Attachment 173424 Details for Bug 211580 – Patch to allow per-jail msgbuf access

[patch] Patch to allow per-jail msgbuf access

20160808-jail-msgbuf.diff (text/plain), 4.86 KB, created by Bjoern A. Zeeb on 2016-08-08 21:44:57 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Bjoern A. Zeeb

Created: 2016-08-08 21:44:57 UTC

Size: 4.86 KB

patch

obsolete

>Index: usr.sbin/jail/config.c
>===================================================================
>--- usr.sbin/jail/config.c	(revision 302298)
>+++ usr.sbin/jail/config.c	(working copy)
>@@ -117,6 +117,7 @@ static const struct ipspec intparams[] = {
>     [KP_PERSIST] =		{"persist",		0},
>     [KP_SECURELEVEL] =		{"securelevel",		0},
>     [KP_VNET] =			{"vnet",		0},
>+    [KP_ALLOW_READ_MSGBUF] =	{"allow.read_msgbuf",	0},
> };
> 
> /*
>Index: usr.sbin/jail/jailp.h
>===================================================================
>--- usr.sbin/jail/jailp.h	(revision 302298)
>+++ usr.sbin/jail/jailp.h	(working copy)
>@@ -130,7 +130,8 @@ enum intparam {
> 	KP_PERSIST,
> 	KP_SECURELEVEL,
> 	KP_VNET,
>-	IP_NPARAM
>+	IP_NPARAM,
>+	KP_ALLOW_READ_MSGBUF
> };
> 
> STAILQ_HEAD(cfvars, cfvar);
>Index: sys/kern/kern_jail.c
>===================================================================
>--- sys/kern/kern_jail.c	(revision 302298)
>+++ sys/kern/kern_jail.c	(working copy)
>@@ -207,6 +207,7 @@ static char *pr_allow_names[] = {
> 	"allow.mount.fdescfs",
> 	"allow.mount.linprocfs",
> 	"allow.mount.linsysfs",
>+	"allow.read_msgbuf",
> };
> const size_t pr_allow_names_size = sizeof(pr_allow_names);
> 
>@@ -226,6 +227,7 @@ static char *pr_allow_nonames[] = {
> 	"allow.mount.nofdescfs",
> 	"allow.mount.nolinprocfs",
> 	"allow.mount.nolinsysfs",
>+	"allow.noread_msgbuf",
> };
> const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames);
> 
>@@ -3889,7 +3891,18 @@ prison_priv_check(struct ucred *cred, int priv)
> 		 * Allow ktrace privileges for root in jail.
> 		 */
> 	case PRIV_KTRACE:
>+		return (0);
> 
>+		/*
>+		 * Do not allow a process inside a jail read the kernel
>+		 * message buffer unless explicitly permitted.
>+		 */
>+	case PRIV_MSGBUF:
>+		if (cred->cr_prison->pr_allow & PR_ALLOW_READ_MSGBUF)
>+			return (0);
>+		else
>+			return (EPERM);
>+
> #if 0
> 		/*
> 		 * Allow jailed processes to configure audit identity and
>@@ -4518,6 +4531,8 @@ SYSCTL_JAIL_PARAM(_allow, quotas, CTLTYPE_INT | CT
>     "B", "Jail may set file quotas");
> SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW,
>     "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route");
>+SYSCTL_JAIL_PARAM(_allow, read_msgbuf, CTLTYPE_INT | CTLFLAG_RW,
>+    "B", "Jail may read the kernel message buffer");
> 
> SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags");
> SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW,
>Index: sys/kern/kern_priv.c
>===================================================================
>--- sys/kern/kern_priv.c	(revision 302298)
>+++ sys/kern/kern_priv.c	(working copy)
>@@ -60,6 +60,12 @@ static int	unprivileged_mlock = 1;
> SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RWTUN,
>     &unprivileged_mlock, 0, "Allow non-root users to call mlock(2)");
> 
>+static int	unprivileged_read_msgbuf = 1;
>+SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
>+    CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
>+    "Unprivileged processes may read the kernel message buffer");
>+
>+
> SDT_PROVIDER_DEFINE(priv);
> SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__ok, "int");
> SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__err, "int");
>@@ -107,6 +113,17 @@ priv_check_cred(struct ucred *cred, int priv, int
> 		}
> 	}
> 
>+	if (unprivileged_read_msgbuf) {
>+		/*
>+		 * Allow an unprivileged user to read the kernel message
>+		 * buffer.
>+		 */
>+		if (priv == PRIV_MSGBUF) {
>+			error = 0;
>+			goto out;
>+		}
>+	}
>+
> 	/*
> 	 * Having determined if privilege is restricted by various policies,
> 	 * now determine if privilege is granted.  At this point, any policy
>Index: sys/kern/subr_prf.c
>===================================================================
>--- sys/kern/subr_prf.c	(revision 302298)
>+++ sys/kern/subr_prf.c	(working copy)
>@@ -1004,11 +1004,6 @@ msgbufinit(void *ptr, int size)
> 	oldp = msgbufp;
> }
> 
>-static int unprivileged_read_msgbuf = 1;
>-SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
>-    CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
>-    "Unprivileged processes may read the kernel message buffer");
>-
> /* Sysctls for accessing/clearing the msgbuf */
> static int
> sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)
>@@ -1017,11 +1012,9 @@ sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)
> 	u_int seq;
> 	int error, len;
> 
>-	if (!unprivileged_read_msgbuf) {
>-		error = priv_check(req->td, PRIV_MSGBUF);
>-		if (error)
>-			return (error);
>-	}
>+	error = priv_check(req->td, PRIV_MSGBUF);
>+	if (error)
>+		return (error);
> 
> 	/* Read the whole buffer, one chunk at a time. */
> 	mtx_lock(&msgbuf_lock);
>Index: sys/sys/jail.h
>===================================================================
>--- sys/sys/jail.h	(revision 302298)
>+++ sys/sys/jail.h	(working copy)
>@@ -230,7 +230,8 @@ struct prison_racct {
> #define	PR_ALLOW_MOUNT_FDESCFS		0x1000
> #define	PR_ALLOW_MOUNT_LINPROCFS	0x2000
> #define	PR_ALLOW_MOUNT_LINSYSFS		0x4000
>-#define	PR_ALLOW_ALL			0x7fff
>+#define	PR_ALLOW_READ_MSGBUF		0x8000
>+#define	PR_ALLOW_ALL			0xffff
> 
> /*
>  * OSD methods

Actions: View | Diff

Attachments on bug 211580: 173424 | 198114