diff options
| author |   deraadt <deraadt@openbsd.org> | 2013-03-20 03:43:07 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2013-03-20 03:43:07 +0000 |
| commit | 7f8de6195e8b6741c34c1a4a21b80a41bb7f9dcf (patch) | |
| tree | 0617aafbfadbbb6b732ec3c55310571b7edd6349 | |
| parent | - Sync the ring setup code closer to FreeBSD's driver (diff) | |
| download | wireguard-openbsd-7f8de6195e8b6741c34c1a4a21b80a41bb7f9dcf.tar.xz wireguard-openbsd-7f8de6195e8b6741c34c1a4a21b80a41bb7f9dcf.zip | |
When non-root asks sysctl for kinfo proc or file requests, do not fill in
any kernel addresses information.
ok guenther
| -rw-r--r-- | lib/libkvm/kvm_proc2.c | 6 | ||||
| -rw-r--r-- | sys/kern/kern_sysctl.c | 46 | ||||
| -rw-r--r-- | sys/sys/sysctl.h | 20 |
3 files changed, 47 insertions, 25 deletions
diff --git a/lib/libkvm/kvm_proc2.c b/lib/libkvm/kvm_proc2.c index bd4f81e8070..7d0ee24559a 100644 --- a/lib/libkvm/kvm_proc2.c +++ b/lib/libkvm/kvm_proc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kvm_proc2.c,v 1.14 2012/11/12 00:29:09 guenther Exp $ */ +/* $OpenBSD: kvm_proc2.c,v 1.15 2013/03/20 03:43:08 deraadt Exp $ */ /* $NetBSD: kvm_proc.c,v 1.30 1999/03/24 05:50:50 mrg Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -289,7 +289,7 @@ kvm_proclist(kvm_t *kd, int op, int arg, struct proc *p, if ((proc.p_flag & P_THREAD) == 0) { FILL_KPROC(&kp, do_copy_str, &proc, &process, &pcred, &ucred, &pgrp, p, proc.p_p, &sess, vmp, limp, sap, - 0); + 0, 1); /* stuff that's too painful to generalize */ kp.p_pid = process_pid; @@ -322,7 +322,7 @@ kvm_proclist(kvm_t *kd, int op, int arg, struct proc *p, continue; FILL_KPROC(&kp, do_copy_str, &proc, &process, &pcred, &ucred, - &pgrp, p, proc.p_p, &sess, vmp, limp, sap, 1); + &pgrp, p, proc.p_p, &sess, vmp, limp, sap, 1, 1); /* stuff that's too painful to generalize into the macros */ kp.p_pid = process_pid; diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 3aba61cac2f..9b2179f0947 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.231 2013/02/11 11:11:42 mpi Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.232 2013/03/20 03:43:08 deraadt Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -1061,23 +1061,28 @@ fill_file2(struct kinfo_file2 *kf, struct file *fp, struct filedesc *fdp, int fd, struct vnode *vp, struct proc *pp, struct proc *p) { struct vattr va; + int show_pointers = suser(curproc, 0) == 0; memset(kf, 0, sizeof(*kf)); kf->fd_fd = fd; /* might not really be an fd */ if (fp != NULL) { - kf->f_fileaddr = PTRTOINT64(fp); + if (show_pointers) + kf->f_fileaddr = PTRTOINT64(fp); kf->f_flag = fp->f_flag; kf->f_iflags = fp->f_iflags; kf->f_type = fp->f_type; kf->f_count = fp->f_count; kf->f_msgcount = fp->f_msgcount; - kf->f_ucred = PTRTOINT64(fp->f_cred); + if (show_pointers) + kf->f_ucred = PTRTOINT64(fp->f_cred); kf->f_uid = fp->f_cred->cr_uid; kf->f_gid = fp->f_cred->cr_gid; - kf->f_ops = PTRTOINT64(fp->f_ops); - kf->f_data = PTRTOINT64(fp->f_data); + if (show_pointers) + kf->f_ops = PTRTOINT64(fp->f_ops); + if (show_pointers) + kf->f_data = PTRTOINT64(fp->f_data); kf->f_usecount = 0; if (suser(p, 0) == 0 || p->p_ucred->cr_uid == fp->f_cred->cr_uid) { @@ -1103,12 +1108,15 @@ fill_file2(struct kinfo_file2 *kf, struct file *fp, struct filedesc *fdp, if (fp != NULL) vp = (struct vnode *)fp->f_data; - kf->v_un = PTRTOINT64(vp->v_un.vu_socket); + if (show_pointers) + kf->v_un = PTRTOINT64(vp->v_un.vu_socket); kf->v_type = vp->v_type; kf->v_tag = vp->v_tag; kf->v_flag = vp->v_flag; - kf->v_data = PTRTOINT64(vp->v_data); - kf->v_mount = PTRTOINT64(vp->v_mount); + if (show_pointers) + kf->v_data = PTRTOINT64(vp->v_data); + if (show_pointers) + kf->v_mount = PTRTOINT64(vp->v_mount); if (vp->v_mount) strlcpy(kf->f_mntonname, vp->v_mount->mnt_stat.f_mntonname, @@ -1128,11 +1136,13 @@ fill_file2(struct kinfo_file2 *kf, struct file *fp, struct filedesc *fdp, kf->so_type = so->so_type; kf->so_state = so->so_state; - kf->so_pcb = PTRTOINT64(so->so_pcb); + if (show_pointers) + kf->so_pcb = PTRTOINT64(so->so_pcb); kf->so_protocol = so->so_proto->pr_protocol; kf->so_family = so->so_proto->pr_domain->dom_family; if (so->so_splice) { - kf->so_splice = PTRTOINT64(so->so_splice); + if (show_pointers) + kf->so_splice = PTRTOINT64(so->so_splice); kf->so_splicelen = so->so_splicelen; } else if (so->so_spliceback) kf->so_splicelen = -1; @@ -1142,7 +1152,8 @@ fill_file2(struct kinfo_file2 *kf, struct file *fp, struct filedesc *fdp, case AF_INET: { struct inpcb *inpcb = so->so_pcb; - kf->inp_ppcb = PTRTOINT64(inpcb->inp_ppcb); + if (show_pointers) + kf->inp_ppcb = PTRTOINT64(inpcb->inp_ppcb); kf->inp_lport = inpcb->inp_lport; kf->inp_laddru[0] = inpcb->inp_laddr.s_addr; kf->inp_fport = inpcb->inp_fport; @@ -1170,7 +1181,8 @@ fill_file2(struct kinfo_file2 *kf, struct file *fp, struct filedesc *fdp, case AF_UNIX: { struct unpcb *unpcb = so->so_pcb; - kf->unp_conn = PTRTOINT64(unpcb->unp_conn); + if (show_pointers) + kf->unp_conn = PTRTOINT64(unpcb->unp_conn); break; } } @@ -1180,7 +1192,8 @@ fill_file2(struct kinfo_file2 *kf, struct file *fp, struct filedesc *fdp, case DTYPE_PIPE: { struct pipe *pipe = (struct pipe *)fp->f_data; - kf->pipe_peer = PTRTOINT64(pipe->pipe_peer); + if (show_pointers) + kf->pipe_peer = PTRTOINT64(pipe->pipe_peer); kf->pipe_state = pipe->pipe_state; break; } @@ -1525,9 +1538,11 @@ fill_kproc(struct proc *p, struct kinfo_proc *ki, int isthread) struct session *s = pr->ps_session; struct tty *tp; struct timeval ut, st; + int show_pointers = suser(curproc, 0) == 0; FILL_KPROC(ki, strlcpy, p, pr, p->p_cred, p->p_ucred, pr->ps_pgrp, - p, pr, s, p->p_vmspace, pr->ps_limit, p->p_sigacts, isthread); + p, pr, s, p->p_vmspace, pr->ps_limit, p->p_sigacts, isthread, + show_pointers); /* stuff that's too painful to generalize into the macros */ ki->p_pid = pr->ps_pid; @@ -1539,7 +1554,8 @@ fill_kproc(struct proc *p, struct kinfo_proc *ki, int isthread) if ((pr->ps_flags & PS_CONTROLT) && (tp = s->s_ttyp)) { ki->p_tdev = tp->t_dev; ki->p_tpgid = tp->t_pgrp ? tp->t_pgrp->pg_id : -1; - ki->p_tsess = PTRTOINT64(tp->t_session); + if (show_pointers) + ki->p_tsess = PTRTOINT64(tp->t_session); } else { ki->p_tdev = NODEV; ki->p_tpgid = -1; diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index 5be3124385d..8c0e8e35ae0 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.h,v 1.127 2012/12/18 21:28:45 millert Exp $ */ +/* $OpenBSD: sysctl.h,v 1.128 2013/03/20 03:43:07 deraadt Exp $ */ /* $NetBSD: sysctl.h,v 1.16 1996/04/09 20:55:36 cgd Exp $ */ /* @@ -462,18 +462,22 @@ struct kinfo_proc { #define PTRTOINT64(_x) ((u_int64_t)(u_long)(_x)) -#define FILL_KPROC(kp, copy_str, p, pr, pc, uc, pg, paddr, praddr, sess, vm, lim, sa, isthread) \ +#define FILL_KPROC(kp, copy_str, p, pr, pc, uc, pg, paddr, \ + praddr, sess, vm, lim, sa, isthread, show_addresses) \ do { \ memset((kp), 0, sizeof(*(kp))); \ \ - (kp)->p_paddr = PTRTOINT64(paddr); \ + if (show_addresses) \ + (kp)->p_paddr = PTRTOINT64(paddr); \ (kp)->p_fd = PTRTOINT64((p)->p_fd); \ (kp)->p_stats = 0; \ (kp)->p_limit = PTRTOINT64((pr)->ps_limit); \ (kp)->p_vmspace = PTRTOINT64((p)->p_vmspace); \ (kp)->p_sigacts = PTRTOINT64((p)->p_sigacts); \ - (kp)->p_sess = PTRTOINT64((pg)->pg_session); \ - (kp)->p_ru = PTRTOINT64((pr)->ps_ru); \ + if (show_addresses) \ + (kp)->p_sess = PTRTOINT64((pg)->pg_session); \ + if (show_addresses) \ + (kp)->p_ru = PTRTOINT64((pr)->ps_ru); \ \ (kp)->p_exitsig = (p)->p_exitsig; \ (kp)->p_flag = (p)->p_flag | (pr)->ps_flags | P_INMEM; \ @@ -512,7 +516,8 @@ do { \ (kp)->p_cpticks = (p)->p_cpticks; \ (kp)->p_pctcpu = (p)->p_pctcpu; \ \ - (kp)->p_tracep = PTRTOINT64((pr)->ps_tracevp); \ + if (show_addresses) \ + (kp)->p_tracep = PTRTOINT64((pr)->ps_tracevp); \ (kp)->p_traceflag = (pr)->ps_traceflag; \ \ (kp)->p_siglist = (p)->p_siglist; \ @@ -555,7 +560,8 @@ do { \ if ((p)->p_wmesg) \ copy_str((kp)->p_wmesg, (p)->p_wmesg, \ sizeof((kp)->p_wmesg)); \ - (kp)->p_wchan = PTRTOINT64((p)->p_wchan); \ + if (show_addresses) \ + (kp)->p_wchan = PTRTOINT64((p)->p_wchan); \ } \ \ if (lim) \ |