 @@ -1,14 +1,14 @@
-/*	$NetBSD: init_main.c,v 1.403 2009/10/02 18:50:14 elad Exp $	*/
+/*	$NetBSD: init_main.c,v 1.404 2009/10/02 22:18:57 elad Exp $	*/
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -87,41 +87,42 @@
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)init_main.c	8.16 (Berkeley) 5/14/95
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.403 2009/10/02 18:50:14 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.404 2009/10/02 22:18:57 elad Exp $");
 #include "opt_ddb.h"
 #include "opt_ipsec.h"
 #include "opt_modular.h"
 #include "opt_ntp.h"
 #include "opt_pipe.h"
 #include "opt_sa.h"
 #include "opt_syscall_debug.h"
 #include "opt_sysv.h"
 #include "opt_fileassoc.h"
 #include "opt_ktrace.h"
 #include "opt_pax.h"
 #include "opt_compat_netbsd.h"
 #include "opt_wapbl.h"
 #include "opt_ptrace.h"
 #include "drvctl.h"
 #include "ksyms.h"
 #include "rnd.h"
 #include "sysmon_envsys.h"
 #include "sysmon_power.h"
 #include "sysmon_taskq.h"
 #include "sysmon_wdog.h"
 #include "veriexec.h"
 #include <sys/param.h>
 #include <sys/acct.h>
 #include <sys/filedesc.h>
 @@ -191,26 +192,29 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,
 #include <sys/verified_exec.h>
 #endif /* NVERIEXEC > 0 */
 #ifdef KTRACE
 #include <sys/ktrace.h>
 #endif
 #include <sys/kauth.h>
 #ifdef WAPBL
 #include <sys/wapbl.h>
 #endif
 #ifdef KERN_SA
 #include <sys/savar.h>
 #endif
 #include <net80211/ieee80211_netbsd.h>
 #ifdef PTRACE
 #include <sys/ptrace.h>
 #endif /* PTRACE */
 #include <sys/syscall.h>
 #include <sys/syscallargs.h>
 #if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD) || defined(PAX_ASLR)
 #include <sys/pax.h>
 #endif /* PAX_MPROTECT || PAX_SEGVGUARD || PAX_ASLR */
 #include <ufs/ufs/quota.h>
 #include <miscfs/genfs/genfs.h>
 #include <miscfs/syncfs/syncfs.h>
 @@ -540,26 +544,31 @@ main(void)
 	/* Initialize system accounting. */
 	acct_init();
 #ifndef PIPE_SOCKETPAIR
 	/* Initialize pipes. */
 	pipe_init();
 #endif
 #ifdef KTRACE
 	/* Initialize ktrace. */
 	ktrinit();
 #endif
 #ifdef PTRACE
 	/* Initialize ptrace. */
 	ptrace_init();
 #endif /* PTRACE */
 	/* Initialize the UUID system calls. */
 	uuid_init();
 #ifdef WAPBL
 	/* Initialize write-ahead physical block logging. */
 	wapbl_init();
 #endif
 	/*
 	 * Create process 1 (init(8)).  We do this now, as Unix has
 	 * historically had init be process 1, and changing this would
 	 * probably upset a lot of people.
+	 *

 @@ -1,14 +1,14 @@
-/*	$NetBSD: sys_process.c,v 1.147 2009/06/28 11:42:07 yamt Exp $	*/
+/*	$NetBSD: sys_process.c,v 1.148 2009/10/02 22:18:57 elad Exp $	*/
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Andrew Doran.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
 @@ -108,49 +108,123 @@
 /*
  * References:
  *	(1) Bach's "The Design of the UNIX Operating System",
  *	(2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution,
  *	(3) the "4.4BSD Programmer's Reference Manual" published
  *		by USENIX and O'Reilly & Associates.
  * The 4.4BSD PRM does a reasonably good job of documenting what the various
  * ptrace() requests should actually do, and its text is quoted several times
  * in this file.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.147 2009/06/28 11:42:07 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.148 2009/10/02 22:18:57 elad Exp $");
 #include "opt_ptrace.h"
 #include "opt_ktrace.h"
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/proc.h>
 #include <sys/errno.h>
 #include <sys/ptrace.h>
 #include <sys/uio.h>
 #include <sys/user.h>
 #include <sys/ras.h>
 #include <sys/kmem.h>
 #include <sys/kauth.h>
 #include <sys/mount.h>
 #include <sys/syscallargs.h>
 #include <uvm/uvm_extern.h>
 #include <machine/reg.h>
 #ifdef PTRACE
 static kauth_listener_t ptrace_listener;
 static int
 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
     void *arg0, void *arg1, void *arg2, void *arg3)
+{
 	struct proc *p;
 	int result;
 	result = KAUTH_RESULT_DEFER;
 	p = arg0;
 	if (action != KAUTH_PROCESS_PTRACE)
 		return result;
 	switch ((u_long)arg1) {
 	case PT_TRACE_ME:
 	case PT_ATTACH:
 	case PT_WRITE_I:
 	case PT_WRITE_D:
 	case PT_READ_I:
 	case PT_READ_D:
 	case PT_IO:
 #ifdef PT_GETREGS
 	case PT_GETREGS:
 #endif
 #ifdef PT_SETREGS
 	case PT_SETREGS:
 #endif
 #ifdef PT_GETFPREGS
 	case PT_GETFPREGS:
 #endif
 #ifdef PT_SETFPREGS
 	case PT_SETFPREGS:
 #endif
 #ifdef __HAVE_PTRACE_MACHDEP
 	PTRACE_MACHDEP_REQUEST_CASES
 #endif
 		if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) ||
 		    ISSET(p->p_flag, PK_SUGID)) {
 			break;
+		}
 		result = KAUTH_RESULT_ALLOW;
 	break;
 #ifdef PT_STEP
 	case PT_STEP:
 #endif
 	case PT_CONTINUE:
 	case PT_KILL:
 	case PT_DETACH:
 	case PT_LWPINFO:
 	case PT_SYSCALL:
 	case PT_DUMPCORE:
 		result = KAUTH_RESULT_ALLOW;
 		break;
 	default:
 		break;
+	}
 	return result;
+}
 void
 ptrace_init(void)
+{
 	ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
 	    ptrace_listener_cb, NULL);
+}
 /*
  * Process debugging system call.
  */
 int
 sys_ptrace(struct lwp *l, const struct sys_ptrace_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) req;
 		syscallarg(pid_t) pid;
 		syscallarg(void *) addr;
 		syscallarg(int) data;
 	} */
 	struct proc *p = l->l_proc;
 @@ -948,13 +1022,14 @@ process_stoptrace(void)
 	mutex_exit(proc_lock);
 	/*
 	 * Call issignal() once only, to have it take care of the
 	 * pending stop.  Signal processing will take place as usual
 	 * from userret().
 	 */
 	KERNEL_UNLOCK_ALL(l, &l->l_biglocks);
 	(void)issignal(l);
 	mutex_exit(p->p_lock);
 	KERNEL_LOCK(l->l_biglocks, l);
+}
 #endif	/* KTRACE || PTRACE */

 @@ -1,14 +1,14 @@
-/* $NetBSD: secmodel_suser.c,v 1.4 2009/10/02 22:05:52 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.5 2009/10/02 22:18:57 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. The name of the author may not be used to endorse or promote products
 @@ -28,27 +28,27 @@
 /*
  * This file contains kauth(9) listeners needed to implement the traditional
  * NetBSD superuser access restrictions.
+ *
  * There are two main resources a request can be issued to: user-owned and
  * system owned. For the first, traditional Unix access checks are done, as
  * well as superuser checks. If needed, the request context is examined before
  * a decision is made. For the latter, usually only superuser checks are done
  * as normal users are not allowed to access system resources.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.4 2009/10/02 22:05:52 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.5 2009/10/02 22:18:57 elad Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/kauth.h>
 #include <sys/acct.h>
 #include <sys/mutex.h>
 #include <sys/ktrace.h>
 #include <sys/mount.h>
 #include <sys/pset.h>
 #include <sys/socketvar.h>
 #include <sys/sysctl.h>
 #include <sys/tty.h>
 @@ -630,83 +630,31 @@ secmodel_suser_process_cb(kauth_cred_t c
 			    kauth_cred_getuid(p->p_cred) ||
 			    ISSET(p->p_flag, PK_SUGID)) {
 				break;
+			}
 			/*FALLTHROUGH*/
 		default:
 			result = KAUTH_RESULT_ALLOW;
 			break;
+		}
 		break;
+		}
-	case KAUTH_PROCESS_PTRACE: {
+	case KAUTH_PROCESS_PTRACE:
-		switch ((u_long)arg1) {
+		if (isroot)
 		case PT_TRACE_ME:
 		case PT_ATTACH:
 		case PT_WRITE_I:
 		case PT_WRITE_D:
 		case PT_READ_I:
 		case PT_READ_D:
 		case PT_IO:
 #ifdef PT_GETREGS
 		case PT_GETREGS:
 #endif
 #ifdef PT_SETREGS
 		case PT_SETREGS:
 #endif
 #ifdef PT_GETFPREGS
 		case PT_GETFPREGS:
 #endif
 #ifdef PT_SETFPREGS
 		case PT_SETFPREGS:
 #endif
 #ifdef __HAVE_PTRACE_MACHDEP
 		PTRACE_MACHDEP_REQUEST_CASES
 #endif
 			if (isroot) {
 				result = KAUTH_RESULT_ALLOW;
 				break;
 			if (kauth_cred_getuid(cred) !=
 			    kauth_cred_getuid(p->p_cred) ||
 			    ISSET(p->p_flag, PK_SUGID)) {
 				break;
 			result = KAUTH_RESULT_ALLOW;
 			break;
 #ifdef PT_STEP
 		case PT_STEP:
 #endif
 		case PT_CONTINUE:
 		case PT_KILL:
 		case PT_DETACH:
 		case PT_LWPINFO:
 		case PT_SYSCALL:
 		case PT_DUMPCORE:
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 	        	result = KAUTH_RESULT_DEFER;
 		        break;
 		break;
 	case KAUTH_PROCESS_CORENAME:
 		if (isroot || proc_uidmatch(cred, p->p_cred) == 0)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_PROCESS_FORK: {
 		int lnprocs = (int)(unsigned long)arg2;
 		/*
 		 * Don't allow a nonprivileged user to use the last few
 		 * processes. The variable lnprocs is the current number of

 @@ -1,14 +1,14 @@
-/*	$NetBSD: ptrace.h,v 1.40 2008/01/05 12:41:43 dsl Exp $	*/
+/*	$NetBSD: ptrace.h,v 1.41 2009/10/02 22:18:56 elad Exp $	*/
 /*-
  * Copyright (c) 1984, 1993
  *	The Regents of the University of California.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -89,26 +89,28 @@ struct reg;
 #define process_reg64 struct reg
 #endif
 #endif
 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS)
 struct fpreg;
 #ifndef process_fpreg32
 #define process_fpreg32 struct fpreg
 #endif
 #ifndef process_fpreg64
 #define process_fpreg64 struct fpreg
 #endif
 #endif
 void	ptrace_init(void);
 int	process_doregs(struct lwp *, struct lwp *, struct uio *);
 int	process_validregs(struct lwp *);
 int	process_dofpregs(struct lwp *, struct lwp *, struct uio *);
 int	process_validfpregs(struct lwp *);
 int	process_domem(struct lwp *, struct lwp *, struct uio *);
 void	process_stoptrace(void);
 void	proc_reparent(struct proc *, struct proc *);
 #ifdef PT_GETFPREGS
 int	process_read_fpregs(struct lwp *, struct fpreg *);