o Introduce new kern.security sysctl tree for kernel security policy
MIB entries. o Relocate kern.suser_permitted to kern.security.suser_permitted. o Introduce new kern.security.unprivileged_procdebug_permitted, which (when set to 0) prevents processes without privilege from performing a variety of inter-process debugging activities. The default is 1, to provide current behavior. This feature allows "hardened" systems to disable access to debugging facilities, which have been associated with a number of past security vulnerabilities. Previously, while procfs could be unmounted, other in-kernel facilities (such as ptrace()) were still available. This setting should not be modified on normal development systems, as it will result in frustration. Some utilities respond poorly to failing to get the debugging access they require, and error response by these utilities may be improved in the future in the name of beautification. Note that there are currently some odd interactions with some facilities, which will need to be resolved before this should be used in production, including odd interactions with truss and ktrace. Note also that currently, tracing is permitted on the current process regardless of this flag, for compatibility with previous authorization code in various facilities, but that will probably change (and resolve the odd interactions). Obtained from: TrustedBSD Project
This commit is contained in:
Robert Watson
parent
1b64899001
commit
0ef5652e27
@ -62,6 +62,9 @@
|
||||
|
||||
static MALLOC_DEFINE(M_CRED, "cred", "credentials");
|
||||
|
||||
SYSCTL_NODE(_kern, OID_AUTO, security, CTLFLAG_RW, 0,
|
||||
"Kernel security policy");
|
||||
|
||||
#ifndef _SYS_SYSPROTO_H_
|
||||
struct getpid_args {
|
||||
int dummy;
|
||||
@ -1027,8 +1030,8 @@ groupmember(gid, cred)
|
||||
|
||||
static int suser_permitted = 1;
|
||||
|
||||
SYSCTL_INT(_kern, OID_AUTO, suser_permitted, CTLFLAG_RW, &suser_permitted, 0,
|
||||
"processes with uid 0 have privilege");
|
||||
SYSCTL_INT(_kern_security, OID_AUTO, suser_permitted, CTLFLAG_RW,
|
||||
&suser_permitted, 0, "processes with uid 0 have privilege");
|
||||
|
||||
/*
|
||||
* Test whether the specified credentials imply "super-user"
|
||||
@ -1191,6 +1194,11 @@ p_cansched(struct proc *p1, struct proc *p2)
|
||||
return (EPERM);
|
||||
}
|
||||
|
||||
static int kern_unprivileged_procdebug_permitted = 1;
|
||||
SYSCTL_INT(_kern_security, OID_AUTO, unprivileged_procdebug_permitted,
|
||||
CTLFLAG_RW, &kern_unprivileged_procdebug_permitted, 0,
|
||||
"Unprivileged processes may use process debugging facilities");
|
||||
|
||||
int
|
||||
p_candebug(struct proc *p1, struct proc *p2)
|
||||
{
|
||||
@ -1207,7 +1215,7 @@ p_candebug(struct proc *p1, struct proc *p2)
|
||||
if (p1->p_ucred->cr_uid != p2->p_ucred->cr_uid ||
|
||||
p1->p_ucred->cr_uid != p2->p_ucred->cr_svuid ||
|
||||
p1->p_ucred->cr_uid != p2->p_ucred->cr_ruid ||
|
||||
p2->p_flag & P_SUGID)
|
||||
p2->p_flag & P_SUGID || !kern_unprivileged_procdebug_permitted)
|
||||
if ((error = suser_xxx(0, p1, PRISON_ROOT)))
|
||||
return (error);
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user