Attachment #198114 for bug #211580

Lines 193-198 static struct bool_flags pr_flag_allow[NBBY * NBPW Link Here

(-)sys/kern/kern_jail.c (+13 lines)
193	{"allow.mlock", "allow.nomlock", PR_ALLOW_MLOCK},	193	{"allow.mlock", "allow.nomlock", PR_ALLOW_MLOCK},
194	{"allow.reserved_ports", "allow.noreserved_ports",	194	{"allow.reserved_ports", "allow.noreserved_ports",
195	PR_ALLOW_RESERVED_PORTS},	195	PR_ALLOW_RESERVED_PORTS},
		196	{"allow.read_msgbuf", "allow.noread_msgbuf", PR_ALLOW_READ_MSGBUF},
196	};	197	};
197	const size_t pr_flag_allow_size = sizeof(pr_flag_allow);	198	const size_t pr_flag_allow_size = sizeof(pr_flag_allow);
198		199
Lines 3350-3355 prison_priv_check(struct ucred *cred, int priv) Link Here
3350	case PRIV_PROC_SETLOGINCLASS:	3351	case PRIV_PROC_SETLOGINCLASS:
3351	return (0);	3352	return (0);
3352		3353
		3354	/*
		3355	* Do not allow a process inside a jail read the kernel
		3356	* message buffer unless explicitly permitted.
		3357	*/
		3358	case PRIV_MSGBUF:
		3359	if (cred->cr_prison->pr_allow & PR_ALLOW_READ_MSGBUF)
		3360	return (0);
		3361	else
		3362	return (EPERM);
		3363
3353	default:	3364	default:
3354	/*	3365	/*
3355	* In all remaining cases, deny the privilege request. This	3366	* In all remaining cases, deny the privilege request. This
Lines 3770-3775 SYSCTL_JAIL_PARAM(_allow, mlock, CTLTYPE_INT \| CTL Link Here
3770	"B", "Jail may lock (unlock) physical pages in memory");	3781	"B", "Jail may lock (unlock) physical pages in memory");
3771	SYSCTL_JAIL_PARAM(_allow, reserved_ports, CTLTYPE_INT \| CTLFLAG_RW,	3782	SYSCTL_JAIL_PARAM(_allow, reserved_ports, CTLTYPE_INT \| CTLFLAG_RW,
3772	"B", "Jail may bind sockets to reserved ports");	3783	"B", "Jail may bind sockets to reserved ports");
		3784	SYSCTL_JAIL_PARAM(_allow, read_msgbuf, CTLTYPE_INT \| CTLFLAG_RW,
		3785	"B", "Jail may read the kernel message buffer");
3773		3786
3774	SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags");	3787	SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags");
3775	SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT \| CTLFLAG_RW,	3788	SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT \| CTLFLAG_RW,

Lines 62-67 static int unprivileged_mlock = 1; Link Here

(-)sys/kern/kern_priv.c (+16 lines)
62	SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RWTUN,	62	SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RWTUN,
63	&unprivileged_mlock, 0, "Allow non-root users to call mlock(2)");	63	&unprivileged_mlock, 0, "Allow non-root users to call mlock(2)");
64		64
		65	static int unprivileged_read_msgbuf = 1;
		66	SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
		67	CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
		68	"Unprivileged processes may read the kernel message buffer");
		69
65	SDT_PROVIDER_DEFINE(priv);	70	SDT_PROVIDER_DEFINE(priv);
66	SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__ok, "int");	71	SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__ok, "int");
67	SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__err, "int");	72	SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__err, "int");
Lines 109-114 priv_check_cred(struct ucred *cred, int priv, int Link Here
109	}	114	}
110	}	115	}
111		116
		117	if (unprivileged_read_msgbuf) {
		118	/*
		119	* Allow an unprivileged user to read the kernel message
		120	* buffer.
		121	*/
		122	if (priv == PRIV_MSGBUF) {
		123	error = 0;
		124	goto out;
		125	}
		126	}
		127
112	/*	128	/*
113	* Having determined if privilege is restricted by various policies,	129	* Having determined if privilege is restricted by various policies,
114	* now determine if privilege is granted. At this point, any policy	130	* now determine if privilege is granted. At this point, any policy




	oldp = msgbufp;
}

static int unprivileged_read_msgbuf = 1;
SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
    CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
    "Unprivileged processes may read the kernel message buffer");

/* Sysctls for accessing/clearing the msgbuf */
static int
sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)

	u_int seq;
	int error, len;

	error = priv_check(req->td, PRIV_MSGBUF);
	if (error)
		return (error);
			return (error);
	}

	/* Read the whole buffer, one chunk at a time. */
	mtx_lock(&msgbuf_lock);

Lines 228-236 struct prison_racct { Link Here

(-)sys/sys/jail.h (-1 / +2 lines)
228	#define PR_ALLOW_QUOTAS 0x00000020	228	#define PR_ALLOW_QUOTAS 0x00000020
229	#define PR_ALLOW_SOCKET_AF 0x00000040	229	#define PR_ALLOW_SOCKET_AF 0x00000040
230	#define PR_ALLOW_MLOCK 0x00000080	230	#define PR_ALLOW_MLOCK 0x00000080
		231	#define PR_ALLOW_READ_MSGBUF 0x00000100
231	#define PR_ALLOW_RESERVED_PORTS 0x00008000	232	#define PR_ALLOW_RESERVED_PORTS 0x00008000
232	#define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */	233	#define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */
233	#define PR_ALLOW_ALL_STATIC 0x000180ff	234	#define PR_ALLOW_ALL_STATIC 0x000181ff
234		235
235	/*	236	/*
236	* OSD methods	237	* OSD methods

Lines 549-554 option. Link Here

(-)usr.sbin/jail/jail.8 (+5 lines)
549	The jail root may administer quotas on the jail's filesystem(s).	549	The jail root may administer quotas on the jail's filesystem(s).
550	This includes filesystems that the jail may share with other jails or	550	This includes filesystems that the jail may share with other jails or
551	with non-jailed parts of the system.	551	with non-jailed parts of the system.
		552	.It Va allow.read_msgbuf
		553	Jailed users may read the kernel message buffer.
		554	If the
		555	.Va security.bsd.unprivileged_read_msgbuf
		556	MIB entry is zero, this will be restricted to to root user.
552	.It Va allow.socket_af	557	.It Va allow.socket_af
553	Sockets within a jail are normally restricted to IPv4, IPv6, local	558	Sockets within a jail are normally restricted to IPv4, IPv6, local
554	(UNIX), and route. This allows access to other protocol stacks that	559	(UNIX), and route. This allows access to other protocol stacks that

Return to bug 211580

Lines 1053-1063 msgbufinit(void *ptr, int size) Link Here

(-)sys/kern/subr_prf.c (-10 / +3 lines)
1053	oldp = msgbufp;	1053	oldp = msgbufp;
1054	}	1054	}
1055		1055
1056	static int unprivileged_read_msgbuf = 1;
1057	SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
1058	CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
1059	"Unprivileged processes may read the kernel message buffer");
1060
1061	/* Sysctls for accessing/clearing the msgbuf */	1056	/* Sysctls for accessing/clearing the msgbuf */
1062	static int	1057	static int
1063	sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)	1058	sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)
Lines 1066-1076 sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS) Link Here
1066	u_int seq;	1061	u_int seq;
1067	int error, len;	1062	int error, len;
1068		1063
1069	if (!unprivileged_read_msgbuf) {	1064	error = priv_check(req->td, PRIV_MSGBUF);
1070	error = priv_check(req->td, PRIV_MSGBUF);	1065	if (error)
1071	if (error)	1066	return (error);
1072	return (error);
1073	}
1074		1067
1075	/* Read the whole buffer, one chunk at a time. */	1068	/* Read the whole buffer, one chunk at a time. */
1076	mtx_lock(&msgbuf_lock);	1069	mtx_lock(&msgbuf_lock);