mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
cr_canseejailproc(): New privilege, no direct check for UID 0
Use priv_check_cred() with a new privilege (PRIV_SEEJAILPROC) instead of explicitly testing for UID 0 (the former has been the rule for almost 20 years). As a consequence, cr_canseejailproc() now abides by the 'security.bsd.suser_enabled' sysctl and MAC policies. Update the MAC policies Biba and LOMAC, and prison_priv_check() so that they don't deny this privilege. This preserves the existing behavior (the 'root' user is not restricted, even when jailed, unless 'security.bsd.suser_enabled' is not 0) and is consistent with what is done for the related policies/privileges (PRIV_SEEOTHERGIDS, PRIV_SEEOTHERUIDS). Reviewed by: emaste (earlier version), mhorne MFC after: 2 weeks Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40626
This commit is contained in:
parent
62d3f57c22
commit
7974ca1cdb
|
@ -3939,6 +3939,7 @@ prison_priv_check(struct ucred *cred, int priv)
|
||||||
*/
|
*/
|
||||||
case PRIV_SEEOTHERGIDS:
|
case PRIV_SEEOTHERGIDS:
|
||||||
case PRIV_SEEOTHERUIDS:
|
case PRIV_SEEOTHERUIDS:
|
||||||
|
case PRIV_SEEJAILPROC:
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Jail implements inter-process debugging limits already, so
|
* Jail implements inter-process debugging limits already, so
|
||||||
|
|
|
@ -1426,9 +1426,12 @@ SYSCTL_INT(_security_bsd, OID_AUTO, see_jail_proc, CTLFLAG_RW,
|
||||||
int
|
int
|
||||||
cr_canseejailproc(struct ucred *u1, struct ucred *u2)
|
cr_canseejailproc(struct ucred *u1, struct ucred *u2)
|
||||||
{
|
{
|
||||||
if (u1->cr_uid == 0)
|
if (see_jail_proc || /* Policy deactivated. */
|
||||||
|
u1->cr_prison == u2->cr_prison || /* Same jail. */
|
||||||
|
priv_check_cred(u1, PRIV_SEEJAILPROC) == 0) /* Privileged. */
|
||||||
return (0);
|
return (0);
|
||||||
return (!see_jail_proc && u1->cr_prison != u2->cr_prison ? ESRCH : 0);
|
|
||||||
|
return (ESRCH);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
|
|
|
@ -1924,6 +1924,7 @@ biba_priv_check(struct ucred *cred, int priv)
|
||||||
*/
|
*/
|
||||||
case PRIV_SEEOTHERGIDS:
|
case PRIV_SEEOTHERGIDS:
|
||||||
case PRIV_SEEOTHERUIDS:
|
case PRIV_SEEOTHERUIDS:
|
||||||
|
case PRIV_SEEJAILPROC:
|
||||||
break;
|
break;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -1702,6 +1702,7 @@ lomac_priv_check(struct ucred *cred, int priv)
|
||||||
*/
|
*/
|
||||||
case PRIV_SEEOTHERGIDS:
|
case PRIV_SEEOTHERGIDS:
|
||||||
case PRIV_SEEOTHERUIDS:
|
case PRIV_SEEOTHERUIDS:
|
||||||
|
case PRIV_SEEJAILPROC:
|
||||||
break;
|
break;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -105,6 +105,7 @@
|
||||||
#define PRIV_CRED_SETRESGID 58 /* setresgid. */
|
#define PRIV_CRED_SETRESGID 58 /* setresgid. */
|
||||||
#define PRIV_SEEOTHERGIDS 59 /* Exempt bsd.seeothergids. */
|
#define PRIV_SEEOTHERGIDS 59 /* Exempt bsd.seeothergids. */
|
||||||
#define PRIV_SEEOTHERUIDS 60 /* Exempt bsd.seeotheruids. */
|
#define PRIV_SEEOTHERUIDS 60 /* Exempt bsd.seeotheruids. */
|
||||||
|
#define PRIV_SEEJAILPROC 61 /* Exempt from bsd.see_jail_proc. */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Debugging privileges.
|
* Debugging privileges.
|
||||||
|
|
Loading…
Reference in a new issue