[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another patch - security by obscurity

To: tech@openbsd.org
Subject: Re: Another patch - security by obscurity
From: Thorsten Glaser <x86@ePost.de>
Date: Sat, 3 May 2003 22:21:01 +0000 (UTC)
References: <Pine.BSO.4.53.0305032153440.8587@n1.BOFH.bsddeveloper.co.uk>

>You may know the FreeBSD sysctl "kern.ps_showallprocs".
>Well, this is the equivalent for OpenBSD, including an environment
>restriction.

It had some "initialize variables" diffs etc. by Jedi/Sector One in
it, one of which tedu@ tought me is bogus. malloc can't fail.

Changed diff attached.

//Thorsten
--
Willst Du wegen dummer User immer 'Ja, ich will' nach einem rm an /dev/tty
eingeben müssen?		-- Bodo Eggert in de.alt.sysadmin.recovery
Index: sys/sysctl.h
===================================================================
RCS file: /lcvs/src/sys/sys/sysctl.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- sys/sysctl.h	22 Mar 2003 17:52:01 -0000	1.1.1.1
+++ sys/sysctl.h	23 Mar 2003 21:52:37 -0000	1.2
@@ -179,9 +176,11 @@
 #define KERN_USERASYMCRYPTO	60	/* int: usercrypto */
 #define	KERN_SEMINFO		61	/* struct: SysV struct seminfo */
 #define	KERN_SHMINFO		62	/* struct: SysV struct shminfo */
-#define KERN_INTRCNT		63	/* node: interrupt counters */
+#define	KERN_INTRCNT		63	/* node: interrupt counters */
 #define	KERN_WATCHDOG		64	/* node: watchdog */
-#define	KERN_MAXID		65	/* number of valid kern ids */
+#define	KERN_ALLOWPSA		65	/* int: allow user "ps a" */
+#define	KERN_ALLOWPSE		66	/* int: allow user "ps e" */
+#define	KERN_MAXID		67	/* number of valid kern ids */
 
 #define	CTL_KERN_NAMES { \
 	{ 0, 0 }, \
@@ -249,6 +248,8 @@
 	{ "shminfo", CTLTYPE_STRUCT }, \
 	{ "intrcnt", CTLTYPE_NODE }, \
  	{ "watchdog", CTLTYPE_NODE }, \
+	{ "allowpsa", CTLTYPE_INT }, \
+	{ "allowpse", CTLTYPE_INT }, \
 }
 
 /*
Index: uvm/uvm_meter.c
===================================================================
RCS file: /lcvs/src/sys/uvm/uvm_meter.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- uvm/uvm_meter.c	22 Mar 2003 17:52:05 -0000	1.1.1.1
+++ uvm/uvm_meter.c	23 Mar 2003 21:52:38 -0000	1.2
@@ -61,6 +61,8 @@
 int maxslp = MAXSLP;	/* patchable ... */
 struct loadavg averunnable;
 
+extern int allowpse;
+
 /*
  * constants for averages over 1, 5, and 15 minutes when sampling at
  * 5 second intervals.
@@ -134,6 +136,7 @@
 	struct vmtotal vmtotals;
 	int rv, t;
 	struct _ps_strings _ps = { PS_STRINGS };
+	struct proc *cur = curproc;
 
 	switch (name[0]) {
 	case VM_SWAPENCRYPT:
@@ -168,6 +171,11 @@
 		return (sysctl_rdint(oldp, oldlenp, newp, nkmempages));
 
 	case VM_PSSTRINGS:
+		if ((!allowpse) &&
+		    (cur->p_cred->p_ruid != p->p_cred->p_ruid) &&
+		    (cur->p_cred->p_rgid))
+			return (EPERM);
+
 		return (sysctl_rdstruct(oldp, oldlenp, newp, &_ps,
 		    sizeof(_ps)));
 	case VM_ANONMIN:
Index: kern_sysctl.c
===================================================================
RCS file: /lcvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -r1.1.1.1 -r1.3
--- kern_sysctl.c	22 Mar 2003 17:51:29 -0000	1.1.1.1
+++ kern_sysctl.c	3 May 2003 21:58:00 -0000	1.3
@@ -231,6 +232,7 @@
 #else
 int securelevel;
 #endif
+int allowpsa = 1, allowpse = 1;
 
 /*
  * kernel related system variables.
@@ -484,6 +488,12 @@
 	case KERN_WATCHDOG:
 		return (sysctl_wdog(name + 1, namelen - 1, oldp, oldlenp,
 		    newp, newlen));
+	case KERN_ALLOWPSA:
+		return (sysctl_int(oldp, oldlenp, newp, newlen,
+		    &allowpsa));
+	case KERN_ALLOWPSE:
+		return (sysctl_int(oldp, oldlenp, newp, newlen,
+		    &allowpse));
 	default:
 		return (EOPNOTSUPP);
 	}
@@ -895,9 +905,9 @@
 	char *where;
 	size_t *sizep;
 {
-	register struct proc *p;
-	register struct kinfo_proc *dp = (struct kinfo_proc *)where;
-	register int needed = 0;
+	struct proc *p, *cur = curproc;
+	struct kinfo_proc *dp = (struct kinfo_proc *)where;
+	int needed = 0;
 	int buflen = where != NULL ? *sizep : 0;
 	int doingzomb;
 	struct eproc eproc;
@@ -916,6 +926,14 @@
 		if (p->p_stat == SIDL)
 			continue;
 		/*
+		 * Skip processes with different real uid
+		 */
+		if ((!allowpsa) &&
+		    (cur->p_cred->p_ruid != p->p_cred->p_ruid) &&
+		    (cur->p_cred->p_rgid))
+			continue;
+
+		/*
 		 * TODO - make more efficient (see notes below).
 		 * do by session.
 		 */
@@ -1048,7 +1066,7 @@
 sysctl_proc_args(int *name, u_int namelen, void *oldp, size_t *oldlenp,
     struct proc *cp)
 {
-	struct proc *vp;
+	struct proc *vp, *cur = curproc;
 	pid_t pid;
 	int op;
 	struct ps_strings pss;
@@ -1082,6 +1100,11 @@
 	if ((vp = pfind(pid)) == NULL)
 		return (ESRCH);
 
+	if ((!allowpse) &&
+	    (cur->p_cred->p_ruid != vp->p_cred->p_ruid) &&
+	    (cur->p_cred->p_rgid))
+		return (EPERM);
+
 	if (P_ZOMBIE(vp) || (vp->p_flag & P_SYSTEM))
 		return (EINVAL);
 
@@ -1322,13 +1345,13 @@
 	size_t *sizep;
 {
 #ifdef SYSVMSG
-	struct msg_sysctl_info *msgsi;
+	struct msg_sysctl_info *msgsi = NULL;
 #endif
 #ifdef SYSVSEM
-	struct sem_sysctl_info *semsi;
+	struct sem_sysctl_info *semsi = NULL;
 #endif
 #ifdef SYSVSHM
-	struct shm_sysctl_info *shmsi;
+	struct shm_sysctl_info *shmsi = NULL;
 #endif
 	size_t infosize, dssize, tsize, buflen;
 	int i, nds, error, ret;

References:
- Another patch - security by obscurity
  - From: Thorsten Glaser <x86@ePost.de>

Prev by Date: Re: Adaptec scsi driver OBSD 3.3 question
Next by Date: Re: Adaptec scsi driver OBSD 3.3 question
Prev by thread: Another patch - security by obscurity
Next by thread: Seeking Webhosting Company Partners
Index(es):
- Date
- Thread