Turn the ptrace(2) syscall into a kernel compile option, option PTRACE in

your kernel configuration file.
By default, GENERIC will enable this.

When PTRACE is not enabled, several ptrace-like features of the procfs
filesystem will be disabled as well (namely, the ability to read and write
any process' registers, as well as attching, single stepping and detaching
to/from processes).

This should help paranoid people build better sandboxens, and us to build
smaller ramdisks.

4 files changed, 39 insertions, 6 deletions

diff --git a/sys/miscfs/procfs/README b/sys/miscfs/procfs/README
index aecb1697a61..40086e3c0f6 100644
--- a/sys/miscfs/procfs/README
+++ b/sys/miscfs/procfs/README
@@ -1,4 +1,4 @@
-/*	$OpenBSD: README,v 1.5 2000/08/15 06:11:45 jasoni Exp $	*/
+/*	$OpenBSD: README,v 1.6 2002/03/14 00:42:25 miod Exp $	*/
 /*	$NetBSD: README,v 1.4 1994/06/29 06:34:43 cgd Exp $	*/
 
 saute procfs lyonnais
@@ -49,9 +49,15 @@ are:
 			a multi-proc kernel would need to do some
 			synchronisation.
 
+	fpregs	- r/w.	same as regs, but for floating point registers
+			when available.
+
 	cmdline - r/o.	process command line parameters, separated
 			by NULs
 
+Note that regs and fpregs are not available if the kernel is compiled
+without option PTRACE.
+
 this then looks like:
 
 % ls -li /proc
@@ -112,6 +118,9 @@ the basic sequence of commands written to "ctl" would be
 	detach		- continue execution of the target process
 			  and remove it from control by the debug process
 
+Note that attach, wait, step, run and detach are not available if the
+kernel is compiled without option PTRACE.
+
 in a normal debugging environment, where the target is fork/exec'd by
 the debugger, the debugger should fork and the child should stop itself
 (with a self-inflicted SIGSTOP).  the parent should do a "wait" then an
diff --git a/sys/miscfs/procfs/procfs_ctl.c b/sys/miscfs/procfs/procfs_ctl.c
index 4b09aaaae23..bac9f4e0324 100644
--- a/sys/miscfs/procfs/procfs_ctl.c
+++ b/sys/miscfs/procfs/procfs_ctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: procfs_ctl.c,v 1.8 2002/01/30 20:45:35 nordin Exp $	*/
+/*	$OpenBSD: procfs_ctl.c,v 1.9 2002/03/14 00:42:25 miod Exp $	*/
 /*	$NetBSD: procfs_ctl.c,v 1.14 1996/02/09 22:40:48 christos Exp $	*/
 
 /*
@@ -63,6 +63,8 @@
 	 (p)->p_pptr == (curp) && \
 	 ISSET((p)->p_flag, P_TRACED))
 
+#ifdef PTRACE
+
 #define PROCFS_CTL_ATTACH	1
 #define PROCFS_CTL_DETACH	2
 #define PROCFS_CTL_STEP		3
@@ -79,6 +81,8 @@ static vfs_namemap_t ctlnames[] = {
 	{ 0 },
 };
 
+#endif
+
 static vfs_namemap_t signames[] = {
 	/* regular signal names */
 	{ "hup",	SIGHUP },	{ "int",	SIGINT },
@@ -100,6 +104,7 @@ static vfs_namemap_t signames[] = {
 	{ 0 },
 };
 
+#ifdef PTRACE
 static int procfs_control __P((struct proc *, struct proc *, int));
 
 static int
@@ -243,14 +248,17 @@ procfs_control(curp, p, op)
 		}
 		return (error);
 
+#ifdef DIAGNOSTIC
 	default:
 		panic("procfs_control");
+#endif
 	}
 
 	if (p->p_stat == SSTOP)
 		setrunnable(p);
 	return (0);
 }
+#endif
 
 int
 procfs_doctl(curp, p, pfs, uio)
@@ -283,10 +291,13 @@ procfs_doctl(curp, p, pfs, uio)
 	 */
 	error = EOPNOTSUPP;
 
+#ifdef PTRACE
 	nm = vfs_findname(ctlnames, msg, xlen);
 	if (nm) {
 		error = procfs_control(curp, p, nm->nm_val);
-	} else {
+	} else
+#endif
+	{
 		nm = vfs_findname(signames, msg, xlen);
 		if (nm) {
 			if (TRACE_WAIT_P(curp, p)) {
diff --git a/sys/miscfs/procfs/procfs_subr.c b/sys/miscfs/procfs/procfs_subr.c
index 9d0f1c9fb5a..0ec024a1698 100644
--- a/sys/miscfs/procfs/procfs_subr.c
+++ b/sys/miscfs/procfs/procfs_subr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: procfs_subr.c,v 1.16 2002/01/30 20:29:44 nordin Exp $	*/
+/*	$OpenBSD: procfs_subr.c,v 1.17 2002/03/14 00:42:25 miod Exp $	*/
 /*	$NetBSD: procfs_subr.c,v 1.15 1996/02/12 15:01:42 christos Exp $	*/
 
 /*
@@ -223,11 +223,13 @@ procfs_rw(v)
 	case Pnotepg:
 		return (procfs_donote(curp, p, pfs, uio));
 
+#ifdef PTRACE
 	case Pregs:
 		return (procfs_doregs(curp, p, pfs, uio));
 
 	case Pfpregs:
 		return (procfs_dofpregs(curp, p, pfs, uio));
+#endif
 
 	case Pctl:
 		return (procfs_doctl(curp, p, pfs, uio));
diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c
index efc9a88b5fa..0b616b571d8 100644
--- a/sys/miscfs/procfs/procfs_vnops.c
+++ b/sys/miscfs/procfs/procfs_vnops.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: procfs_vnops.c,v 1.23 2002/03/11 15:39:27 art Exp $	*/
+/*	$OpenBSD: procfs_vnops.c,v 1.24 2002/03/14 00:42:25 miod Exp $	*/
 /*	$NetBSD: procfs_vnops.c,v 1.40 1996/03/16 23:52:55 christos Exp $	*/
 
 /*
@@ -89,8 +89,10 @@ struct proc_target {
 	{ DT_DIR, N(".."),	Proot,		NULL },
 	{ DT_REG, N("file"),	Pfile,		procfs_validfile },
 	{ DT_REG, N("mem"),	Pmem,		NULL },
+#ifdef PTRACE
 	{ DT_REG, N("regs"),	Pregs,		procfs_validregs },
 	{ DT_REG, N("fpregs"),	Pfpregs,	procfs_validfpregs },
+#endif
 	{ DT_REG, N("ctl"),	Pctl,		NULL },
 	{ DT_REG, N("status"),	Pstatus,	NULL },
 	{ DT_REG, N("note"),	Pnote,		NULL },
@@ -550,9 +552,12 @@ procfs_getattr(v)
 	vap->va_atime = vap->va_mtime = vap->va_ctime;
 
 	switch (pfs->pfs_type) {
-	case Pmem:
 	case Pregs:
 	case Pfpregs:
+#ifndef PTRACE
+		break;
+#endif
+	case Pmem:
 		/*
 		 * If the process has exercised some setuid or setgid
 		 * privilege, then rip away read/write permission so
@@ -640,12 +645,16 @@ procfs_getattr(v)
 		break;
 
 	case Pregs:
+#ifdef PTRACE
 		vap->va_bytes = vap->va_size = sizeof(struct reg);
+#endif
 		break;
 
 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS)
 	case Pfpregs:
+#ifdef PTRACE
 		vap->va_bytes = vap->va_size = sizeof(struct fpreg);
+#endif
 		break;
 #endif
 
@@ -659,8 +668,10 @@ procfs_getattr(v)
 		vap->va_bytes = vap->va_size = 0;
 		break;
 
+#ifdef DIAGNOSTIC
 	default:
 		panic("procfs_getattr");
+#endif
 	}
 
 	return (error);