Re: bin/54971: sockstat command output incorrect for normal user

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,scole_mail%gmx.com@localhost
Subject: Re: bin/54971: sockstat command output incorrect for normal user
From: scole_mail <scole_mail%gmx.com@localhost>
Date: Tue, 25 Aug 2020 02:05:01 +0000 (UTC)

The following reply was made to PR bin/54971; it has been noted by GNATS.

From: scole_mail <scole_mail%gmx.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/54971: sockstat command output incorrect for normal user
Date: Mon, 24 Aug 2020 19:04:43 -0700

 I've been looking into this a little and I believe it is permission
 issue that changed between 8.0 and 9.0.  I see a sysctl variable
 kern.expose_address was added
  https://nxr.netbsd.org/xref/src/sys/kern/kern_descrip.c#2342
 to allow fstat/pstat -f/netstat to read kernel-protected addresses as a
 normal user when enabled.

 But sockstat still can't read those protected fields even with
 kern.expose_address=3D1.  I think there are at least 2 reasons.

 1) Unlike the other *stat commands (fstat/netstat/pstat/...), sockstat
    is not set-group-id-on-execution.

 2) src/usr.bin/sockstat/sockstat.c is only using sysctls
   (prog_sysctlnametomib & prog_sysctl) to populate its file structures,
   and some fields (kinfo_file->ki_fdata) are unreadable, even with
   kern.expose_address=3D1.  For example, ki_fdata is always read as "0",
   and since there is hash of sockets addresses used for displaying the
   	"PROTO  LOCAL ADDRESS         FOREIGN ADDRESS"
   fields, it doesn't work correctly.

 So I tried making sockstat match other permissions of
 fstat/netstat/pstat:
 	-r-xr-sr-x  1 root  kmem

 That didn't work by itself, even when whole sockstat exe ran as
 setegid(getegid()).  But, if I do a call to kvm_open, don't even use the
 descriptor, then close it (right after parsing input args):
        // set-group-id-on-exec
 	kd =3D kvm_openfiles(NULL, NULL, NULL, O_RDONLY, buf);
 	if (kd =3D=3D NULL)
  		errx(1, "%s", buf);
         kvm_close(kd);
         // unset-group-id-on-exec
 then the sysctl calls work correctly, and the sockstat program runs as
 before

 Is there "proper" way to give these sysctl's enough permissions to read
 kernel addresses, or should sockstat really be using for kvm(3)?

 Why does kvm_open/kvm_close/sysctl even work at all?

 I know sysctl is only for live kernels, but I saw some of the other
 *stat (pstat/fstat/...) use both sysctl and kvm, wouldn't it be easier
 to maintain just to use only kvm?

 This is was all tested on NetBSD 9.

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: bin/55605: [PATCH] script(1): does not wait on child pid when stdin is not a tty
Previous by Thread: Re: bin/54971: sockstat command output incorrect for normal user
Next by Thread: Re: bin/54971: sockstat command output incorrect for normal user
Indexes:

Home | Main Index | Thread Index | Old Index