Date: Tue, 15 Jul 2008 23:35:20 +0200 From: Mateusz Guzik <mjguzik@gmail.com> To: freebsd-hackers@freebsd.org Subject: Usage of priv_cred in sys/kern/kern_ktrace.c Message-ID: <20080715213520.GP41336@skucha.home.aster.pl>
next in thread | raw e-mail | index | archive | help
--vEao7xgI/oilGqZ+
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Hi,
ktrace has the ability to set flag KTRFAC_ROOT, indicating that the
root user started tracing of the given process. It does the following:
if (priv_check(td, PRIV_KTRACE) == 0)
p->p_traceflag |= KTRFAC_ROOT;
I believe this check is wrong and should be changes to something like:
if (td->td_ucred->cr_uid == UID_ROOT)
p->p_traceflag |= KTRFAC_ROOT;
Also, despite the existence of PRIV_KTRACE, there's no way to disable
ktrace using the MAC framework, because priv_check is only used in case
described above.
Am I misintepreting something? If I'm right, what do You think about the
attached patch? :)
Thanks for Your time,
--
Mateusz Guzik <mjguzik@gmail.com>
--vEao7xgI/oilGqZ+
Content-Type: text/x-diff; charset=iso-8859-2
Content-Disposition: attachment; filename="ktrace.diff"
--- sys/kern/kern_priv.c.orig 2008-03-07 16:27:08.000000000 +0100
+++ sys/kern/kern_priv.c 2008-07-15 22:30:56.000000000 +0200
@@ -86,10 +86,18 @@
error = prison_priv_check(cred, priv);
if (error)
return (error);
/*
+ * Grant some privileges typically available for normal users.
+ */
+ switch (priv) {
+ case PRIV_KTRACE:
+ return (0);
+ }
+
+ /*
* Having determined if privilege is restricted by various policies,
* now determine if privilege is granted. At this point, any policy
* may grant privilege. For now, we allow short-circuit boolean
* evaluation, so may not call all policies. Perhaps we should.
*
--- sys/kern/kern_ktrace.c.orig 2008-02-23 02:01:48.000000000 +0100
+++ sys/kern/kern_ktrace.c 2008-07-15 22:01:03.000000000 +0200
@@ -37,10 +37,11 @@
#include "opt_ktrace.h"
#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
+#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/kernel.h>
#include <sys/kthread.h>
#include <sys/lock.h>
#include <sys/mutex.h>
@@ -610,10 +611,13 @@
int nfound, ret = 0;
int flags, error = 0, vfslocked;
struct nameidata nd;
struct ucred *cred;
+ if (priv_check(td, PRIV_KTRACE))
+ if (ops != KTROP_CLEAR && ops != KTROP_CLEARFILE)
+ return (ENOSYS);
/*
* Need something to (un)trace.
*/
if (ops != KTROP_CLEARFILE && facs == 0)
return (EINVAL);
@@ -821,11 +825,11 @@
if (p->p_tracecred != td->td_ucred) {
tracecred = p->p_tracecred;
p->p_tracecred = crhold(td->td_ucred);
}
p->p_traceflag |= facs;
- if (priv_check(td, PRIV_KTRACE) == 0)
+ if (td->td_ucred->cr_uid == UID_ROOT)
p->p_traceflag |= KTRFAC_ROOT;
} else {
/* KTROP_CLEAR */
if (((p->p_traceflag &= ~facs) & KTRFAC_MASK) == 0) {
/* no more tracing */
@@ -1027,11 +1031,11 @@
struct proc *targetp;
{
PROC_LOCK_ASSERT(targetp, MA_OWNED);
if (targetp->p_traceflag & KTRFAC_ROOT &&
- priv_check(td, PRIV_KTRACE))
+ td->td_ucred->cr_uid != UID_ROOT)
return (0);
if (p_candebug(td, targetp) != 0)
return (0);
--vEao7xgI/oilGqZ+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080715213520.GP41336>