kern_prot.c revision 1.120
1 /* $NetBSD: kern_prot.c,v 1.120 2016/11/12 19:42:47 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_prot.c 8.9 (Berkeley) 2/14/95 37 */ 38 39 /* 40 * System calls related to processes and protection 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: kern_prot.c,v 1.120 2016/11/12 19:42:47 christos Exp $"); 45 46 #ifdef _KERNEL_OPT 47 #include "opt_compat_43.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/acct.h> 52 #include <sys/systm.h> 53 #include <sys/ucred.h> 54 #include <sys/proc.h> 55 #include <sys/timeb.h> 56 #include <sys/times.h> 57 #include <sys/pool.h> 58 #include <sys/prot.h> 59 #include <sys/syslog.h> 60 #include <sys/uidinfo.h> 61 #include <sys/kauth.h> 62 63 #include <sys/mount.h> 64 #include <sys/syscallargs.h> 65 66 int sys_getpid(struct lwp *, const void *, register_t *); 67 int sys_getpid_with_ppid(struct lwp *, const void *, register_t *); 68 int sys_getuid(struct lwp *, const void *, register_t *); 69 int sys_getuid_with_euid(struct lwp *, const void *, register_t *); 70 int sys_getgid(struct lwp *, const void *, register_t *); 71 int sys_getgid_with_egid(struct lwp *, const void *, register_t *); 72 73 /* ARGSUSED */ 74 int 75 sys_getpid(struct lwp *l, const void *v, register_t *retval) 76 { 77 struct proc *p = l->l_proc; 78 79 *retval = p->p_pid; 80 return (0); 81 } 82 83 static pid_t 84 kern_getppid(struct lwp *l) 85 { 86 struct proc *p = l->l_proc; 87 pid_t ppid; 88 89 mutex_enter(proc_lock); 90 mutex_enter(p->p_lock); 91 ppid = (p->p_slflag & PSL_TRACED) && p->p_opptr ? p->p_opptr->p_pid : 92 p->p_pptr->p_pid; 93 mutex_exit(p->p_lock); 94 mutex_exit(proc_lock); 95 return ppid; 96 } 97 98 /* ARGSUSED */ 99 int 100 sys_getpid_with_ppid(struct lwp *l, const void *v, register_t *retval) 101 { 102 struct proc *p = l->l_proc; 103 104 retval[0] = p->p_pid; 105 retval[1] = kern_getppid(l); 106 return (0); 107 } 108 109 /* ARGSUSED */ 110 int 111 sys_getppid(struct lwp *l, const void *v, register_t *retval) 112 { 113 *retval = kern_getppid(l); 114 return (0); 115 } 116 117 /* Get process group ID; note that POSIX getpgrp takes no parameter */ 118 int 119 sys_getpgrp(struct lwp *l, const void *v, register_t *retval) 120 { 121 struct proc *p = l->l_proc; 122 123 mutex_enter(proc_lock); 124 *retval = p->p_pgrp->pg_id; 125 mutex_exit(proc_lock); 126 return (0); 127 } 128 129 /* 130 * Return the process group ID of the session leader (session ID) 131 * for the specified process. 132 */ 133 int 134 sys_getsid(struct lwp *l, const struct sys_getsid_args *uap, register_t *retval) 135 { 136 /* { 137 syscalldarg(pid_t) pid; 138 } */ 139 pid_t pid = SCARG(uap, pid); 140 struct proc *p; 141 int error = 0; 142 143 mutex_enter(proc_lock); 144 if (pid == 0) 145 *retval = l->l_proc->p_session->s_sid; 146 else if ((p = proc_find(pid)) != NULL) 147 *retval = p->p_session->s_sid; 148 else 149 error = ESRCH; 150 mutex_exit(proc_lock); 151 152 return error; 153 } 154 155 int 156 sys_getpgid(struct lwp *l, const struct sys_getpgid_args *uap, register_t *retval) 157 { 158 /* { 159 syscallarg(pid_t) pid; 160 } */ 161 pid_t pid = SCARG(uap, pid); 162 struct proc *p; 163 int error = 0; 164 165 mutex_enter(proc_lock); 166 if (pid == 0) 167 *retval = l->l_proc->p_pgid; 168 else if ((p = proc_find(pid)) != NULL) 169 *retval = p->p_pgid; 170 else 171 error = ESRCH; 172 mutex_exit(proc_lock); 173 174 return error; 175 } 176 177 /* ARGSUSED */ 178 int 179 sys_getuid(struct lwp *l, const void *v, register_t *retval) 180 { 181 182 *retval = kauth_cred_getuid(l->l_cred); 183 return (0); 184 } 185 186 /* ARGSUSED */ 187 int 188 sys_getuid_with_euid(struct lwp *l, const void *v, register_t *retval) 189 { 190 191 retval[0] = kauth_cred_getuid(l->l_cred); 192 retval[1] = kauth_cred_geteuid(l->l_cred); 193 return (0); 194 } 195 196 /* ARGSUSED */ 197 int 198 sys_geteuid(struct lwp *l, const void *v, register_t *retval) 199 { 200 201 *retval = kauth_cred_geteuid(l->l_cred); 202 return (0); 203 } 204 205 /* ARGSUSED */ 206 int 207 sys_getgid(struct lwp *l, const void *v, register_t *retval) 208 { 209 210 *retval = kauth_cred_getgid(l->l_cred); 211 return (0); 212 } 213 214 /* ARGSUSED */ 215 int 216 sys_getgid_with_egid(struct lwp *l, const void *v, register_t *retval) 217 { 218 219 retval[0] = kauth_cred_getgid(l->l_cred); 220 retval[1] = kauth_cred_getegid(l->l_cred); 221 return (0); 222 } 223 224 /* 225 * Get effective group ID. The "egid" is groups[0], and could be obtained 226 * via getgroups. This syscall exists because it is somewhat painful to do 227 * correctly in a library function. 228 */ 229 /* ARGSUSED */ 230 int 231 sys_getegid(struct lwp *l, const void *v, register_t *retval) 232 { 233 234 *retval = kauth_cred_getegid(l->l_cred); 235 return (0); 236 } 237 238 int 239 sys_getgroups(struct lwp *l, const struct sys_getgroups_args *uap, register_t *retval) 240 { 241 /* { 242 syscallarg(int) gidsetsize; 243 syscallarg(gid_t *) gidset; 244 } */ 245 246 *retval = kauth_cred_ngroups(l->l_cred); 247 if (SCARG(uap, gidsetsize) == 0) 248 return 0; 249 if (SCARG(uap, gidsetsize) < (int)*retval) 250 return EINVAL; 251 252 return kauth_cred_getgroups(l->l_cred, SCARG(uap, gidset), *retval, 253 UIO_USERSPACE); 254 } 255 256 int 257 sys_setsid(struct lwp *l, const void *v, register_t *retval) 258 { 259 struct proc *p = l->l_proc; 260 int error; 261 262 error = proc_enterpgrp(p, p->p_pid, p->p_pid, true); 263 *retval = p->p_pid; 264 return (error); 265 } 266 267 268 /* 269 * set process group (setpgid/old setpgrp) 270 * 271 * caller does setpgid(targpid, targpgid) 272 * 273 * pgid must be in valid range (EINVAL) 274 * pid must be caller or child of caller (ESRCH) 275 * if a child 276 * pid must be in same session (EPERM) 277 * pid can't have done an exec (EACCES) 278 * if pgid != pid 279 * there must exist some pid in same session having pgid (EPERM) 280 * pid must not be session leader (EPERM) 281 * 282 * Permission checks now in proc_enterpgrp() 283 */ 284 int 285 sys_setpgid(struct lwp *l, const struct sys_setpgid_args *uap, 286 register_t *retval) 287 { 288 /* { 289 syscallarg(int) pid; 290 syscallarg(int) pgid; 291 } */ 292 struct proc *p = l->l_proc; 293 pid_t targp, pgid; 294 295 if (SCARG(uap, pgid) < 0) 296 return EINVAL; 297 if ((targp = SCARG(uap, pid)) == 0) 298 targp = p->p_pid; 299 if ((pgid = SCARG(uap, pgid)) == 0) 300 pgid = targp; 301 302 return proc_enterpgrp(p, targp, pgid, false); 303 } 304 305 /* 306 * Set real, effective and saved uids to the requested values. 307 * non-root callers can only ever change uids to values that match 308 * one of the processes current uid values. 309 * This is further restricted by the flags argument. 310 */ 311 312 int 313 do_setresuid(struct lwp *l, uid_t r, uid_t e, uid_t sv, u_int flags) 314 { 315 struct proc *p = l->l_proc; 316 kauth_cred_t cred, ncred; 317 318 ncred = kauth_cred_alloc(); 319 320 /* Get a write lock on the process credential. */ 321 proc_crmod_enter(); 322 cred = p->p_cred; 323 324 /* 325 * Check that the new value is one of the allowed existing values, 326 * or that we have root privilege. 327 */ 328 if ((r != -1 329 && !((flags & ID_R_EQ_R) && r == kauth_cred_getuid(cred)) 330 && !((flags & ID_R_EQ_E) && r == kauth_cred_geteuid(cred)) 331 && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvuid(cred))) || 332 (e != -1 333 && !((flags & ID_E_EQ_R) && e == kauth_cred_getuid(cred)) 334 && !((flags & ID_E_EQ_E) && e == kauth_cred_geteuid(cred)) 335 && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvuid(cred))) || 336 (sv != -1 337 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getuid(cred)) 338 && !((flags & ID_S_EQ_E) && sv == kauth_cred_geteuid(cred)) 339 && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvuid(cred)))) { 340 int error; 341 342 error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID, 343 p, NULL, NULL, NULL); 344 if (error != 0) { 345 proc_crmod_leave(cred, ncred, false); 346 return error; 347 } 348 } 349 350 /* If nothing has changed, short circuit the request */ 351 if ((r == -1 || r == kauth_cred_getuid(cred)) 352 && (e == -1 || e == kauth_cred_geteuid(cred)) 353 && (sv == -1 || sv == kauth_cred_getsvuid(cred))) { 354 proc_crmod_leave(cred, ncred, false); 355 return 0; 356 } 357 358 kauth_cred_clone(cred, ncred); 359 360 if (r != -1 && r != kauth_cred_getuid(ncred)) { 361 u_long nlwps; 362 363 /* Update count of processes for this user. */ 364 (void)chgproccnt(kauth_cred_getuid(ncred), -1); 365 (void)chgproccnt(r, 1); 366 367 /* The first LWP of a process is excluded. */ 368 KASSERT(mutex_owned(p->p_lock)); 369 nlwps = p->p_nlwps - 1; 370 (void)chglwpcnt(kauth_cred_getuid(ncred), -nlwps); 371 (void)chglwpcnt(r, nlwps); 372 373 kauth_cred_setuid(ncred, r); 374 } 375 if (sv != -1) 376 kauth_cred_setsvuid(ncred, sv); 377 if (e != -1) 378 kauth_cred_seteuid(ncred, e); 379 380 /* Broadcast our credentials to the process and other LWPs. */ 381 proc_crmod_leave(ncred, cred, true); 382 383 return 0; 384 } 385 386 /* 387 * Set real, effective and saved gids to the requested values. 388 * non-root callers can only ever change gids to values that match 389 * one of the processes current gid values. 390 * This is further restricted by the flags argument. 391 */ 392 393 int 394 do_setresgid(struct lwp *l, gid_t r, gid_t e, gid_t sv, u_int flags) 395 { 396 struct proc *p = l->l_proc; 397 kauth_cred_t cred, ncred; 398 399 ncred = kauth_cred_alloc(); 400 401 /* Get a write lock on the process credential. */ 402 proc_crmod_enter(); 403 cred = p->p_cred; 404 405 /* 406 * check new value is one of the allowed existing values. 407 * otherwise, check if we have root privilege. 408 */ 409 if ((r != -1 410 && !((flags & ID_R_EQ_R) && r == kauth_cred_getgid(cred)) 411 && !((flags & ID_R_EQ_E) && r == kauth_cred_getegid(cred)) 412 && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvgid(cred))) || 413 (e != -1 414 && !((flags & ID_E_EQ_R) && e == kauth_cred_getgid(cred)) 415 && !((flags & ID_E_EQ_E) && e == kauth_cred_getegid(cred)) 416 && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvgid(cred))) || 417 (sv != -1 418 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getgid(cred)) 419 && !((flags & ID_S_EQ_E) && sv == kauth_cred_getegid(cred)) 420 && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvgid(cred)))) { 421 int error; 422 423 error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID, 424 p, NULL, NULL, NULL); 425 if (error != 0) { 426 proc_crmod_leave(cred, ncred, false); 427 return error; 428 } 429 } 430 431 /* If nothing has changed, short circuit the request */ 432 if ((r == -1 || r == kauth_cred_getgid(cred)) 433 && (e == -1 || e == kauth_cred_getegid(cred)) 434 && (sv == -1 || sv == kauth_cred_getsvgid(cred))) { 435 proc_crmod_leave(cred, ncred, false); 436 return 0; 437 } 438 439 kauth_cred_clone(cred, ncred); 440 441 if (r != -1) 442 kauth_cred_setgid(ncred, r); 443 if (sv != -1) 444 kauth_cred_setsvgid(ncred, sv); 445 if (e != -1) 446 kauth_cred_setegid(ncred, e); 447 448 /* Broadcast our credentials to the process and other LWPs. */ 449 proc_crmod_leave(ncred, cred, true); 450 451 return 0; 452 } 453 454 /* ARGSUSED */ 455 int 456 sys_setuid(struct lwp *l, const struct sys_setuid_args *uap, register_t *retval) 457 { 458 /* { 459 syscallarg(uid_t) uid; 460 } */ 461 uid_t uid = SCARG(uap, uid); 462 463 return do_setresuid(l, uid, uid, uid, 464 ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R); 465 } 466 467 /* ARGSUSED */ 468 int 469 sys_seteuid(struct lwp *l, const struct sys_seteuid_args *uap, register_t *retval) 470 { 471 /* { 472 syscallarg(uid_t) euid; 473 } */ 474 475 return do_setresuid(l, -1, SCARG(uap, euid), -1, ID_E_EQ_R | ID_E_EQ_S); 476 } 477 478 int 479 sys_setreuid(struct lwp *l, const struct sys_setreuid_args *uap, register_t *retval) 480 { 481 /* { 482 syscallarg(uid_t) ruid; 483 syscallarg(uid_t) euid; 484 } */ 485 kauth_cred_t cred = l->l_cred; 486 uid_t ruid, euid, svuid; 487 488 ruid = SCARG(uap, ruid); 489 euid = SCARG(uap, euid); 490 491 if (ruid == -1) 492 ruid = kauth_cred_getuid(cred); 493 if (euid == -1) 494 euid = kauth_cred_geteuid(cred); 495 496 /* Saved uid is set to the new euid if the ruid changed */ 497 svuid = (ruid == kauth_cred_getuid(cred)) ? -1 : euid; 498 499 return do_setresuid(l, ruid, euid, svuid, 500 ID_R_EQ_R | ID_R_EQ_E | 501 ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S | 502 ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S); 503 } 504 505 /* ARGSUSED */ 506 int 507 sys_setgid(struct lwp *l, const struct sys_setgid_args *uap, register_t *retval) 508 { 509 /* { 510 syscallarg(gid_t) gid; 511 } */ 512 gid_t gid = SCARG(uap, gid); 513 514 return do_setresgid(l, gid, gid, gid, 515 ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R); 516 } 517 518 /* ARGSUSED */ 519 int 520 sys_setegid(struct lwp *l, const struct sys_setegid_args *uap, register_t *retval) 521 { 522 /* { 523 syscallarg(gid_t) egid; 524 } */ 525 526 return do_setresgid(l, -1, SCARG(uap, egid), -1, ID_E_EQ_R | ID_E_EQ_S); 527 } 528 529 int 530 sys_setregid(struct lwp *l, const struct sys_setregid_args *uap, register_t *retval) 531 { 532 /* { 533 syscallarg(gid_t) rgid; 534 syscallarg(gid_t) egid; 535 } */ 536 kauth_cred_t cred = l->l_cred; 537 gid_t rgid, egid, svgid; 538 539 rgid = SCARG(uap, rgid); 540 egid = SCARG(uap, egid); 541 542 if (rgid == -1) 543 rgid = kauth_cred_getgid(cred); 544 if (egid == -1) 545 egid = kauth_cred_getegid(cred); 546 547 /* Saved gid is set to the new egid if the rgid changed */ 548 svgid = rgid == kauth_cred_getgid(cred) ? -1 : egid; 549 550 return do_setresgid(l, rgid, egid, svgid, 551 ID_R_EQ_R | ID_R_EQ_E | 552 ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S | 553 ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S); 554 } 555 556 int 557 sys_issetugid(struct lwp *l, const void *v, register_t *retval) 558 { 559 struct proc *p = l->l_proc; 560 561 /* 562 * Note: OpenBSD sets a P_SUGIDEXEC flag set at execve() time, 563 * we use PK_SUGID because we consider changing the owners as 564 * "tainting" as well. 565 * This is significant for procs that start as root and "become" 566 * a user without an exec - programs cannot know *everything* 567 * that libc *might* have put in their data segment. 568 */ 569 *retval = (p->p_flag & PK_SUGID) != 0; 570 return (0); 571 } 572 573 /* ARGSUSED */ 574 int 575 sys_setgroups(struct lwp *l, const struct sys_setgroups_args *uap, register_t *retval) 576 { 577 /* { 578 syscallarg(int) gidsetsize; 579 syscallarg(const gid_t *) gidset; 580 } */ 581 kauth_cred_t ncred; 582 int error; 583 584 ncred = kauth_cred_alloc(); 585 error = kauth_cred_setgroups(ncred, SCARG(uap, gidset), 586 SCARG(uap, gidsetsize), -1, UIO_USERSPACE); 587 if (error != 0) { 588 kauth_cred_free(ncred); 589 return error; 590 } 591 592 return kauth_proc_setgroups(l, ncred); 593 } 594 595 /* 596 * Get login name, if available. 597 */ 598 /* ARGSUSED */ 599 int 600 sys___getlogin(struct lwp *l, const struct sys___getlogin_args *uap, register_t *retval) 601 { 602 /* { 603 syscallarg(char *) namebuf; 604 syscallarg(size_t) namelen; 605 } */ 606 struct proc *p = l->l_proc; 607 char login[sizeof(p->p_session->s_login)]; 608 size_t namelen = SCARG(uap, namelen); 609 610 if (namelen > sizeof(login)) 611 namelen = sizeof(login); 612 mutex_enter(proc_lock); 613 memcpy(login, p->p_session->s_login, namelen); 614 mutex_exit(proc_lock); 615 return (copyout(login, (void *)SCARG(uap, namebuf), namelen)); 616 } 617 618 /* 619 * Set login name. 620 */ 621 /* ARGSUSED */ 622 int 623 sys___setlogin(struct lwp *l, const struct sys___setlogin_args *uap, register_t *retval) 624 { 625 /* { 626 syscallarg(const char *) namebuf; 627 } */ 628 struct proc *p = l->l_proc; 629 struct session *sp; 630 char newname[sizeof sp->s_login + 1]; 631 int error; 632 633 if ((error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_SETID, 634 p, NULL, NULL, NULL)) != 0) 635 return (error); 636 error = copyinstr(SCARG(uap, namebuf), newname, sizeof newname, NULL); 637 if (error != 0) 638 return (error == ENAMETOOLONG ? EINVAL : error); 639 640 mutex_enter(proc_lock); 641 sp = p->p_session; 642 if (sp->s_flags & S_LOGIN_SET && p->p_pid != sp->s_sid && 643 strncmp(newname, sp->s_login, sizeof sp->s_login) != 0) 644 log(LOG_WARNING, "%s (pid %d) changing logname from " 645 "%.*s to %s\n", p->p_comm, p->p_pid, 646 (int)sizeof sp->s_login, sp->s_login, newname); 647 sp->s_flags |= S_LOGIN_SET; 648 strncpy(sp->s_login, newname, sizeof sp->s_login); 649 mutex_exit(proc_lock); 650 return (0); 651 } 652
Indexes created Tue Sep 23 22:09:46 GMT 2025