kern_prot.c revision 1.91 1 /* $NetBSD: kern_prot.c,v 1.91 2006/07/17 15:29:06 ad Exp $ */
2
3 /*
4 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)kern_prot.c 8.9 (Berkeley) 2/14/95
37 */
38
39 /*
40 * System calls related to processes and protection
41 */
42
43 #include <sys/cdefs.h>
44 __KERNEL_RCSID(0, "$NetBSD: kern_prot.c,v 1.91 2006/07/17 15:29:06 ad Exp $");
45
46 #include "opt_compat_43.h"
47
48 #include <sys/param.h>
49 #include <sys/acct.h>
50 #include <sys/systm.h>
51 #include <sys/ucred.h>
52 #include <sys/proc.h>
53 #include <sys/timeb.h>
54 #include <sys/times.h>
55 #include <sys/pool.h>
56 #include <sys/syslog.h>
57 #include <sys/resourcevar.h>
58 #include <sys/kauth.h>
59
60 #include <sys/mount.h>
61 #include <sys/sa.h>
62 #include <sys/syscallargs.h>
63
64 #include <sys/malloc.h>
65
66 int sys_getpid(struct lwp *, void *, register_t *);
67 int sys_getpid_with_ppid(struct lwp *, void *, register_t *);
68 int sys_getuid(struct lwp *, void *, register_t *);
69 int sys_getuid_with_euid(struct lwp *, void *, register_t *);
70 int sys_getgid(struct lwp *, void *, register_t *);
71 int sys_getgid_with_egid(struct lwp *, void *, register_t *);
72
73 static int grsortu(gid_t *, int);
74
75 /* ARGSUSED */
76 int
77 sys_getpid(struct lwp *l, void *v, register_t *retval)
78 {
79 struct proc *p = l->l_proc;
80
81 *retval = p->p_pid;
82 return (0);
83 }
84
85 /* ARGSUSED */
86 int
87 sys_getpid_with_ppid(struct lwp *l, void *v, register_t *retval)
88 {
89 struct proc *p = l->l_proc;
90
91 retval[0] = p->p_pid;
92 retval[1] = p->p_pptr->p_pid;
93 return (0);
94 }
95
96 /* ARGSUSED */
97 int
98 sys_getppid(struct lwp *l, void *v, register_t *retval)
99 {
100 struct proc *p = l->l_proc;
101
102 *retval = p->p_pptr->p_pid;
103 return (0);
104 }
105
106 /* Get process group ID; note that POSIX getpgrp takes no parameter */
107 int
108 sys_getpgrp(struct lwp *l, void *v, register_t *retval)
109 {
110 struct proc *p = l->l_proc;
111
112 *retval = p->p_pgrp->pg_id;
113 return (0);
114 }
115
116 /*
117 * Return the process group ID of the session leader (session ID)
118 * for the specified process.
119 */
120 int
121 sys_getsid(struct lwp *l, void *v, register_t *retval)
122 {
123 struct sys_getsid_args /* {
124 syscalldarg(pid_t) pid;
125 } */ *uap = v;
126 struct proc *p = l->l_proc;
127
128 if (SCARG(uap, pid) == 0)
129 goto found;
130 if ((p = pfind(SCARG(uap, pid))) == 0)
131 return (ESRCH);
132 found:
133 *retval = p->p_session->s_sid;
134 return (0);
135 }
136
137 int
138 sys_getpgid(struct lwp *l, void *v, register_t *retval)
139 {
140 struct sys_getpgid_args /* {
141 syscallarg(pid_t) pid;
142 } */ *uap = v;
143 struct proc *p = l->l_proc;
144
145 if (SCARG(uap, pid) == 0)
146 goto found;
147 if ((p = pfind(SCARG(uap, pid))) == 0)
148 return (ESRCH);
149 found:
150 *retval = p->p_pgid;
151 return (0);
152 }
153
154 /* ARGSUSED */
155 int
156 sys_getuid(struct lwp *l, void *v, register_t *retval)
157 {
158 struct proc *p = l->l_proc;
159
160 *retval = kauth_cred_getuid(p->p_cred);
161 return (0);
162 }
163
164 /* ARGSUSED */
165 int
166 sys_getuid_with_euid(struct lwp *l, void *v, register_t *retval)
167 {
168 struct proc *p = l->l_proc;
169
170 retval[0] = kauth_cred_getuid(p->p_cred);
171 retval[1] = kauth_cred_geteuid(p->p_cred);
172 return (0);
173 }
174
175 /* ARGSUSED */
176 int
177 sys_geteuid(struct lwp *l, void *v, register_t *retval)
178 {
179 struct proc *p = l->l_proc;
180
181 *retval = kauth_cred_geteuid(p->p_cred);
182 return (0);
183 }
184
185 /* ARGSUSED */
186 int
187 sys_getgid(struct lwp *l, void *v, register_t *retval)
188 {
189 struct proc *p = l->l_proc;
190
191 *retval = kauth_cred_getgid(p->p_cred);
192 return (0);
193 }
194
195 /* ARGSUSED */
196 int
197 sys_getgid_with_egid(struct lwp *l, void *v, register_t *retval)
198 {
199 struct proc *p = l->l_proc;
200
201 retval[0] = kauth_cred_getgid(p->p_cred);
202 retval[1] = kauth_cred_getegid(p->p_cred);
203 return (0);
204 }
205
206 /*
207 * Get effective group ID. The "egid" is groups[0], and could be obtained
208 * via getgroups. This syscall exists because it is somewhat painful to do
209 * correctly in a library function.
210 */
211 /* ARGSUSED */
212 int
213 sys_getegid(struct lwp *l, void *v, register_t *retval)
214 {
215 struct proc *p = l->l_proc;
216
217 *retval = kauth_cred_getegid(p->p_cred);
218 return (0);
219 }
220
221 int
222 sys_getgroups(struct lwp *l, void *v, register_t *retval)
223 {
224 struct sys_getgroups_args /* {
225 syscallarg(int) gidsetsize;
226 syscallarg(gid_t *) gidset;
227 } */ *uap = v;
228 struct proc *p = l->l_proc;
229 kauth_cred_t pc = p->p_cred;
230 u_int ngrp;
231 int error;
232 gid_t *grbuf;
233
234 if (SCARG(uap, gidsetsize) == 0) {
235 *retval = kauth_cred_ngroups(pc);
236 return (0);
237 } else if (SCARG(uap, gidsetsize) < 0)
238 return (EINVAL);
239 ngrp = SCARG(uap, gidsetsize);
240 if (ngrp < kauth_cred_ngroups(pc))
241 return (EINVAL);
242 ngrp = kauth_cred_ngroups(pc);
243
244 grbuf = malloc(ngrp * sizeof(*grbuf), M_TEMP, M_WAITOK);
245 kauth_cred_getgroups(pc, grbuf, ngrp);
246 error = copyout(grbuf, (caddr_t)SCARG(uap, gidset),
247 ngrp * sizeof(gid_t));
248 free(grbuf, M_TEMP);
249 if (error)
250 return (error);
251 *retval = ngrp;
252 return (0);
253 }
254
255 /* ARGSUSED */
256 int
257 sys_setsid(struct lwp *l, void *v, register_t *retval)
258 {
259 struct proc *p = l->l_proc;
260
261 if (p->p_pgid == p->p_pid || pgfind(p->p_pid)) {
262 return (EPERM);
263 } else {
264 (void)enterpgrp(p, p->p_pid, 1);
265 *retval = p->p_pid;
266 return (0);
267 }
268 }
269
270 /*
271 * set process group (setpgid/old setpgrp)
272 *
273 * caller does setpgid(targpid, targpgid)
274 *
275 * pgid must be in valid range (EINVAL)
276 * pid must be caller or child of caller (ESRCH)
277 * if a child
278 * pid must be in same session (EPERM)
279 * pid can't have done an exec (EACCES)
280 * if pgid != pid
281 * there must exist some pid in same session having pgid (EPERM)
282 * pid must not be session leader (EPERM)
283 *
284 * Permission checks now in enterpgrp()
285 */
286 /* ARGSUSED */
287 int
288 sys_setpgid(struct lwp *l, void *v, register_t *retval)
289 {
290 struct sys_setpgid_args /* {
291 syscallarg(int) pid;
292 syscallarg(int) pgid;
293 } */ *uap = v;
294 struct proc *curp = l->l_proc;
295 struct proc *targp; /* target process */
296
297 if (SCARG(uap, pgid) < 0)
298 return EINVAL;
299
300 /* XXX MP - there is a horrid race here with targp exiting! */
301 if (SCARG(uap, pid) != 0 && SCARG(uap, pid) != curp->p_pid) {
302 targp = pfind(SCARG(uap, pid));
303 if (targp == NULL)
304 return ESRCH;
305 } else
306 targp = curp;
307
308 if (SCARG(uap, pgid) == 0)
309 SCARG(uap, pgid) = targp->p_pid;
310 return enterpgrp(targp, SCARG(uap, pgid), 0);
311 }
312
313 /*
314 * Set real, effective and saved uids to the requested values.
315 * non-root callers can only ever change uids to values that match
316 * one of the processes current uid values.
317 * This is further restricted by the flags argument.
318 */
319
320 int
321 do_setresuid(struct lwp *l, uid_t r, uid_t e, uid_t sv, u_int flags)
322 {
323 struct proc *p = l->l_proc;
324 kauth_cred_t cred = p->p_cred;
325
326 /*
327 * check new value is one of the allowed existing values.
328 * otherwise, check if we have root privilege.
329 */
330 if ((r != -1
331 && !((flags & ID_R_EQ_R) && r == kauth_cred_getuid(cred))
332 && !((flags & ID_R_EQ_E) && r == kauth_cred_geteuid(cred))
333 && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvuid(cred))) ||
334 (e != -1
335 && !((flags & ID_E_EQ_R) && e == kauth_cred_getuid(cred))
336 && !((flags & ID_E_EQ_E) && e == kauth_cred_geteuid(cred))
337 && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvuid(cred))) ||
338 (sv != -1
339 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getuid(cred))
340 && !((flags & ID_S_EQ_E) && sv == kauth_cred_geteuid(cred))
341 && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvuid(cred)))) {
342 int error;
343
344 error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
345 &p->p_acflag);
346 if (error != 0) {
347 return error;
348 }
349 }
350
351 /* If nothing has changed, short circuit the request */
352 if ((r == -1 || r == kauth_cred_getuid(cred))
353 && (e == -1 || e == kauth_cred_geteuid(cred))
354 && (sv == -1 || sv == kauth_cred_getsvuid(cred))) {
355 /* nothing to do */
356 return 0;
357 }
358
359 cred = kauth_cred_copy(cred);
360 p->p_cred = cred;
361
362 if (r != -1 && r != kauth_cred_getuid(cred)) {
363 /* Update count of processes for this user */
364 (void)chgproccnt(kauth_cred_getuid(cred), -1);
365 (void)chgproccnt(r, 1);
366 kauth_cred_setuid(cred, r);
367 }
368 if (sv != -1)
369 kauth_cred_setsvuid(cred, sv);
370 if (e != -1)
371 kauth_cred_seteuid(cred, e);
372
373 /* Mark process as having changed credentials, stops tracing etc */
374 p_sugid(p);
375 return 0;
376 }
377
378 /*
379 * Set real, effective and saved gids to the requested values.
380 * non-root callers can only ever change gids to values that match
381 * one of the processes current gid values.
382 * This is further restricted by the flags argument.
383 */
384
385 int
386 do_setresgid(struct lwp *l, gid_t r, gid_t e, gid_t sv, u_int flags)
387 {
388 struct proc *p = l->l_proc;
389 kauth_cred_t cred = p->p_cred;
390
391 /*
392 * check new value is one of the allowed existing values.
393 * otherwise, check if we have root privilege.
394 */
395 if ((r != -1
396 && !((flags & ID_R_EQ_R) && r == kauth_cred_getgid(cred))
397 && !((flags & ID_R_EQ_E) && r == kauth_cred_getegid(cred))
398 && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvgid(cred))) ||
399 (e != -1
400 && !((flags & ID_E_EQ_R) && e == kauth_cred_getgid(cred))
401 && !((flags & ID_E_EQ_E) && e == kauth_cred_getegid(cred))
402 && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvgid(cred))) ||
403 (sv != -1
404 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getgid(cred))
405 && !((flags & ID_S_EQ_E) && sv == kauth_cred_getegid(cred))
406 && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvgid(cred)))) {
407 int error;
408
409 error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
410 &p->p_acflag);
411 if (error != 0) {
412 return error;
413 }
414 }
415
416 /* If nothing has changed, short circuit the request */
417 if ((r == -1 || r == kauth_cred_getgid(cred))
418 && (e == -1 || e == kauth_cred_getegid(cred))
419 && (sv == -1 || sv == kauth_cred_getsvgid(cred))) {
420 /* nothing to do */
421 return 0;
422 }
423
424 cred = kauth_cred_copy(cred);
425 p->p_cred = cred;
426
427 if (r != -1)
428 kauth_cred_setgid(cred, r);
429 if (sv != -1)
430 kauth_cred_setsvgid(cred, sv);
431 if (e != -1)
432 kauth_cred_setegid(cred, e);
433
434 /* Mark process as having changed credentials, stops tracing etc */
435 p_sugid(p);
436 return 0;
437 }
438
439 /* ARGSUSED */
440 int
441 sys_setuid(struct lwp *l, void *v, register_t *retval)
442 {
443 struct sys_setuid_args /* {
444 syscallarg(uid_t) uid;
445 } */ *uap = v;
446 uid_t uid = SCARG(uap, uid);
447
448 return do_setresuid(l, uid, uid, uid,
449 ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R);
450 }
451
452 /* ARGSUSED */
453 int
454 sys_seteuid(struct lwp *l, void *v, register_t *retval)
455 {
456 struct sys_seteuid_args /* {
457 syscallarg(uid_t) euid;
458 } */ *uap = v;
459
460 return do_setresuid(l, -1, SCARG(uap, euid), -1, ID_E_EQ_R | ID_E_EQ_S);
461 }
462
463 int
464 sys_setreuid(struct lwp *l, void *v, register_t *retval)
465 {
466 struct sys_setreuid_args /* {
467 syscallarg(uid_t) ruid;
468 syscallarg(uid_t) euid;
469 } */ *uap = v;
470 struct proc *p = l->l_proc;
471 uid_t ruid, euid, svuid;
472
473 ruid = SCARG(uap, ruid);
474 euid = SCARG(uap, euid);
475 if (ruid == -1)
476 ruid = kauth_cred_getuid(p->p_cred);
477 if (euid == -1)
478 euid = kauth_cred_geteuid(p->p_cred);
479 /* Saved uid is set to the new euid if the ruid changed */
480 svuid = (ruid == kauth_cred_getuid(p->p_cred)) ? -1 : euid;
481
482 return do_setresuid(l, ruid, euid, svuid,
483 ID_R_EQ_R | ID_R_EQ_E |
484 ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S |
485 ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S);
486 }
487
488 /* ARGSUSED */
489 int
490 sys_setgid(struct lwp *l, void *v, register_t *retval)
491 {
492 struct sys_setgid_args /* {
493 syscallarg(gid_t) gid;
494 } */ *uap = v;
495 gid_t gid = SCARG(uap, gid);
496
497 return do_setresgid(l, gid, gid, gid,
498 ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R);
499 }
500
501 /* ARGSUSED */
502 int
503 sys_setegid(struct lwp *l, void *v, register_t *retval)
504 {
505 struct sys_setegid_args /* {
506 syscallarg(gid_t) egid;
507 } */ *uap = v;
508
509 return do_setresgid(l, -1, SCARG(uap, egid), -1, ID_E_EQ_R | ID_E_EQ_S);
510 }
511
512 int
513 sys_setregid(struct lwp *l, void *v, register_t *retval)
514 {
515 struct sys_setregid_args /* {
516 syscallarg(gid_t) rgid;
517 syscallarg(gid_t) egid;
518 } */ *uap = v;
519 struct proc *p = l->l_proc;
520 gid_t rgid, egid, svgid;
521
522 rgid = SCARG(uap, rgid);
523 egid = SCARG(uap, egid);
524 if (rgid == -1)
525 rgid = kauth_cred_getgid(p->p_cred);
526 if (egid == -1)
527 egid = kauth_cred_getegid(p->p_cred);
528 /* Saved gid is set to the new egid if the rgid changed */
529 svgid = rgid == kauth_cred_getgid(p->p_cred) ? -1 : egid;
530
531 return do_setresgid(l, rgid, egid, svgid,
532 ID_R_EQ_R | ID_R_EQ_E |
533 ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S |
534 ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S);
535 }
536
537 int
538 sys_issetugid(struct lwp *l, void *v, register_t *retval)
539 {
540 struct proc *p = l->l_proc;
541
542 /*
543 * Note: OpenBSD sets a P_SUGIDEXEC flag set at execve() time,
544 * we use P_SUGID because we consider changing the owners as
545 * "tainting" as well.
546 * This is significant for procs that start as root and "become"
547 * a user without an exec - programs cannot know *everything*
548 * that libc *might* have put in their data segment.
549 */
550 *retval = (p->p_flag & P_SUGID) != 0;
551 return (0);
552 }
553
554 /*
555 * sort -u for groups.
556 */
557 static int
558 grsortu(gid_t *grp, int ngrp)
559 {
560 const gid_t *src, *end;
561 gid_t *dst;
562 gid_t group;
563 int i, j;
564
565 /* bubble sort */
566 for (i = 0; i < ngrp; i++)
567 for (j = i + 1; j < ngrp; j++)
568 if (grp[i] > grp[j]) {
569 gid_t tmp = grp[i];
570 grp[i] = grp[j];
571 grp[j] = tmp;
572 }
573
574 /* uniq */
575 end = grp + ngrp;
576 src = grp;
577 dst = grp;
578 while (src < end) {
579 group = *src++;
580 while (src < end && *src == group)
581 src++;
582 *dst++ = group;
583 }
584
585 #ifdef DIAGNOSTIC
586 /* zero out the rest of the array */
587 (void)memset(dst, 0, sizeof(*grp) * (end - dst));
588 #endif
589
590 return dst - grp;
591 }
592
593 /* ARGSUSED */
594 int
595 sys_setgroups(struct lwp *l, void *v, register_t *retval)
596 {
597 struct sys_setgroups_args /* {
598 syscallarg(int) gidsetsize;
599 syscallarg(const gid_t *) gidset;
600 } */ *uap = v;
601 struct proc *p = l->l_proc;
602 kauth_cred_t pc = p->p_cred;
603 int ngrp;
604 int error;
605 gid_t grp[NGROUPS];
606 size_t grsize;
607
608 if ((error = kauth_authorize_generic(pc, KAUTH_GENERIC_ISSUSER,
609 &p->p_acflag)) != 0)
610 return (error);
611
612 ngrp = SCARG(uap, gidsetsize);
613 if ((u_int)ngrp > NGROUPS)
614 return (EINVAL);
615
616 grsize = ngrp * sizeof(gid_t);
617 error = copyin(SCARG(uap, gidset), grp, grsize);
618 if (error)
619 return (error);
620
621 ngrp = grsortu(grp, ngrp);
622
623 pc = kauth_cred_copy(pc);
624 p->p_cred = pc;
625 kauth_cred_setgroups(pc, grp, ngrp, -1);
626
627 p_sugid(p);
628 return (0);
629 }
630
631 /*
632 * Get login name, if available.
633 */
634 /* ARGSUSED */
635 int
636 sys___getlogin(struct lwp *l, void *v, register_t *retval)
637 {
638 struct sys___getlogin_args /* {
639 syscallarg(char *) namebuf;
640 syscallarg(size_t) namelen;
641 } */ *uap = v;
642 struct proc *p = l->l_proc;
643
644 if (SCARG(uap, namelen) > sizeof(p->p_pgrp->pg_session->s_login))
645 SCARG(uap, namelen) = sizeof(p->p_pgrp->pg_session->s_login);
646 return (copyout((caddr_t) p->p_pgrp->pg_session->s_login,
647 (caddr_t) SCARG(uap, namebuf), SCARG(uap, namelen)));
648 }
649
650 /*
651 * Set login name.
652 */
653 /* ARGSUSED */
654 int
655 sys___setlogin(struct lwp *l, void *v, register_t *retval)
656 {
657 struct sys___setlogin_args /* {
658 syscallarg(const char *) namebuf;
659 } */ *uap = v;
660 struct proc *p = l->l_proc;
661 struct session *s = p->p_pgrp->pg_session;
662 char newname[sizeof s->s_login + 1];
663 int error;
664
665 if ((error = kauth_authorize_generic(p->p_cred, KAUTH_GENERIC_ISSUSER,
666 &p->p_acflag)) != 0)
667 return (error);
668 error = copyinstr(SCARG(uap, namebuf), &newname, sizeof newname, NULL);
669 if (error != 0)
670 return (error == ENAMETOOLONG ? EINVAL : error);
671
672 if (s->s_flags & S_LOGIN_SET && p->p_pid != s->s_sid &&
673 strncmp(newname, s->s_login, sizeof s->s_login) != 0)
674 log(LOG_WARNING, "%s (pid %d) changing logname from "
675 "%.*s to %s\n", p->p_comm, p->p_pid,
676 (int)sizeof s->s_login, s->s_login, newname);
677 s->s_flags |= S_LOGIN_SET;
678 strncpy(s->s_login, newname, sizeof s->s_login);
679 return (0);
680 }
681