d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add security.bsd.see_jail_proc

Browse Source 
Add security.bsd.see_jail_proc sysctl to hide jail processes from non-root
users

Reviewed by:	jamie
Approved by:	allanjude
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D10770
This commit is contained in:
Steve Wills 2017-05-23 16:59:24 +00:00
parent 3a17f73727
commit a4aaba3b0a
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
sys/kern/kern_prot.c
View File

@ -1386,6 +1386,35 @@ cr_canseeothergids(struct ucred *u1, struct ucred *u2)
return (0); return (0);
} }
/*
* 'see_jail_proc' determines whether or not visibility of processes and
* sockets with credentials holding different jail ids is possible using a
* variety of system MIBs.
*
* XXX: data declarations should be together near the beginning of the file.
*/
static int see_jail_proc = 1;
SYSCTL_INT(_security_bsd, OID_AUTO, see_jail_proc, CTLFLAG_RW,
&see_jail_proc, 0,
"Unprivileged processes may see subjects/objects with different jail ids");
/*-
* Determine if u1 "can see" the subject specified by u2, according to the
* 'see_jail_proc' policy.
* Returns: 0 for permitted, ESRCH otherwise
* Locks: none
* References: *u1 and *u2 must not change during the call
* u1 may equal u2, in which case only one reference is required
*/
int
cr_canseejailproc(struct ucred *u1, struct ucred *u2)
{
if (u1->cr_uid == 0)
return (0);
return (!see_jail_proc && u1->cr_prison != u2->cr_prison ? ESRCH : 0);
}
/*- /*-
* Determine if u1 "can see" the subject specified by u2. * Determine if u1 "can see" the subject specified by u2.
* Returns: 0 for permitted, an errno value otherwise * Returns: 0 for permitted, an errno value otherwise
@ -1408,6 +1437,8 @@ cr_cansee(struct ucred *u1, struct ucred *u2)
return (error); return (error);
if ((error = cr_canseeothergids(u1, u2))) if ((error = cr_canseeothergids(u1, u2)))
return (error); return (error);
if ((error = cr_canseejailproc(u1, u2)))
return (error);
return (0); return (0);
} }

1
sys/sys/proc.h
View File

@ -988,6 +988,7 @@ int cr_cansee(struct ucred *u1, struct ucred *u2);
int cr_canseesocket(struct ucred *cred, struct socket *so); int cr_canseesocket(struct ucred *cred, struct socket *so);
int cr_canseeothergids(struct ucred *u1, struct ucred *u2); int cr_canseeothergids(struct ucred *u1, struct ucred *u2);
int cr_canseeotheruids(struct ucred *u1, struct ucred *u2); int cr_canseeotheruids(struct ucred *u1, struct ucred *u2);
int cr_canseejailproc(struct ucred *u1, struct ucred *u2);
int cr_cansignal(struct ucred *cred, struct proc *proc, int signum); int cr_cansignal(struct ucred *cred, struct proc *proc, int signum);
int enterpgrp(struct proc *p, pid_t pgid, struct pgrp *pgrp, int enterpgrp(struct proc *p, pid_t pgid, struct pgrp *pgrp,
struct session *sess); struct session *sess);