Site Navigation

Date:      Fri, 15 Aug 1997 19:22:18 -0700
From:      Cy Schubert <cy@cwsys.cwent.com>
To:        Peter Champas <peter@besys.net.au>
Cc:        security@freebsd.org
Subject:   Re: Since people didn't save the procfs patches 
Message-ID:  <199708160222.TAA07251@cwsys.cwent.com>
In-Reply-To: Your message of "Fri, 15 Aug 1997 10:57:19 %2B1000." <33F3A96F.C6D7C46F@besys.net.au> 

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

> This is a multi-part message in MIME format.
> --------------16146B8AFABDB64EA0E5C1A6
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> 
> Sean Eric Fagan wrote:
> > 
> > when I sent them out, and did not grab the new files, here they are
> > again.
> > These are -current; they should apply pretty easily to 2.2-ANYTHING,
> > however -- the procfs files don't change all that often most of the
> > time ;).
> > retrieving revision 1.15
> Call me stupid and But 2.2-ANYTHING, is not entirly true (unless I
> missed somthing) cause most of the files being patched look as though
> they are 2 revisions behind, and I got rejections when I did the patch.
> I am Running 2.2.1
> 
> Mind you I still don't know how to compile procfs source so any help
> would be great.. 

The patched sources for 2.2.2R are available via cvsup.  I took the liberty
of getting the patched procfs sources and creating a diff file for anyone
running 2.2.2R as shipped on the CDROM.  They do fix the problem.  I'm not
sure whether the enclosed patches will work on 2.2.1.

Only in miscfs/procfs: CVS
diff -ur miscfs/procfs/procfs.h /opt/CVSup/usr/src/sys/miscfs/procfs/procfs.h
--- miscfs/procfs/procfs.h	Tue Jul  2 06:38:07 1996
+++ /opt/CVSup/usr/src/sys/miscfs/procfs/procfs.h	Tue Aug 12 08:52:15 1997
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs.h	8.6 (Berkeley) 2/3/94
  *
- *	$Id: procfs.h,v 1.12 1996/07/02 13:38:07 dyson Exp $
+ *	$Id: procfs.h,v 1.12.2.1 1997/08/12 04:45:20 sef Exp $
  */
 
 /*
@@ -83,6 +83,18 @@
 	  (bcmp((s), (cnp)->cn_nameptr, (len)) == 0))
 
 #define KMEM_GROUP 2
+
+/*
+ * Check to see whether access to target process is allowed
+ * Evaluates to 1 if access is allowed.
+ */
+#define CHECKIO(p1, p2) \
+     ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \
+       ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \
+       ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \
+       ((p2)->p_flag & P_SUGID) == 0) || \
+      (suser((p1)->p_cred->pc_ucred, &(p1)->p_acflag) == 0))
+      
 /*
  * Format of a directory entry in /proc, ...
  * This must map onto struct dirent (see <dirent.h>)
diff -ur miscfs/procfs/procfs_fpregs.c /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_fpregs.c
--- miscfs/procfs/procfs_fpregs.c	Wed Jan 24 10:40:56 1996
+++ /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_fpregs.c	Tue Aug 12 08:52:18 1997
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs_fpregs.c	8.1 (Berkeley) 1/27/94
  *
- *	$Id: procfs_fpregs.c,v 1.3 1996/01/24 18:40:56 peter Exp $
+ *	$Id: procfs_fpregs.c,v 1.3.4.1 1997/08/12 05:24:20 sef Exp $
  */
 
 #include <sys/param.h>
@@ -62,6 +62,8 @@
 	char *kv;
 	int kl;
 
+	if (!CHECKIO(curp, p))
+		return EPERM;
 	kl = sizeof(r);
 	kv = (char *) &r;
 
diff -ur miscfs/procfs/procfs_mem.c /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_mem.c
--- miscfs/procfs/procfs_mem.c	Wed Oct 23 19:47:05 1996
+++ /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_mem.c	Tue Aug 12 08:52:18 1997
@@ -37,7 +37,7 @@
  *
  *	@(#)procfs_mem.c	8.4 (Berkeley) 1/21/94
  *
- *	$Id: procfs_mem.c,v 1.20 1996/10/24 02:47:05 dyson Exp $
+ *	$Id: procfs_mem.c,v 1.20.2.1 1997/08/12 04:45:23 sef Exp $
  */
 
 /*
@@ -300,6 +300,23 @@
 	if (uio->uio_resid == 0)
 		return (0);
 
+ 	/*
+ 	 * XXX
+ 	 * We need to check for KMEM_GROUP because ps is sgid kmem;
+ 	 * not allowing it here causes ps to not work properly.  Arguably,
+ 	 * this is a bug with what ps does.  We only need to do this
+ 	 * for Pmem nodes, and only if it's reading.  This is still not
+ 	 * good, as it may still be possible to grab illicit data if
+ 	 * a process somehow gets to be KMEM_GROUP.  Note that this also
+ 	 * means that KMEM_GROUP can't change without editing procfs.h!
+ 	 * All in all, quite yucky.
+ 	 */
+  
+	if (!CHECKIO(curp, p) &&
+ 	    !(curp->p_cred->pc_ucred->cr_gid == KMEM_GROUP &&
+ 	      uio->uio_rw == UIO_READ))
+  		return EPERM;
+ 
 	error = procfs_rwmem(p, uio);
 
 	return (error);
diff -ur miscfs/procfs/procfs_regs.c /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_regs.c
--- miscfs/procfs/procfs_regs.c	Wed Jan 24 10:41:25 1996
+++ /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_regs.c	Tue Aug 12 08:52:18 1997
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs_regs.c	8.3 (Berkeley) 1/27/94
  *
- *	$Id: procfs_regs.c,v 1.3 1996/01/24 18:41:25 peter Exp $
+ *	$Id: procfs_regs.c,v 1.3.4.1 1997/08/12 04:45:25 sef Exp $
  */
 
 #include <sys/param.h>
@@ -62,6 +62,8 @@
 	char *kv;
 	int kl;
 
+	if (!CHECKIO(curp, p))
+		return EPERM;
 	kl = sizeof(r);
 	kv = (char *) &r;
 
diff -ur miscfs/procfs/procfs_subr.c /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_subr.c
--- miscfs/procfs/procfs_subr.c	Sat Aug 31 09:52:39 1996
+++ /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_subr.c	Sat Jun 21 16:23:55 1997
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs_subr.c	8.4 (Berkeley) 1/27/94
  *
- *	$Id: procfs_subr.c,v 1.10 1996/08/31 16:52:39 bde Exp $
+ *	$Id: procfs_subr.c,v 1.10.2.1 1997/06/21 16:16:34 alex Exp $
  */
 
 #include <sys/param.h>
@@ -236,6 +236,8 @@
 	p = PFIND(pfs->pfs_pid);
 	if (p == 0)
 		return (EINVAL);
+	if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
+		return(EACCES);
 
 	while (pfs->pfs_lockowner) {
 		tsleep(&pfs->pfs_lockowner, PRIBIO, "pfslck", 0);
diff -ur miscfs/procfs/procfs_vnops.c /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_vnops.c
--- miscfs/procfs/procfs_vnops.c	Tue Sep  3 07:23:10 1996
+++ /opt/CVSup/usr/src/sys/miscfs/procfs/procfs_vnops.c	Tue Aug 12 08:52:19 1997
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs_vnops.c	8.6 (Berkeley) 2/7/94
  *
- *	$Id: procfs_vnops.c,v 1.24 1996/09/03 14:23:10 bde Exp $
+ *	$Id: procfs_vnops.c,v 1.24.2.1 1997/08/12 04:45:27 sef Exp $
  */
 
 /*
@@ -120,16 +120,21 @@
 	struct vop_open_args *ap;
 {
 	struct pfsnode *pfs = VTOPFS(ap->a_vp);
+	struct proc *p1 = ap->a_p, *p2 = PFIND(pfs->pfs_pid);
+
+	if (p2 == NULL)
+		return ENOENT;
 
 	switch (pfs->pfs_type) {
 	case Pmem:
-		if (PFIND(pfs->pfs_pid) == 0)
-			return (ENOENT);	/* was ESRCH, jsp */
-
 		if (((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL)) ||
 			((pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE)))
 			return (EBUSY);
 
+		if (!CHECKIO(p1, p2) &&
+		    (p1->p_cred->pc_ucred->cr_gid != KMEM_GROUP))
+			return EPERM;
+
 
 		if (ap->a_mode & FWRITE)
 			pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL);
@@ -176,7 +181,6 @@
 procfs_ioctl(ap)
 	struct vop_ioctl_args *ap;
 {
-
 	return (ENOTTY);
 }
 


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
UNIX Support                   OV/VM:  BCSC02(CSCHUBER)
ITSD                          BITNET:  CSCHUBER@BCSC02.BITNET
Government of BC            Internet:  cschuber@uumail.gov.bc.ca
                                       cschuber@bcsc02.gov.bc.ca

		"Quit spooling around, JES do it."

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708160222.TAA07251>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact