS_SNAPSHOT,
KAUTH_SYSTEM_INTR,
KAUTH_SYSTEM_KERNADDR,
};
/*

10
sys/sys/systm.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: systm.h,v 1.278 2018/09/18 01:25:09 mrg Exp $ */
/* $NetBSD: systm.h,v 1.279 2018/10/05 22:12:37 christos Exp $ */
/*-
* Copyright (c) 1982, 1988, 1991, 1993
@ -184,6 +184,14 @@ enum hashtype {
};
#ifdef _KERNEL
#define COND_SET_VALUE(dst, src, allow) \
do { \
if (allow) \
dst = src; \
} while (/*CONSTCOND*/0);
bool get_expose_address(struct proc *);
void *hashinit(u_int, enum hashtype, bool, u_long *);
void hashdone(void *, enum hashtype, u_long);
int seltrue(dev_t, int, struct lwp *);