Date: Mon, 21 Jul 2003 18:06:20 -0500 (CDT) From: "Christian S.J. Peron" <maneo@bsdpro.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/54730: [patch] root can not set arbitrary process title Message-ID: <200307212306.h6LN6K9q003124@h24-79-64-13.wp.shawcable.net> Resent-Message-ID: <200307212310.h6LNAJA9021705@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 54730 >Category: kern >Synopsis: [patch] root can not set arbitrary process title >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Jul 21 16:10:19 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Christian S.J. Peron >Release: FreeBSD 5.1-RELEASE i386 >Organization: Seccuris Inc >Environment: System: FreeBSD movl 5.1-RELEASE FreeBSD 5.1-RELEASE #10: Mon Jul 21 00:37:46 CDT 2003 maneo@movl:/usr/src/sys/i386/compile/RAID0 i386 >Description: There may have been a reason for this, if anyone has any feed back or info I would be happy to hear it. The sysctl_kern_proc_args() sysctl handler does not allow root to set the process title for non calling processes. This seems kind of odd to me considering a section of the OID has been reserved for a process ID. In addition to that if this restriction has been put in place for security reasons, it can be circumvented quite easily by using the kernel memory interface. (kvm_getprocs() kvm_read{write}() etc..) I have enclosed a kernel patch that does the following: 1) Check to see if the calling cred is superuser. 2) If so, allow the superuser to set the process title regardless of what process it is. 3) Otherwise make sure the user is attempting to change the calling process's title. 4) If the target process is not the same as the calling process and the user is not a superuser return(EPERM). I have tested this patch and it seems to work as expected. >How-To-Repeat: N/A >Fix: --- kern_proc.c.2 Mon Jul 21 00:19:40 2003 +++ kern_proc.c Mon Jul 21 00:45:43 2003 @@ -1061,11 +1061,15 @@ return (0); } - if (req->newptr && curproc != p) { - PROC_UNLOCK(p); - return (EPERM); + error = suser(curthread); + if (error) { + if (req->newptr && curproc != p) { + PROC_UNLOCK(p); + return (EPERM); + } } + error = 0; pa = p->p_args; pargs_hold(pa); PROC_UNLOCK(p); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307212306.h6LN6K9q003124>