NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/53299: kernfs and procfs are broken when sysctl security.curtain is enabled
The following reply was made to PR kern/53299; it has been noted by GNATS.
From: RVP <rvp%SDF.ORG@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: kern/53299: kernfs and procfs are broken when sysctl security.curtain
is enabled
Date: Tue, 5 Oct 2021 08:36:56 +0000 (UTC)
If security.curtain=1, then on amd64/9.99.90 and 9.2_STABLE:
$ ls -lf /proc
ls: meminfo: No such file or directory
ls: cpuinfo: No such file or directory
ls: uptime: No such file or directory
ls: mounts: No such file or directory
ls: devices: No such file or directory
ls: stat: No such file or directory
ls: loadavg: No such file or directory
ls: version: No such file or directory
ls: meminfo: No such file or directory
ls: cpuinfo: No such file or directory
ls: uptime: No such file or directory
ls: mounts: No such file or directory
ls: devices: No such file or directory
ls: stat: No such file or directory
ls: loadavg: No such file or directory
ls: version: No such file or directory
ls: meminfo: No such file or directory
ls: cpuinfo: No such file or directory
ls: uptime: No such file or directory
ls: mounts: No such file or directory
ls: devices: No such file or directory
ls: stat: No such file or directory
ls: loadavg: No such file or directory
ls: version: No such file or directory
ls: stat: No such file or directory
ls: loadavg: No such file or directory
ls: version: No such file or directory
total 15
dr-xr-xr-x 1 root wheel 512 Oct 5 08:17 ./
drwxr-xr-x 23 root wheel 512 Oct 5 08:11 ../
lr-xr-xr-x 1 root wheel 4 Oct 5 08:17 curproc -> 2227
lr-xr-xr-x 1 root wheel 4 Oct 5 08:17 self -> curproc
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:17 2227/
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:17 414/
[...]
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:17 1960/
$
After applying the patch below:
$ ls -lf /proc
total 15
dr-xr-xr-x 1 root wheel 512 Oct 5 08:10 ./
drwxr-xr-x 23 root wheel 512 Oct 5 07:57 ../
lr-xr-xr-x 1 root wheel 3 Oct 5 08:10 curproc -> 327
lr-xr-xr-x 1 root wheel 3 Oct 5 08:10 self -> curproc
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:10 327/
[...]
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:10 1968/
$
---START PATCH for 9.99.90---
--- sys/miscfs/procfs/procfs_vnops.c.orig 2021-07-20 03:44:44.086700410 +0000
+++ sys/miscfs/procfs/procfs_vnops.c 2021-10-05 08:00:50.060416512 +0000
@@ -1221,16 +1221,16 @@
if (uiop->uio_resid < UIO_MX)
return -1; /* no space */
- if (ctxp->off < ctxp->startoff) {
- ctxp->off++;
- return 0;
- }
-
if (kauth_authorize_process(kauth_cred_get(),
KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL) != 0)
return 0;
+ if (ctxp->off < ctxp->startoff) {
+ ctxp->off++;
+ return 0;
+ }
+
memset(&d, 0, UIO_MX);
d.d_reclen = UIO_MX;
d.d_fileno = PROCFS_FILENO(p->p_pid, PFSproc, -1);
@@ -1483,6 +1483,7 @@
*/
case PFSroot: {
+ struct proc *p;
int nc = 0;
if (ap->a_ncookies) {
@@ -1548,6 +1549,9 @@
i = ctx.off;
if (i >= ctx.off + nproc_root_targets)
break;
+ if ((error = procfs_proc_lock(vp->v_mount, pfs->pfs_pid, &p,
+ ESRCH)) != 0)
+ break;
for (pt = &proc_root_targets[i - ctx.off];
uio->uio_resid >= UIO_MX &&
pt < &proc_root_targets[nproc_root_targets];
@@ -1555,6 +1559,11 @@
if (pt->pt_valid &&
(*pt->pt_valid)(NULL, vp->v_mount) == 0)
continue;
+ if (kauth_authorize_process(kauth_cred_get(),
+ KAUTH_PROCESS_CANSEE, p,
+ KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY),
+ NULL, NULL) != 0)
+ continue;
d.d_fileno = PROCFS_FILENO(0, pt->pt_pfstype, -1);
d.d_namlen = pt->pt_namlen;
memcpy(d.d_name, pt->pt_name, pt->pt_namlen + 1);
@@ -1568,6 +1577,7 @@
}
ncookies = nc;
+ procfs_proc_unlock(p);
break;
}
---END PATCH for 9.99.90---
-RVP
Home |
Main Index |
Thread Index |
Old Index