aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2001-08-13 19:45:41 +0000
committerRobert Watson <rwatson@FreeBSD.org>2001-08-13 19:45:41 +0000
commite201ec1fbe70e4c938aa49eee54df98d2b96b1e3 (patch)
tree3ffaf32b132a18d809ba87588fc93a4eb15e081e
parente430e4e5d61d24d60e58636a5aaf6221f0deeaf6 (diff)
downloadsrc-e201ec1fbe70e4c938aa49eee54df98d2b96b1e3.tar.gz
src-e201ec1fbe70e4c938aa49eee54df98d2b96b1e3.zip
MFS of procfs "kmem" cleanup. With the advent of an entirely
sysctl-driven "ps" (and friends), special-casing of kmem gid in the procfs authorization is no longer needed. Clean up this morally ambiguous code. This MFC is from fs/procfs, as procfs has been repo-copied. Unlike -CURRENT, linprocfs required modification as in -STABLE, it has direct knowledge of the inter-process debugging authorization policy. In -CURRENT, this is abstracted behind p_cansignal(). procfs.h: 1.36, 1.37 procfs_mem.c: 1.53 procfs_subr.c: 1.35 procfs_vnops.c: 1.100, 1.101 Reviewed by: jedgar, tmm
Notes
Notes: svn path=/releng/4.3/; revision=81597
-rw-r--r--sys/i386/linux/linprocfs/linprocfs_vnops.c20
-rw-r--r--sys/miscfs/procfs/procfs.h5
-rw-r--r--sys/miscfs/procfs/procfs_mem.c34
-rw-r--r--sys/miscfs/procfs/procfs_vnops.c10
4 files changed, 4 insertions, 65 deletions
diff --git a/sys/i386/linux/linprocfs/linprocfs_vnops.c b/sys/i386/linux/linprocfs/linprocfs_vnops.c
index 3da814e148ac..8105d9efa20b 100644
--- a/sys/i386/linux/linprocfs/linprocfs_vnops.c
+++ b/sys/i386/linux/linprocfs/linprocfs_vnops.c
@@ -64,7 +64,6 @@
#include <sys/pioctl.h>
extern struct vnode *procfs_findtextvp __P((struct proc *));
-extern int procfs_kmemaccess __P((struct proc *));
static int linprocfs_access __P((struct vop_access_args *));
static int linprocfs_badop __P((void));
@@ -143,8 +142,7 @@ linprocfs_open(ap)
return (EBUSY);
p1 = ap->a_p;
- if (p_trespass(p1, p2) &&
- !procfs_kmemaccess(p1))
+ if (p_trespass(p1, p2))
return (EPERM);
if (ap->a_mode & FWRITE)
@@ -455,21 +453,6 @@ linprocfs_getattr(ap)
vap->va_atime = vap->va_mtime = vap->va_ctime;
/*
- * If the process has exercised some setuid or setgid
- * privilege, then rip away read/write permission so
- * that only root can gain access.
- */
- switch (pfs->pfs_type) {
- case Pmem:
- /* Retain group kmem readablity. */
- if (procp->p_flag & P_SUGID)
- vap->va_mode &= ~(VREAD|VWRITE);
- break;
- default:
- break;
- }
-
- /*
* now do the object specific fields
*
* The size could be set from struct reg, but it's hardly
@@ -544,7 +527,6 @@ linprocfs_getattr(ap)
vap->va_uid = 0;
else
vap->va_uid = procp->p_ucred->cr_uid;
- vap->va_gid = KMEM_GROUP;
break;
case Pprocstat:
diff --git a/sys/miscfs/procfs/procfs.h b/sys/miscfs/procfs/procfs.h
index 0ab307579bda..efc982a4da45 100644
--- a/sys/miscfs/procfs/procfs.h
+++ b/sys/miscfs/procfs/procfs.h
@@ -88,8 +88,6 @@ struct pfsnode {
((cnp)->cn_namelen == (len) && \
(bcmp((s), (cnp)->cn_nameptr, (len)) == 0))
-#define KMEM_GROUP 2
-
#define PROCFS_FILENO(pid, type) \
(((type) < Pproc) ? \
((type) + 2) : \
@@ -148,9 +146,6 @@ int procfs_dotype __P((struct proc *, struct proc *, struct pfsnode *pfsp, struc
int procfs_docmdline __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio));
int procfs_dorlimit __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio));
-/* Return 1 if process has special kernel digging privileges */
-int procfs_kmemaccess __P((struct proc *));
-
/* functions to check whether or not files should be displayed */
int procfs_validfile __P((struct proc *));
int procfs_validfpregs __P((struct proc *));
diff --git a/sys/miscfs/procfs/procfs_mem.c b/sys/miscfs/procfs/procfs_mem.c
index c037cec929da..4994aa6c830a 100644
--- a/sys/miscfs/procfs/procfs_mem.c
+++ b/sys/miscfs/procfs/procfs_mem.c
@@ -244,21 +244,7 @@ procfs_domem(curp, p, pfs, uio)
if (uio->uio_resid == 0)
return (0);
- /*
- * XXX
- * We need to check for KMEM_GROUP because ps is sgid kmem;
- * not allowing it here causes ps to not work properly. Arguably,
- * this is a bug with what ps does. We only need to do this
- * for Pmem nodes, and only if it's reading. This is still not
- * good, as it may still be possible to grab illicit data if
- * a process somehow gets to be KMEM_GROUP. Note that this also
- * means that KMEM_GROUP can't change without editing procfs.h!
- * All in all, quite yucky.
- */
-
- if ((!CHECKIO(curp, p) || p_trespass(curp, p)) &&
- !(uio->uio_rw == UIO_READ &&
- procfs_kmemaccess(curp)))
+ if (!CHECKIO(curp, p) || p_trespass(curp, p))
return EPERM;
return (procfs_rwmem(curp, p, uio));
@@ -296,21 +282,3 @@ procfs_findtextvp(p)
return (p->p_textvp);
}
-
-int procfs_kmemaccess(curp)
- struct proc *curp;
-{
- int i;
- struct ucred *cred;
-
- cred = curp->p_ucred;
- if (suser(curp))
- return 1;
-
- /* XXX: Why isn't this done with file-perms ??? */
- for (i = 0; i < cred->cr_ngroups; i++)
- if (cred->cr_groups[i] == KMEM_GROUP)
- return 1;
-
- return 0;
-}
diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c
index 681ad0b10d46..68713673ff25 100644
--- a/sys/miscfs/procfs/procfs_vnops.c
+++ b/sys/miscfs/procfs/procfs_vnops.c
@@ -148,8 +148,7 @@ procfs_open(ap)
return (EBUSY);
p1 = ap->a_p;
- if ((!CHECKIO(p1, p2) || p_trespass(p1, p2)) &&
- !procfs_kmemaccess(p1))
+ if (!CHECKIO(p1, p2) || p_trespass(p1, p2))
return (EPERM);
if (ap->a_mode & FWRITE)
@@ -477,16 +476,12 @@ procfs_getattr(ap)
case Pregs:
case Pfpregs:
case Pdbregs:
+ case Pmem:
if (procp->p_flag & P_SUGID)
vap->va_mode &= ~((VREAD|VWRITE)|
((VREAD|VWRITE)>>3)|
((VREAD|VWRITE)>>6));
break;
- case Pmem:
- /* Retain group kmem readablity. */
- if (procp->p_flag & P_SUGID)
- vap->va_mode &= ~(VREAD|VWRITE);
- break;
default:
break;
}
@@ -556,7 +551,6 @@ procfs_getattr(ap)
vap->va_uid = 0;
else
vap->va_uid = procp->p_ucred->cr_uid;
- vap->va_gid = KMEM_GROUP;
break;
case Pregs: