kern_prot.c revision 1.106.4.1
1 /* $NetBSD: kern_prot.c,v 1.106.4.1 2008/05/10 23:49:04 wrstuden Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_prot.c 8.9 (Berkeley) 2/14/95 37 */ 38 39 /* 40 * System calls related to processes and protection 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: kern_prot.c,v 1.106.4.1 2008/05/10 23:49:04 wrstuden Exp $"); 45 46 #include "opt_compat_43.h" 47 48 #include <sys/param.h> 49 #include <sys/acct.h> 50 #include <sys/systm.h> 51 #include <sys/ucred.h> 52 #include <sys/proc.h> 53 #include <sys/timeb.h> 54 #include <sys/times.h> 55 #include <sys/pool.h> 56 #include <sys/prot.h> 57 #include <sys/syslog.h> 58 #include <sys/resourcevar.h> 59 #include <sys/kauth.h> 60 61 #include <sys/mount.h> 62 #include <sys/sa.h> 63 #include <sys/syscallargs.h> 64 65 int sys_getpid(struct lwp *, const void *, register_t *); 66 int sys_getpid_with_ppid(struct lwp *, const void *, register_t *); 67 int sys_getuid(struct lwp *, const void *, register_t *); 68 int sys_getuid_with_euid(struct lwp *, const void *, register_t *); 69 int sys_getgid(struct lwp *, const void *, register_t *); 70 int sys_getgid_with_egid(struct lwp *, const void *, register_t *); 71 72 /* ARGSUSED */ 73 int 74 sys_getpid(struct lwp *l, const void *v, register_t *retval) 75 { 76 struct proc *p = l->l_proc; 77 78 *retval = p->p_pid; 79 return (0); 80 } 81 82 /* ARGSUSED */ 83 int 84 sys_getpid_with_ppid(struct lwp *l, const void *v, register_t *retval) 85 { 86 struct proc *p = l->l_proc; 87 88 retval[0] = p->p_pid; 89 mutex_enter(proc_lock); 90 retval[1] = p->p_pptr->p_pid; 91 mutex_exit(proc_lock); 92 return (0); 93 } 94 95 /* ARGSUSED */ 96 int 97 sys_getppid(struct lwp *l, const void *v, register_t *retval) 98 { 99 struct proc *p = l->l_proc; 100 101 mutex_enter(proc_lock); 102 *retval = p->p_pptr->p_pid; 103 mutex_exit(proc_lock); 104 return (0); 105 } 106 107 /* Get process group ID; note that POSIX getpgrp takes no parameter */ 108 int 109 sys_getpgrp(struct lwp *l, const void *v, register_t *retval) 110 { 111 struct proc *p = l->l_proc; 112 113 mutex_enter(proc_lock); 114 *retval = p->p_pgrp->pg_id; 115 mutex_exit(proc_lock); 116 return (0); 117 } 118 119 /* 120 * Return the process group ID of the session leader (session ID) 121 * for the specified process. 122 */ 123 int 124 sys_getsid(struct lwp *l, const struct sys_getsid_args *uap, register_t *retval) 125 { 126 /* { 127 syscalldarg(pid_t) pid; 128 } */ 129 pid_t pid = SCARG(uap, pid); 130 struct proc *p; 131 int error = 0; 132 133 mutex_enter(proc_lock); 134 if (pid == 0) 135 *retval = l->l_proc->p_session->s_sid; 136 else if ((p = p_find(pid, PFIND_LOCKED)) != NULL) 137 *retval = p->p_session->s_sid; 138 else 139 error = ESRCH; 140 mutex_exit(proc_lock); 141 142 return error; 143 } 144 145 int 146 sys_getpgid(struct lwp *l, const struct sys_getpgid_args *uap, register_t *retval) 147 { 148 /* { 149 syscallarg(pid_t) pid; 150 } */ 151 pid_t pid = SCARG(uap, pid); 152 struct proc *p; 153 int error = 0; 154 155 mutex_enter(proc_lock); 156 if (pid == 0) 157 *retval = l->l_proc->p_pgid; 158 else if ((p = p_find(pid, PFIND_LOCKED)) != NULL) 159 *retval = p->p_pgid; 160 else 161 error = ESRCH; 162 mutex_exit(proc_lock); 163 164 return error; 165 } 166 167 /* ARGSUSED */ 168 int 169 sys_getuid(struct lwp *l, const void *v, register_t *retval) 170 { 171 172 *retval = kauth_cred_getuid(l->l_cred); 173 return (0); 174 } 175 176 /* ARGSUSED */ 177 int 178 sys_getuid_with_euid(struct lwp *l, const void *v, register_t *retval) 179 { 180 181 retval[0] = kauth_cred_getuid(l->l_cred); 182 retval[1] = kauth_cred_geteuid(l->l_cred); 183 return (0); 184 } 185 186 /* ARGSUSED */ 187 int 188 sys_geteuid(struct lwp *l, const void *v, register_t *retval) 189 { 190 191 *retval = kauth_cred_geteuid(l->l_cred); 192 return (0); 193 } 194 195 /* ARGSUSED */ 196 int 197 sys_getgid(struct lwp *l, const void *v, register_t *retval) 198 { 199 200 *retval = kauth_cred_getgid(l->l_cred); 201 return (0); 202 } 203 204 /* ARGSUSED */ 205 int 206 sys_getgid_with_egid(struct lwp *l, const void *v, register_t *retval) 207 { 208 209 retval[0] = kauth_cred_getgid(l->l_cred); 210 retval[1] = kauth_cred_getegid(l->l_cred); 211 return (0); 212 } 213 214 /* 215 * Get effective group ID. The "egid" is groups[0], and could be obtained 216 * via getgroups. This syscall exists because it is somewhat painful to do 217 * correctly in a library function. 218 */ 219 /* ARGSUSED */ 220 int 221 sys_getegid(struct lwp *l, const void *v, register_t *retval) 222 { 223 224 *retval = kauth_cred_getegid(l->l_cred); 225 return (0); 226 } 227 228 int 229 sys_getgroups(struct lwp *l, const struct sys_getgroups_args *uap, register_t *retval) 230 { 231 /* { 232 syscallarg(int) gidsetsize; 233 syscallarg(gid_t *) gidset; 234 } */ 235 236 *retval = kauth_cred_ngroups(l->l_cred); 237 if (SCARG(uap, gidsetsize) == 0) 238 return 0; 239 if (SCARG(uap, gidsetsize) < *retval) 240 return EINVAL; 241 242 return kauth_cred_getgroups(l->l_cred, SCARG(uap, gidset), *retval, 243 UIO_USERSPACE); 244 } 245 246 /* ARGSUSED */ 247 int 248 sys_setsid(struct lwp *l, const void *v, register_t *retval) 249 { 250 struct proc *p = l->l_proc; 251 int error; 252 253 error = enterpgrp(p, p->p_pid, p->p_pid, 1); 254 *retval = p->p_pid; 255 return (error); 256 } 257 258 259 /* 260 * set process group (setpgid/old setpgrp) 261 * 262 * caller does setpgid(targpid, targpgid) 263 * 264 * pgid must be in valid range (EINVAL) 265 * pid must be caller or child of caller (ESRCH) 266 * if a child 267 * pid must be in same session (EPERM) 268 * pid can't have done an exec (EACCES) 269 * if pgid != pid 270 * there must exist some pid in same session having pgid (EPERM) 271 * pid must not be session leader (EPERM) 272 * 273 * Permission checks now in enterpgrp() 274 */ 275 /* ARGSUSED */ 276 int 277 sys_setpgid(struct lwp *l, const struct sys_setpgid_args *uap, register_t *retval) 278 { 279 /* { 280 syscallarg(int) pid; 281 syscallarg(int) pgid; 282 } */ 283 struct proc *p = l->l_proc; 284 pid_t targp, pgid; 285 286 if (SCARG(uap, pgid) < 0) 287 return EINVAL; 288 if ((targp = SCARG(uap, pid)) == 0) 289 targp = p->p_pid; 290 if ((pgid = SCARG(uap, pgid)) == 0) 291 pgid = targp; 292 293 return enterpgrp(p, targp, pgid, 0); 294 } 295 296 /* 297 * Set real, effective and saved uids to the requested values. 298 * non-root callers can only ever change uids to values that match 299 * one of the processes current uid values. 300 * This is further restricted by the flags argument. 301 */ 302 303 int 304 do_setresuid(struct lwp *l, uid_t r, uid_t e, uid_t sv, u_int flags) 305 { 306 struct proc *p = l->l_proc; 307 kauth_cred_t cred, ncred; 308 309 ncred = kauth_cred_alloc(); 310 311 /* Get a write lock on the process credential. */ 312 proc_crmod_enter(); 313 cred = p->p_cred; 314 315 /* 316 * Check that the new value is one of the allowed existing values, 317 * or that we have root privilege. 318 */ 319 if ((r != -1 320 && !((flags & ID_R_EQ_R) && r == kauth_cred_getuid(cred)) 321 && !((flags & ID_R_EQ_E) && r == kauth_cred_geteuid(cred)) 322 && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvuid(cred))) || 323 (e != -1 324 && !((flags & ID_E_EQ_R) && e == kauth_cred_getuid(cred)) 325 && !((flags & ID_E_EQ_E) && e == kauth_cred_geteuid(cred)) 326 && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvuid(cred))) || 327 (sv != -1 328 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getuid(cred)) 329 && !((flags & ID_S_EQ_E) && sv == kauth_cred_geteuid(cred)) 330 && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvuid(cred)))) { 331 int error; 332 333 error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID, 334 p, NULL, NULL, NULL); 335 if (error != 0) { 336 proc_crmod_leave(cred, ncred, false); 337 return error; 338 } 339 } 340 341 /* If nothing has changed, short circuit the request */ 342 if ((r == -1 || r == kauth_cred_getuid(cred)) 343 && (e == -1 || e == kauth_cred_geteuid(cred)) 344 && (sv == -1 || sv == kauth_cred_getsvuid(cred))) { 345 proc_crmod_leave(cred, ncred, false); 346 return 0; 347 } 348 349 kauth_cred_clone(cred, ncred); 350 351 if (r != -1 && r != kauth_cred_getuid(ncred)) { 352 /* Update count of processes for this user */ 353 (void)chgproccnt(kauth_cred_getuid(ncred), -1); 354 (void)chgproccnt(r, 1); 355 kauth_cred_setuid(ncred, r); 356 } 357 if (sv != -1) 358 kauth_cred_setsvuid(ncred, sv); 359 if (e != -1) 360 kauth_cred_seteuid(ncred, e); 361 362 /* Broadcast our credentials to the process and other LWPs. */ 363 proc_crmod_leave(ncred, cred, true); 364 365 return 0; 366 } 367 368 /* 369 * Set real, effective and saved gids to the requested values. 370 * non-root callers can only ever change gids to values that match 371 * one of the processes current gid values. 372 * This is further restricted by the flags argument. 373 */ 374 375 int 376 do_setresgid(struct lwp *l, gid_t r, gid_t e, gid_t sv, u_int flags) 377 { 378 struct proc *p = l->l_proc; 379 kauth_cred_t cred, ncred; 380 381 ncred = kauth_cred_alloc(); 382 383 /* Get a write lock on the process credential. */ 384 proc_crmod_enter(); 385 cred = p->p_cred; 386 387 /* 388 * check new value is one of the allowed existing values. 389 * otherwise, check if we have root privilege. 390 */ 391 if ((r != -1 392 && !((flags & ID_R_EQ_R) && r == kauth_cred_getgid(cred)) 393 && !((flags & ID_R_EQ_E) && r == kauth_cred_getegid(cred)) 394 && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvgid(cred))) || 395 (e != -1 396 && !((flags & ID_E_EQ_R) && e == kauth_cred_getgid(cred)) 397 && !((flags & ID_E_EQ_E) && e == kauth_cred_getegid(cred)) 398 && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvgid(cred))) || 399 (sv != -1 400 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getgid(cred)) 401 && !((flags & ID_S_EQ_E) && sv == kauth_cred_getegid(cred)) 402 && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvgid(cred)))) { 403 int error; 404 405 error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID, 406 p, NULL, NULL, NULL); 407 if (error != 0) { 408 proc_crmod_leave(cred, ncred, false); 409 return error; 410 } 411 } 412 413 /* If nothing has changed, short circuit the request */ 414 if ((r == -1 || r == kauth_cred_getgid(cred)) 415 && (e == -1 || e == kauth_cred_getegid(cred)) 416 && (sv == -1 || sv == kauth_cred_getsvgid(cred))) { 417 proc_crmod_leave(cred, ncred, false); 418 return 0; 419 } 420 421 kauth_cred_clone(cred, ncred); 422 423 if (r != -1) 424 kauth_cred_setgid(ncred, r); 425 if (sv != -1) 426 kauth_cred_setsvgid(ncred, sv); 427 if (e != -1) 428 kauth_cred_setegid(ncred, e); 429 430 /* Broadcast our credentials to the process and other LWPs. */ 431 proc_crmod_leave(ncred, cred, true); 432 433 return 0; 434 } 435 436 /* ARGSUSED */ 437 int 438 sys_setuid(struct lwp *l, const struct sys_setuid_args *uap, register_t *retval) 439 { 440 /* { 441 syscallarg(uid_t) uid; 442 } */ 443 uid_t uid = SCARG(uap, uid); 444 445 return do_setresuid(l, uid, uid, uid, 446 ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R); 447 } 448 449 /* ARGSUSED */ 450 int 451 sys_seteuid(struct lwp *l, const struct sys_seteuid_args *uap, register_t *retval) 452 { 453 /* { 454 syscallarg(uid_t) euid; 455 } */ 456 457 return do_setresuid(l, -1, SCARG(uap, euid), -1, ID_E_EQ_R | ID_E_EQ_S); 458 } 459 460 int 461 sys_setreuid(struct lwp *l, const struct sys_setreuid_args *uap, register_t *retval) 462 { 463 /* { 464 syscallarg(uid_t) ruid; 465 syscallarg(uid_t) euid; 466 } */ 467 kauth_cred_t cred = l->l_cred; 468 uid_t ruid, euid, svuid; 469 470 ruid = SCARG(uap, ruid); 471 euid = SCARG(uap, euid); 472 473 if (ruid == -1) 474 ruid = kauth_cred_getuid(cred); 475 if (euid == -1) 476 euid = kauth_cred_geteuid(cred); 477 478 /* Saved uid is set to the new euid if the ruid changed */ 479 svuid = (ruid == kauth_cred_getuid(cred)) ? -1 : euid; 480 481 return do_setresuid(l, ruid, euid, svuid, 482 ID_R_EQ_R | ID_R_EQ_E | 483 ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S | 484 ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S); 485 } 486 487 /* ARGSUSED */ 488 int 489 sys_setgid(struct lwp *l, const struct sys_setgid_args *uap, register_t *retval) 490 { 491 /* { 492 syscallarg(gid_t) gid; 493 } */ 494 gid_t gid = SCARG(uap, gid); 495 496 return do_setresgid(l, gid, gid, gid, 497 ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R); 498 } 499 500 /* ARGSUSED */ 501 int 502 sys_setegid(struct lwp *l, const struct sys_setegid_args *uap, register_t *retval) 503 { 504 /* { 505 syscallarg(gid_t) egid; 506 } */ 507 508 return do_setresgid(l, -1, SCARG(uap, egid), -1, ID_E_EQ_R | ID_E_EQ_S); 509 } 510 511 int 512 sys_setregid(struct lwp *l, const struct sys_setregid_args *uap, register_t *retval) 513 { 514 /* { 515 syscallarg(gid_t) rgid; 516 syscallarg(gid_t) egid; 517 } */ 518 kauth_cred_t cred = l->l_cred; 519 gid_t rgid, egid, svgid; 520 521 rgid = SCARG(uap, rgid); 522 egid = SCARG(uap, egid); 523 524 if (rgid == -1) 525 rgid = kauth_cred_getgid(cred); 526 if (egid == -1) 527 egid = kauth_cred_getegid(cred); 528 529 /* Saved gid is set to the new egid if the rgid changed */ 530 svgid = rgid == kauth_cred_getgid(cred) ? -1 : egid; 531 532 return do_setresgid(l, rgid, egid, svgid, 533 ID_R_EQ_R | ID_R_EQ_E | 534 ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S | 535 ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S); 536 } 537 538 int 539 sys_issetugid(struct lwp *l, const void *v, register_t *retval) 540 { 541 struct proc *p = l->l_proc; 542 543 /* 544 * Note: OpenBSD sets a P_SUGIDEXEC flag set at execve() time, 545 * we use PK_SUGID because we consider changing the owners as 546 * "tainting" as well. 547 * This is significant for procs that start as root and "become" 548 * a user without an exec - programs cannot know *everything* 549 * that libc *might* have put in their data segment. 550 */ 551 *retval = (p->p_flag & PK_SUGID) != 0; 552 return (0); 553 } 554 555 /* ARGSUSED */ 556 int 557 sys_setgroups(struct lwp *l, const struct sys_setgroups_args *uap, register_t *retval) 558 { 559 /* { 560 syscallarg(int) gidsetsize; 561 syscallarg(const gid_t *) gidset; 562 } */ 563 kauth_cred_t ncred; 564 int error; 565 566 ncred = kauth_cred_alloc(); 567 error = kauth_cred_setgroups(ncred, SCARG(uap, gidset), 568 SCARG(uap, gidsetsize), -1, UIO_USERSPACE); 569 if (error != 0) { 570 kauth_cred_free(ncred); 571 return error; 572 } 573 574 return kauth_proc_setgroups(l, ncred); 575 } 576 577 /* 578 * Get login name, if available. 579 */ 580 /* ARGSUSED */ 581 int 582 sys___getlogin(struct lwp *l, const struct sys___getlogin_args *uap, register_t *retval) 583 { 584 /* { 585 syscallarg(char *) namebuf; 586 syscallarg(size_t) namelen; 587 } */ 588 struct proc *p = l->l_proc; 589 char login[sizeof(p->p_session->s_login)]; 590 int namelen = SCARG(uap, namelen); 591 592 if (namelen > sizeof(login)) 593 namelen = sizeof(login); 594 mutex_enter(proc_lock); 595 memcpy(login, p->p_session->s_login, namelen); 596 mutex_exit(proc_lock); 597 return (copyout(login, (void *)SCARG(uap, namebuf), namelen)); 598 } 599 600 /* 601 * Set login name. 602 */ 603 /* ARGSUSED */ 604 int 605 sys___setlogin(struct lwp *l, const struct sys___setlogin_args *uap, register_t *retval) 606 { 607 /* { 608 syscallarg(const char *) namebuf; 609 } */ 610 struct proc *p = l->l_proc; 611 struct session *sp; 612 char newname[sizeof sp->s_login + 1]; 613 int error; 614 615 if ((error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_SETID, 616 p, NULL, NULL, NULL)) != 0) 617 return (error); 618 error = copyinstr(SCARG(uap, namebuf), &newname, sizeof newname, NULL); 619 if (error != 0) 620 return (error == ENAMETOOLONG ? EINVAL : error); 621 622 mutex_enter(proc_lock); 623 sp = p->p_session; 624 if (sp->s_flags & S_LOGIN_SET && p->p_pid != sp->s_sid && 625 strncmp(newname, sp->s_login, sizeof sp->s_login) != 0) 626 log(LOG_WARNING, "%s (pid %d) changing logname from " 627 "%.*s to %s\n", p->p_comm, p->p_pid, 628 (int)sizeof sp->s_login, sp->s_login, newname); 629 sp->s_flags |= S_LOGIN_SET; 630 strncpy(sp->s_login, newname, sizeof sp->s_login); 631 mutex_exit(proc_lock); 632 return (0); 633 } 634 635
Indexes created Mon Sep 29 21:09:56 GMT 2025