procctl: actually require debug privileges over target

for state control over TRACE, TRAPCAP, ASLR, PROTMAX, STACKGAP, NO_NEWPRIVS, and WXMAP. Reported by: emaste Reviewed by: emaste, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D32513
2021-10-15 23:09:39 +03:00 · 2021-10-15 23:09:39 +03:00 · f5bb6e5a6d
commit f5bb6e5a6d
parent 1c4dbee5dd
2 changed files with 15 additions and 7 deletions
--- a/lib/libc/sys/procctl.2
+++ b/lib/libc/sys/procctl.2
@ -72,6 +72,14 @@ Control processes belonging to the process group with the ID
 The control request to perform is specified by the
 .Fa cmd
 argument.
+.Pp
+All status changing requests
+.Dv *_CTL
+require the caller to have the right to debug the target.
+All status query requests
+.DV *_STATUS
+require the caller to have the right to observe the target.
+.Pp
 The following commands are supported:
 .Bl -tag -width PROC_TRAPCAP_STATUS
 .It Dv PROC_ASLR_CTL
--- a/sys/kern/kern_procctl.c
+++ b/sys/kern/kern_procctl.c
@ -759,7 +759,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
 	[PROC_TRACE_CTL] =
 	    { .lock_tree = SA_SLOCKED, .one_proc = false,
 	      .esrch_is_einval = false, .no_nonnull_data = false,
-	      .need_candebug = false,
+	      .need_candebug = true,
 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
 	      .exec = trace_ctl, .copyout_on_error = false, },
 	[PROC_TRACE_STATUS] =
@ -771,7 +771,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
 	[PROC_TRAPCAP_CTL] =
 	    { .lock_tree = SA_SLOCKED, .one_proc = false,
 	      .esrch_is_einval = false, .no_nonnull_data = false,
-	      .need_candebug = false,
+	      .need_candebug = true,
 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
 	      .exec = trapcap_ctl, .copyout_on_error = false, },
 	[PROC_TRAPCAP_STATUS] =
@ -795,7 +795,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
 	[PROC_ASLR_CTL] =
 	    { .lock_tree = SA_UNLOCKED, .one_proc = true,
 	      .esrch_is_einval = false, .no_nonnull_data = false,
-	      .need_candebug = false,
+	      .need_candebug = true,
 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
 	      .exec = aslr_ctl, .copyout_on_error = false, },
 	[PROC_ASLR_STATUS] =
@ -807,7 +807,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
 	[PROC_PROTMAX_CTL] =
 	    { .lock_tree = SA_UNLOCKED, .one_proc = true,
 	      .esrch_is_einval = false, .no_nonnull_data = false,
-	      .need_candebug = false,
+	      .need_candebug = true,
 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
 	      .exec = protmax_ctl, .copyout_on_error = false, },
 	[PROC_PROTMAX_STATUS] =
@ -819,7 +819,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
 	[PROC_STACKGAP_CTL] =
 	    { .lock_tree = SA_UNLOCKED, .one_proc = true,
 	      .esrch_is_einval = false, .no_nonnull_data = false,
-	      .need_candebug = false,
+	      .need_candebug = true,
 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
 	      .exec = stackgap_ctl, .copyout_on_error = false, },
 	[PROC_STACKGAP_STATUS] =
@ -831,7 +831,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
 	[PROC_NO_NEW_PRIVS_CTL] =
 	    { .lock_tree = SA_SLOCKED, .one_proc = true,
 	      .esrch_is_einval = false, .no_nonnull_data = false,
-	      .need_candebug = false,
+	      .need_candebug = true,
 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
 	      .exec = no_new_privs_ctl, .copyout_on_error = false, },
 	[PROC_NO_NEW_PRIVS_STATUS] =
@ -843,7 +843,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
 	[PROC_WXMAP_CTL] =
 	    { .lock_tree = SA_UNLOCKED, .one_proc = true,
 	      .esrch_is_einval = false, .no_nonnull_data = false,
-	      .need_candebug = false,
+	      .need_candebug = true,
 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
 	      .exec = wxmap_ctl, .copyout_on_error = false, },
 	[PROC_WXMAP_STATUS] =