NetBSD Problem Report #53299
From dmb@yenn.ulegend.net Sat May 19 11:38:25 2018
Return-Path: <dmb@yenn.ulegend.net>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 8EE6E7A0F8
for <gnats-bugs@gnats.NetBSD.org>; Sat, 19 May 2018 11:38:25 +0000 (UTC)
Message-Id: <20180519113822.2C0495A99@yenn.ulegend.net>
Date: Sat, 19 May 2018 11:38:22 +0000 (UTC)
From: dmb@yenn.ulegend.net
Reply-To: dmb@yenn.ulegend.net
To: gnats-bugs@NetBSD.org
Subject: kernfs and procfs are broken when sysctl security.curtain is enabled
X-Send-Pr-Version: 3.95
>Number: 53299
>Category: kern
>Synopsis: kernfs and procfs are broken when sysctl security.curtain is enabled
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat May 19 11:40:00 +0000 2018
>Last-Modified: Tue Oct 05 18:05:01 +0000 2021
>Originator: Dominik Bialy
>Release: NetBSD 8.0_RC1
>Organization:
Underlegend Networks
>Environment:
System: NetBSD yenn 8.0_RC1 NetBSD 8.0_RC1 (YENN) #0: Thu May 10 18:49:42 UTC 2018 [**CENSORED**]:/builds/netbsd-8/amd64/obj/sys/arch/amd64/compile/YENN amd64
Architecture: x86_64
Machine: amd64
>Description:
kernfs and procfs, when security.curtain is enabled, show any file name on it
multiple times, and in effect, none file on these filesystems can be read.
(Also it might be worth mentioning that I have multiuser securelevel enabled
on this system.)
>How-To-Repeat:
Have any of /kern or /proc mounted, sysctl -w security.curtain=1, and try
to make use of these filesystems.
>Fix:
I'm waiting for one. Thank you in advance.
>Audit-Trail:
From: RVP <rvp@SDF.ORG>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/53299: kernfs and procfs are broken when sysctl security.curtain
is enabled
Date: Tue, 5 Oct 2021 08:36:56 +0000 (UTC)
If security.curtain=1, then on amd64/9.99.90 and 9.2_STABLE:
$ ls -lf /proc
ls: meminfo: No such file or directory
ls: cpuinfo: No such file or directory
ls: uptime: No such file or directory
ls: mounts: No such file or directory
ls: devices: No such file or directory
ls: stat: No such file or directory
ls: loadavg: No such file or directory
ls: version: No such file or directory
ls: meminfo: No such file or directory
ls: cpuinfo: No such file or directory
ls: uptime: No such file or directory
ls: mounts: No such file or directory
ls: devices: No such file or directory
ls: stat: No such file or directory
ls: loadavg: No such file or directory
ls: version: No such file or directory
ls: meminfo: No such file or directory
ls: cpuinfo: No such file or directory
ls: uptime: No such file or directory
ls: mounts: No such file or directory
ls: devices: No such file or directory
ls: stat: No such file or directory
ls: loadavg: No such file or directory
ls: version: No such file or directory
ls: stat: No such file or directory
ls: loadavg: No such file or directory
ls: version: No such file or directory
total 15
dr-xr-xr-x 1 root wheel 512 Oct 5 08:17 ./
drwxr-xr-x 23 root wheel 512 Oct 5 08:11 ../
lr-xr-xr-x 1 root wheel 4 Oct 5 08:17 curproc -> 2227
lr-xr-xr-x 1 root wheel 4 Oct 5 08:17 self -> curproc
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:17 2227/
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:17 414/
[...]
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:17 1960/
$
After applying the patch below:
$ ls -lf /proc
total 15
dr-xr-xr-x 1 root wheel 512 Oct 5 08:10 ./
drwxr-xr-x 23 root wheel 512 Oct 5 07:57 ../
lr-xr-xr-x 1 root wheel 3 Oct 5 08:10 curproc -> 327
lr-xr-xr-x 1 root wheel 3 Oct 5 08:10 self -> curproc
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:10 327/
[...]
dr-xr-xr-x 2 rvp rvp 512 Oct 5 08:10 1968/
$
---START PATCH for 9.99.90---
--- sys/miscfs/procfs/procfs_vnops.c.orig 2021-07-20 03:44:44.086700410 +0000
+++ sys/miscfs/procfs/procfs_vnops.c 2021-10-05 08:00:50.060416512 +0000
@@ -1221,16 +1221,16 @@
if (uiop->uio_resid < UIO_MX)
return -1; /* no space */
- if (ctxp->off < ctxp->startoff) {
- ctxp->off++;
- return 0;
- }
-
if (kauth_authorize_process(kauth_cred_get(),
KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL) != 0)
return 0;
+ if (ctxp->off < ctxp->startoff) {
+ ctxp->off++;
+ return 0;
+ }
+
memset(&d, 0, UIO_MX);
d.d_reclen = UIO_MX;
d.d_fileno = PROCFS_FILENO(p->p_pid, PFSproc, -1);
@@ -1483,6 +1483,7 @@
*/
case PFSroot: {
+ struct proc *p;
int nc = 0;
if (ap->a_ncookies) {
@@ -1548,6 +1549,9 @@
i = ctx.off;
if (i >= ctx.off + nproc_root_targets)
break;
+ if ((error = procfs_proc_lock(vp->v_mount, pfs->pfs_pid, &p,
+ ESRCH)) != 0)
+ break;
for (pt = &proc_root_targets[i - ctx.off];
uio->uio_resid >= UIO_MX &&
pt < &proc_root_targets[nproc_root_targets];
@@ -1555,6 +1559,11 @@
if (pt->pt_valid &&
(*pt->pt_valid)(NULL, vp->v_mount) == 0)
continue;
+ if (kauth_authorize_process(kauth_cred_get(),
+ KAUTH_PROCESS_CANSEE, p,
+ KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY),
+ NULL, NULL) != 0)
+ continue;
d.d_fileno = PROCFS_FILENO(0, pt->pt_pfstype, -1);
d.d_namlen = pt->pt_namlen;
memcpy(d.d_name, pt->pt_name, pt->pt_namlen + 1);
@@ -1568,6 +1577,7 @@
}
ncookies = nc;
+ procfs_proc_unlock(p);
break;
}
---END PATCH for 9.99.90---
-RVP
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/53299 CVS commit: src/sys/miscfs/procfs
Date: Tue, 5 Oct 2021 14:00:29 -0400
Module Name: src
Committed By: christos
Date: Tue Oct 5 18:00:29 UTC 2021
Modified Files:
src/sys/miscfs/procfs: procfs_vnops.c
Log Message:
PR/53299: RVP: kernfs and procfs are broken when sysctl security.curtain
is enabled
To generate a diff of this commit:
cvs rdiff -u -r1.218 -r1.219 src/sys/miscfs/procfs/procfs_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.