NetBSD Problem Report #56351

From www@netbsd.org  Sun Aug  8 12:19:25 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 287E91A921F
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  8 Aug 2021 12:19:25 +0000 (UTC)
Message-Id: <20210808121923.7C8241A923B@mollari.NetBSD.org>
Date: Sun,  8 Aug 2021 12:19:23 +0000 (UTC)
From: david@netascale.com
Reply-To: david@netascale.com
To: gnats-bugs@NetBSD.org
Subject: if non-root, kevent proc filter can't be attached to processes of other users nor suid processes
X-Send-Pr-Version: www-1.0

>Number:         56351
>Category:       kern
>Synopsis:       if non-root, kevent proc filter can't be attached to processes of other users nor suid processes
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 08 12:20:00 +0000 2021
>Originator:     David MacKay
>Release:        9.2
>Organization:
InitWare
>Environment:
NetBSD netbsd 9.2 NetBSD 9.2 (GENERIC) #0: Wed May 12 13:15:55 UTC 2021  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
When not root, the kevent proc filter can't be attached to any process which does not belong to the current user, nor to any process of an SUID binary. This even extends to forked-off processes of processes to which the proc filter has been attached with NOTE_TRACK; if the child tries to exec an SUID binary, NOTE_TRACKERR is returned.

This check (see kern_event.c from line 246) was inherited when NetBSD imported kevent from FreeBSD. 

This behaviour is incorrect. It contradicts the kqueue(2) manual page: "If a process can normally see another process, it can attach an event to it." FreeBSD, DragonFly BSD, and OpenBSD have all deleted this check; in NetBSD, it ought to respect the 'curtain' mode sysctl.
>How-To-Repeat:
Try to attach the proc filter to a process not of your user; or fork off from a process attached to the proc filter with NOTE_TRACK and exec an SUID binary.
>Fix:
Unless 'curtain' mode is active, the check ought not to occur. And even with 'curtain', possibly not (?) in the case of a process which is to be automatically tracked because it is the child of a process to which the proc filter was attached with NOTE_TRACK.

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.