@@ -1,4 +1,4 @@
-/* $NetBSD: init_main.c,v 1.403 2009/10/02 18:50:14 elad Exp $ */
+/* $NetBSD: init_main.c,v 1.404 2009/10/02 22:18:57 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.403 2009/10/02 18:50:14 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.404 2009/10/02 22:18:57 elad Exp $");
#include "opt_ddb.h"
#include "opt_ipsec.h"
@@ -112,6 +112,7 @@
#include "opt_pax.h"
#include "opt_compat_netbsd.h"
#include "opt_wapbl.h"
+#include "opt_ptrace.h"
#include "drvctl.h"
#include "ksyms.h"
@@ -201,6 +202,9 @@
#include <sys/savar.h>
#endif
#include <net80211/ieee80211_netbsd.h>
+#ifdef PTRACE
+#include <sys/ptrace.h>
+#endif /* PTRACE */
#include <sys/syscall.h>
#include <sys/syscallargs.h>
@@ -549,6 +553,11 @@
/* Initialize ktrace. */
ktrinit();
#endif
+
+#ifdef PTRACE
+ /* Initialize ptrace. */
+ ptrace_init();
+#endif /* PTRACE */
/* Initialize the UUID system calls. */
uuid_init();
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_process.c,v 1.147 2009/06/28 11:42:07 yamt Exp $ */
+/* $NetBSD: sys_process.c,v 1.148 2009/10/02 22:18:57 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,7 +118,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.147 2009/06/28 11:42:07 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.148 2009/10/02 22:18:57 elad Exp $");
#include "opt_ptrace.h"
#include "opt_ktrace.h"
@@ -141,6 +141,80 @@
#include <machine/reg.h>
#ifdef PTRACE
+static kauth_listener_t ptrace_listener;
+
+static int
+ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+ void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct proc *p;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+ p = arg0;
+
+ if (action != KAUTH_PROCESS_PTRACE)
+ return result;
+
+ switch ((u_long)arg1) {
+ case PT_TRACE_ME:
+ case PT_ATTACH:
+ case PT_WRITE_I:
+ case PT_WRITE_D:
+ case PT_READ_I:
+ case PT_READ_D:
+ case PT_IO:
+#ifdef PT_GETREGS
+ case PT_GETREGS:
+#endif
+#ifdef PT_SETREGS
+ case PT_SETREGS:
+#endif
+#ifdef PT_GETFPREGS
+ case PT_GETFPREGS:
+#endif
+#ifdef PT_SETFPREGS
+ case PT_SETFPREGS:
+#endif
+#ifdef __HAVE_PTRACE_MACHDEP
+ PTRACE_MACHDEP_REQUEST_CASES
+#endif
+ if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) ||
+ ISSET(p->p_flag, PK_SUGID)) {
+ break;
+ }
+
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+#ifdef PT_STEP
+ case PT_STEP:
+#endif
+ case PT_CONTINUE:
+ case PT_KILL:
+ case PT_DETACH:
+ case PT_LWPINFO:
+ case PT_SYSCALL:
+ case PT_DUMPCORE:
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
+void
+ptrace_init(void)
+{
+
+ ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ ptrace_listener_cb, NULL);
+}
+
/*
* Process debugging system call.
*/
@@ -958,3 +1032,4 @@
KERNEL_LOCK(l->l_biglocks, l);
}
#endif /* KTRACE || PTRACE */
+
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.4 2009/10/02 22:05:52 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.5 2009/10/02 22:18:57 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.4 2009/10/02 22:05:52 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.5 2009/10/02 22:18:57 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -640,63 +640,11 @@
break;
}
- case KAUTH_PROCESS_PTRACE: {
- switch ((u_long)arg1) {
- case PT_TRACE_ME:
- case PT_ATTACH:
- case PT_WRITE_I:
- case PT_WRITE_D:
- case PT_READ_I:
- case PT_READ_D:
- case PT_IO:
-#ifdef PT_GETREGS
- case PT_GETREGS:
-#endif
-#ifdef PT_SETREGS
- case PT_SETREGS:
-#endif
-#ifdef PT_GETFPREGS
- case PT_GETFPREGS:
-#endif
-#ifdef PT_SETFPREGS
- case PT_SETFPREGS:
-#endif
-#ifdef __HAVE_PTRACE_MACHDEP
- PTRACE_MACHDEP_REQUEST_CASES
-#endif
- if (isroot) {
- result = KAUTH_RESULT_ALLOW;
- break;
- }
-
- if (kauth_cred_getuid(cred) !=
- kauth_cred_getuid(p->p_cred) ||
- ISSET(p->p_flag, PK_SUGID)) {
- break;
- }
-
+ case KAUTH_PROCESS_PTRACE:
+ if (isroot)
result = KAUTH_RESULT_ALLOW;
- break;
-#ifdef PT_STEP
- case PT_STEP:
-#endif
- case PT_CONTINUE:
- case PT_KILL:
- case PT_DETACH:
- case PT_LWPINFO:
- case PT_SYSCALL:
- case PT_DUMPCORE:
- result = KAUTH_RESULT_ALLOW;
- break;
-
- default:
- result = KAUTH_RESULT_DEFER;
- break;
- }
-
break;
- }
case KAUTH_PROCESS_CORENAME:
if (isroot || proc_uidmatch(cred, p->p_cred) == 0)
@@ -1,4 +1,4 @@
-/* $NetBSD: ptrace.h,v 1.40 2008/01/05 12:41:43 dsl Exp $ */
+/* $NetBSD: ptrace.h,v 1.41 2009/10/02 22:18:56 elad Exp $ */
/*-
* Copyright (c) 1984, 1993
@@ -98,6 +98,8 @@
#define process_fpreg64 struct fpreg
#endif
#endif
+
+void ptrace_init(void);
int process_doregs(struct lwp *, struct lwp *, struct uio *);
int process_validregs(struct lwp *);