NetBSD Problem Report #53299

From dmb@yenn.ulegend.net  Sat May 19 11:38:25 2018
Return-Path: <dmb@yenn.ulegend.net>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 8EE6E7A0F8
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 19 May 2018 11:38:25 +0000 (UTC)
Message-Id: <20180519113822.2C0495A99@yenn.ulegend.net>
Date: Sat, 19 May 2018 11:38:22 +0000 (UTC)
From: dmb@yenn.ulegend.net
Reply-To: dmb@yenn.ulegend.net
To: gnats-bugs@NetBSD.org
Subject: kernfs and procfs are broken when sysctl security.curtain is enabled
X-Send-Pr-Version: 3.95

>Number:         53299
>Category:       kern
>Synopsis:       kernfs and procfs are broken when sysctl security.curtain is enabled
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 19 11:40:00 +0000 2018
>Last-Modified:  Tue Oct 05 18:05:01 +0000 2021
>Originator:     Dominik Bialy
>Release:        NetBSD 8.0_RC1
>Organization:
Underlegend Networks
>Environment:


System: NetBSD yenn 8.0_RC1 NetBSD 8.0_RC1 (YENN) #0: Thu May 10 18:49:42 UTC 2018 [**CENSORED**]:/builds/netbsd-8/amd64/obj/sys/arch/amd64/compile/YENN amd64
Architecture: x86_64
Machine: amd64
>Description:
	kernfs and procfs, when security.curtain is enabled, show any file name on it
	multiple times, and in effect, none file on these filesystems can be read.
	(Also it might be worth mentioning that I have multiuser securelevel enabled
	on this system.)
>How-To-Repeat:
	Have any of /kern or /proc mounted, sysctl -w security.curtain=1, and try
	to make use of these filesystems.
>Fix:
	I'm waiting for one.  Thank you in advance.

>Audit-Trail:
From: RVP <rvp@SDF.ORG>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/53299: kernfs and procfs are broken when sysctl security.curtain
 is enabled
Date: Tue, 5 Oct 2021 08:36:56 +0000 (UTC)

 If security.curtain=1, then on amd64/9.99.90 and 9.2_STABLE:

 $ ls -lf /proc
 ls: meminfo: No such file or directory
 ls: cpuinfo: No such file or directory
 ls: uptime: No such file or directory
 ls: mounts: No such file or directory
 ls: devices: No such file or directory
 ls: stat: No such file or directory
 ls: loadavg: No such file or directory
 ls: version: No such file or directory
 ls: meminfo: No such file or directory
 ls: cpuinfo: No such file or directory
 ls: uptime: No such file or directory
 ls: mounts: No such file or directory
 ls: devices: No such file or directory
 ls: stat: No such file or directory
 ls: loadavg: No such file or directory
 ls: version: No such file or directory
 ls: meminfo: No such file or directory
 ls: cpuinfo: No such file or directory
 ls: uptime: No such file or directory
 ls: mounts: No such file or directory
 ls: devices: No such file or directory
 ls: stat: No such file or directory
 ls: loadavg: No such file or directory
 ls: version: No such file or directory
 ls: stat: No such file or directory
 ls: loadavg: No such file or directory
 ls: version: No such file or directory
 total 15
 dr-xr-xr-x   1 root  wheel  512 Oct  5 08:17 ./
 drwxr-xr-x  23 root  wheel  512 Oct  5 08:11 ../
 lr-xr-xr-x   1 root  wheel    4 Oct  5 08:17 curproc -> 2227
 lr-xr-xr-x   1 root  wheel    4 Oct  5 08:17 self -> curproc
 dr-xr-xr-x   2 rvp   rvp    512 Oct  5 08:17 2227/
 dr-xr-xr-x   2 rvp   rvp    512 Oct  5 08:17 414/
 [...]
 dr-xr-xr-x   2 rvp   rvp    512 Oct  5 08:17 1960/
 $

 After applying the patch below:

 $ ls -lf /proc
 total 15
 dr-xr-xr-x   1 root  wheel  512 Oct  5 08:10 ./
 drwxr-xr-x  23 root  wheel  512 Oct  5 07:57 ../
 lr-xr-xr-x   1 root  wheel    3 Oct  5 08:10 curproc -> 327
 lr-xr-xr-x   1 root  wheel    3 Oct  5 08:10 self -> curproc
 dr-xr-xr-x   2 rvp   rvp    512 Oct  5 08:10 327/
 [...]
 dr-xr-xr-x   2 rvp   rvp    512 Oct  5 08:10 1968/
 $

 ---START PATCH for 9.99.90---
 --- sys/miscfs/procfs/procfs_vnops.c.orig	2021-07-20 03:44:44.086700410 +0000
 +++ sys/miscfs/procfs/procfs_vnops.c	2021-10-05 08:00:50.060416512 +0000
 @@ -1221,16 +1221,16 @@
   	if (uiop->uio_resid < UIO_MX)
   		return -1; /* no space */

 -	if (ctxp->off < ctxp->startoff) {
 -		ctxp->off++;
 -		return 0;
 -	}
 -
   	if (kauth_authorize_process(kauth_cred_get(),
   	    KAUTH_PROCESS_CANSEE, p,
   	    KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL) != 0)
   		return 0;

 +	if (ctxp->off < ctxp->startoff) {
 +		ctxp->off++;
 +		return 0;
 +	}
 +
   	memset(&d, 0, UIO_MX);
   	d.d_reclen = UIO_MX;
   	d.d_fileno = PROCFS_FILENO(p->p_pid, PFSproc, -1);
 @@ -1483,6 +1483,7 @@
   	 */

   	case PFSroot: {
 +		struct proc *p;
   		int nc = 0;

   		if (ap->a_ncookies) {
 @@ -1548,6 +1549,9 @@
   			i = ctx.off;
   		if (i >= ctx.off + nproc_root_targets)
   			break;
 +		if ((error = procfs_proc_lock(vp->v_mount, pfs->pfs_pid, &p,
 +					      ESRCH)) != 0)
 +			break;
   		for (pt = &proc_root_targets[i - ctx.off];
   		    uio->uio_resid >= UIO_MX &&
   		    pt < &proc_root_targets[nproc_root_targets];
 @@ -1555,6 +1559,11 @@
   			if (pt->pt_valid &&
   			    (*pt->pt_valid)(NULL, vp->v_mount) == 0)
   				continue;
 +			if (kauth_authorize_process(kauth_cred_get(),
 +			    KAUTH_PROCESS_CANSEE, p,
 +			    KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY),
 +			    NULL, NULL) != 0)
 +				continue;
   			d.d_fileno = PROCFS_FILENO(0, pt->pt_pfstype, -1);
   			d.d_namlen = pt->pt_namlen;
   			memcpy(d.d_name, pt->pt_name, pt->pt_namlen + 1);
 @@ -1568,6 +1577,7 @@
   		}

   		ncookies = nc;
 +		procfs_proc_unlock(p);
   		break;
   	}

 ---END PATCH for 9.99.90---

 -RVP

From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/53299 CVS commit: src/sys/miscfs/procfs
Date: Tue, 5 Oct 2021 14:00:29 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Tue Oct  5 18:00:29 UTC 2021

 Modified Files:
 	src/sys/miscfs/procfs: procfs_vnops.c

 Log Message:
 PR/53299: RVP: kernfs and procfs are broken when sysctl security.curtain
 is enabled


 To generate a diff of this commit:
 cvs rdiff -u -r1.218 -r1.219 src/sys/miscfs/procfs/procfs_vnops.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.