Date: Tue, 15 Jul 2008 23:35:20 +0200 From: Mateusz Guzik <mjguzik@gmail.com> To: freebsd-hackers@freebsd.org Subject: Usage of priv_cred in sys/kern/kern_ktrace.c Message-ID: <20080715213520.GP41336@skucha.home.aster.pl>
next in thread | raw e-mail | index | archive | help
--vEao7xgI/oilGqZ+ Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Hi, ktrace has the ability to set flag KTRFAC_ROOT, indicating that the root user started tracing of the given process. It does the following: if (priv_check(td, PRIV_KTRACE) == 0) p->p_traceflag |= KTRFAC_ROOT; I believe this check is wrong and should be changes to something like: if (td->td_ucred->cr_uid == UID_ROOT) p->p_traceflag |= KTRFAC_ROOT; Also, despite the existence of PRIV_KTRACE, there's no way to disable ktrace using the MAC framework, because priv_check is only used in case described above. Am I misintepreting something? If I'm right, what do You think about the attached patch? :) Thanks for Your time, -- Mateusz Guzik <mjguzik@gmail.com> --vEao7xgI/oilGqZ+ Content-Type: text/x-diff; charset=iso-8859-2 Content-Disposition: attachment; filename="ktrace.diff" --- sys/kern/kern_priv.c.orig 2008-03-07 16:27:08.000000000 +0100 +++ sys/kern/kern_priv.c 2008-07-15 22:30:56.000000000 +0200 @@ -86,10 +86,18 @@ error = prison_priv_check(cred, priv); if (error) return (error); /* + * Grant some privileges typically available for normal users. + */ + switch (priv) { + case PRIV_KTRACE: + return (0); + } + + /* * Having determined if privilege is restricted by various policies, * now determine if privilege is granted. At this point, any policy * may grant privilege. For now, we allow short-circuit boolean * evaluation, so may not call all policies. Perhaps we should. * --- sys/kern/kern_ktrace.c.orig 2008-02-23 02:01:48.000000000 +0100 +++ sys/kern/kern_ktrace.c 2008-07-15 22:01:03.000000000 +0200 @@ -37,10 +37,11 @@ #include "opt_ktrace.h" #include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> +#include <sys/conf.h> #include <sys/fcntl.h> #include <sys/kernel.h> #include <sys/kthread.h> #include <sys/lock.h> #include <sys/mutex.h> @@ -610,10 +611,13 @@ int nfound, ret = 0; int flags, error = 0, vfslocked; struct nameidata nd; struct ucred *cred; + if (priv_check(td, PRIV_KTRACE)) + if (ops != KTROP_CLEAR && ops != KTROP_CLEARFILE) + return (ENOSYS); /* * Need something to (un)trace. */ if (ops != KTROP_CLEARFILE && facs == 0) return (EINVAL); @@ -821,11 +825,11 @@ if (p->p_tracecred != td->td_ucred) { tracecred = p->p_tracecred; p->p_tracecred = crhold(td->td_ucred); } p->p_traceflag |= facs; - if (priv_check(td, PRIV_KTRACE) == 0) + if (td->td_ucred->cr_uid == UID_ROOT) p->p_traceflag |= KTRFAC_ROOT; } else { /* KTROP_CLEAR */ if (((p->p_traceflag &= ~facs) & KTRFAC_MASK) == 0) { /* no more tracing */ @@ -1027,11 +1031,11 @@ struct proc *targetp; { PROC_LOCK_ASSERT(targetp, MA_OWNED); if (targetp->p_traceflag & KTRFAC_ROOT && - priv_check(td, PRIV_KTRACE)) + td->td_ucred->cr_uid != UID_ROOT) return (0); if (p_candebug(td, targetp) != 0) return (0); --vEao7xgI/oilGqZ+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080715213520.GP41336>