1 /* $NetBSD: kern_prot.c,v 1.118 2014/10/20 08:20:08 maxv Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_prot.c 8.9 (Berkeley) 2/14/95 37 */ 38 39 /* 40 * System calls related to processes and protection 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: kern_prot.c,v 1.118 2014/10/20 08:20:08 maxv Exp $"); 45 46 #include "opt_compat_43.h" 47 48 #include <sys/param.h> 49 #include <sys/acct.h> 50 #include <sys/systm.h> 51 #include <sys/ucred.h> 52 #include <sys/proc.h> 53 #include <sys/timeb.h> 54 #include <sys/times.h> 55 #include <sys/pool.h> 56 #include <sys/prot.h> 57 #include <sys/syslog.h> 58 #include <sys/uidinfo.h> 59 #include <sys/kauth.h> 60 61 #include <sys/mount.h> 62 #include <sys/syscallargs.h> 63 64 int sys_getpid(struct lwp *, const void *, register_t *); 65 int sys_getpid_with_ppid(struct lwp *, const void *, register_t *); 66 int sys_getuid(struct lwp *, const void *, register_t *); 67 int sys_getuid_with_euid(struct lwp *, const void *, register_t *); 68 int sys_getgid(struct lwp *, const void *, register_t *); 69 int sys_getgid_with_egid(struct lwp *, const void *, register_t *); 70 71 /* ARGSUSED */ 72 int 73 sys_getpid(struct lwp *l, const void *v, register_t *retval) 74 { 75 struct proc *p = l->l_proc; 76 77 *retval = p->p_pid; 78 return (0); 79 } 80 81 /* ARGSUSED */ 82 int 83 sys_getpid_with_ppid(struct lwp *l, const void *v, register_t *retval) 84 { 85 struct proc *p = l->l_proc; 86 87 retval[0] = p->p_pid; 88 retval[1] = p->p_ppid; 89 return (0); 90 } 91 92 /* ARGSUSED */ 93 int 94 sys_getppid(struct lwp *l, const void *v, register_t *retval) 95 { 96 struct proc *p = l->l_proc; 97 98 *retval = p->p_ppid; 99 return (0); 100 } 101 102 /* Get process group ID; note that POSIX getpgrp takes no parameter */ 103 int 104 sys_getpgrp(struct lwp *l, const void *v, register_t *retval) 105 { 106 struct proc *p = l->l_proc; 107 108 mutex_enter(proc_lock); 109 *retval = p->p_pgrp->pg_id; 110 mutex_exit(proc_lock); 111 return (0); 112 } 113 114 /* 115 * Return the process group ID of the session leader (session ID) 116 * for the specified process. 117 */ 118 int 119 sys_getsid(struct lwp *l, const struct sys_getsid_args *uap, register_t *retval) 120 { 121 /* { 122 syscalldarg(pid_t) pid; 123 } */ 124 pid_t pid = SCARG(uap, pid); 125 struct proc *p; 126 int error = 0; 127 128 mutex_enter(proc_lock); 129 if (pid == 0) 130 *retval = l->l_proc->p_session->s_sid; 131 else if ((p = proc_find(pid)) != NULL) 132 *retval = p->p_session->s_sid; 133 else 134 error = ESRCH; 135 mutex_exit(proc_lock); 136 137 return error; 138 } 139 140 int 141 sys_getpgid(struct lwp *l, const struct sys_getpgid_args *uap, register_t *retval) 142 { 143 /* { 144 syscallarg(pid_t) pid; 145 } */ 146 pid_t pid = SCARG(uap, pid); 147 struct proc *p; 148 int error = 0; 149 150 mutex_enter(proc_lock); 151 if (pid == 0) 152 *retval = l->l_proc->p_pgid; 153 else if ((p = proc_find(pid)) != NULL) 154 *retval = p->p_pgid; 155 else 156 error = ESRCH; 157 mutex_exit(proc_lock); 158 159 return error; 160 } 161 162 /* ARGSUSED */ 163 int 164 sys_getuid(struct lwp *l, const void *v, register_t *retval) 165 { 166 167 *retval = kauth_cred_getuid(l->l_cred); 168 return (0); 169 } 170 171 /* ARGSUSED */ 172 int 173 sys_getuid_with_euid(struct lwp *l, const void *v, register_t *retval) 174 { 175 176 retval[0] = kauth_cred_getuid(l->l_cred); 177 retval[1] = kauth_cred_geteuid(l->l_cred); 178 return (0); 179 } 180 181 /* ARGSUSED */ 182 int 183 sys_geteuid(struct lwp *l, const void *v, register_t *retval) 184 { 185 186 *retval = kauth_cred_geteuid(l->l_cred); 187 return (0); 188 } 189 190 /* ARGSUSED */ 191 int 192 sys_getgid(struct lwp *l, const void *v, register_t *retval) 193 { 194 195 *retval = kauth_cred_getgid(l->l_cred); 196 return (0); 197 } 198 199 /* ARGSUSED */ 200 int 201 sys_getgid_with_egid(struct lwp *l, const void *v, register_t *retval) 202 { 203 204 retval[0] = kauth_cred_getgid(l->l_cred); 205 retval[1] = kauth_cred_getegid(l->l_cred); 206 return (0); 207 } 208 209 /* 210 * Get effective group ID. The "egid" is groups[0], and could be obtained 211 * via getgroups. This syscall exists because it is somewhat painful to do 212 * correctly in a library function. 213 */ 214 /* ARGSUSED */ 215 int 216 sys_getegid(struct lwp *l, const void *v, register_t *retval) 217 { 218 219 *retval = kauth_cred_getegid(l->l_cred); 220 return (0); 221 } 222 223 int 224 sys_getgroups(struct lwp *l, const struct sys_getgroups_args *uap, register_t *retval) 225 { 226 /* { 227 syscallarg(int) gidsetsize; 228 syscallarg(gid_t *) gidset; 229 } */ 230 231 *retval = kauth_cred_ngroups(l->l_cred); 232 if (SCARG(uap, gidsetsize) == 0) 233 return 0; 234 if (SCARG(uap, gidsetsize) < (int)*retval) 235 return EINVAL; 236 237 return kauth_cred_getgroups(l->l_cred, SCARG(uap, gidset), *retval, 238 UIO_USERSPACE); 239 } 240 241 int 242 sys_setsid(struct lwp *l, const void *v, register_t *retval) 243 { 244 struct proc *p = l->l_proc; 245 int error; 246 247 error = proc_enterpgrp(p, p->p_pid, p->p_pid, true); 248 *retval = p->p_pid; 249 return (error); 250 } 251 252 253 /* 254 * set process group (setpgid/old setpgrp) 255 * 256 * caller does setpgid(targpid, targpgid) 257 * 258 * pgid must be in valid range (EINVAL) 259 * pid must be caller or child of caller (ESRCH) 260 * if a child 261 * pid must be in same session (EPERM) 262 * pid can't have done an exec (EACCES) 263 * if pgid != pid 264 * there must exist some pid in same session having pgid (EPERM) 265 * pid must not be session leader (EPERM) 266 * 267 * Permission checks now in proc_enterpgrp() 268 */ 269 int 270 sys_setpgid(struct lwp *l, const struct sys_setpgid_args *uap, 271 register_t *retval) 272 { 273 /* { 274 syscallarg(int) pid; 275 syscallarg(int) pgid; 276 } */ 277 struct proc *p = l->l_proc; 278 pid_t targp, pgid; 279 280 if (SCARG(uap, pgid) < 0) 281 return EINVAL; 282 if ((targp = SCARG(uap, pid)) == 0) 283 targp = p->p_pid; 284 if ((pgid = SCARG(uap, pgid)) == 0) 285 pgid = targp; 286 287 return proc_enterpgrp(p, targp, pgid, false); 288 } 289 290 /* 291 * Set real, effective and saved uids to the requested values. 292 * non-root callers can only ever change uids to values that match 293 * one of the processes current uid values. 294 * This is further restricted by the flags argument. 295 */ 296 297 int 298 do_setresuid(struct lwp *l, uid_t r, uid_t e, uid_t sv, u_int flags) 299 { 300 struct proc *p = l->l_proc; 301 kauth_cred_t cred, ncred; 302 303 ncred = kauth_cred_alloc(); 304 305 /* Get a write lock on the process credential. */ 306 proc_crmod_enter(); 307 cred = p->p_cred; 308 309 /* 310 * Check that the new value is one of the allowed existing values, 311 * or that we have root privilege. 312 */ 313 if ((r != -1 314 && !((flags & ID_R_EQ_R) && r == kauth_cred_getuid(cred)) 315 && !((flags & ID_R_EQ_E) && r == kauth_cred_geteuid(cred)) 316 && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvuid(cred))) || 317 (e != -1 318 && !((flags & ID_E_EQ_R) && e == kauth_cred_getuid(cred)) 319 && !((flags & ID_E_EQ_E) && e == kauth_cred_geteuid(cred)) 320 && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvuid(cred))) || 321 (sv != -1 322 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getuid(cred)) 323 && !((flags & ID_S_EQ_E) && sv == kauth_cred_geteuid(cred)) 324 && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvuid(cred)))) { 325 int error; 326 327 error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID, 328 p, NULL, NULL, NULL); 329 if (error != 0) { 330 proc_crmod_leave(cred, ncred, false); 331 return error; 332 } 333 } 334 335 /* If nothing has changed, short circuit the request */ 336 if ((r == -1 || r == kauth_cred_getuid(cred)) 337 && (e == -1 || e == kauth_cred_geteuid(cred)) 338 && (sv == -1 || sv == kauth_cred_getsvuid(cred))) { 339 proc_crmod_leave(cred, ncred, false); 340 return 0; 341 } 342 343 kauth_cred_clone(cred, ncred); 344 345 if (r != -1 && r != kauth_cred_getuid(ncred)) { 346 u_long nlwps; 347 348 /* Update count of processes for this user. */ 349 (void)chgproccnt(kauth_cred_getuid(ncred), -1); 350 (void)chgproccnt(r, 1); 351 352 /* The first LWP of a process is excluded. */ 353 KASSERT(mutex_owned(p->p_lock)); 354 nlwps = p->p_nlwps - 1; 355 (void)chglwpcnt(kauth_cred_getuid(ncred), -nlwps); 356 (void)chglwpcnt(r, nlwps); 357 358 kauth_cred_setuid(ncred, r); 359 } 360 if (sv != -1) 361 kauth_cred_setsvuid(ncred, sv); 362 if (e != -1) 363 kauth_cred_seteuid(ncred, e); 364 365 /* Broadcast our credentials to the process and other LWPs. */ 366 proc_crmod_leave(ncred, cred, true); 367 368 return 0; 369 } 370 371 /* 372 * Set real, effective and saved gids to the requested values. 373 * non-root callers can only ever change gids to values that match 374 * one of the processes current gid values. 375 * This is further restricted by the flags argument. 376 */ 377 378 int 379 do_setresgid(struct lwp *l, gid_t r, gid_t e, gid_t sv, u_int flags) 380 { 381 struct proc *p = l->l_proc; 382 kauth_cred_t cred, ncred; 383 384 ncred = kauth_cred_alloc(); 385 386 /* Get a write lock on the process credential. */ 387 proc_crmod_enter(); 388 cred = p->p_cred; 389 390 /* 391 * check new value is one of the allowed existing values. 392 * otherwise, check if we have root privilege. 393 */ 394 if ((r != -1 395 && !((flags & ID_R_EQ_R) && r == kauth_cred_getgid(cred)) 396 && !((flags & ID_R_EQ_E) && r == kauth_cred_getegid(cred)) 397 && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvgid(cred))) || 398 (e != -1 399 && !((flags & ID_E_EQ_R) && e == kauth_cred_getgid(cred)) 400 && !((flags & ID_E_EQ_E) && e == kauth_cred_getegid(cred)) 401 && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvgid(cred))) || 402 (sv != -1 403 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getgid(cred)) 404 && !((flags & ID_S_EQ_E) && sv == kauth_cred_getegid(cred)) 405 && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvgid(cred)))) { 406 int error; 407 408 error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID, 409 p, NULL, NULL, NULL); 410 if (error != 0) { 411 proc_crmod_leave(cred, ncred, false); 412 return error; 413 } 414 } 415 416 /* If nothing has changed, short circuit the request */ 417 if ((r == -1 || r == kauth_cred_getgid(cred)) 418 && (e == -1 || e == kauth_cred_getegid(cred)) 419 && (sv == -1 || sv == kauth_cred_getsvgid(cred))) { 420 proc_crmod_leave(cred, ncred, false); 421 return 0; 422 } 423 424 kauth_cred_clone(cred, ncred); 425 426 if (r != -1) 427 kauth_cred_setgid(ncred, r); 428 if (sv != -1) 429 kauth_cred_setsvgid(ncred, sv); 430 if (e != -1) 431 kauth_cred_setegid(ncred, e); 432 433 /* Broadcast our credentials to the process and other LWPs. */ 434 proc_crmod_leave(ncred, cred, true); 435 436 return 0; 437 } 438 439 /* ARGSUSED */ 440 int 441 sys_setuid(struct lwp *l, const struct sys_setuid_args *uap, register_t *retval) 442 { 443 /* { 444 syscallarg(uid_t) uid; 445 } */ 446 uid_t uid = SCARG(uap, uid); 447 448 return do_setresuid(l, uid, uid, uid, 449 ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R); 450 } 451 452 /* ARGSUSED */ 453 int 454 sys_seteuid(struct lwp *l, const struct sys_seteuid_args *uap, register_t *retval) 455 { 456 /* { 457 syscallarg(uid_t) euid; 458 } */ 459 460 return do_setresuid(l, -1, SCARG(uap, euid), -1, ID_E_EQ_R | ID_E_EQ_S); 461 } 462 463 int 464 sys_setreuid(struct lwp *l, const struct sys_setreuid_args *uap, register_t *retval) 465 { 466 /* { 467 syscallarg(uid_t) ruid; 468 syscallarg(uid_t) euid; 469 } */ 470 kauth_cred_t cred = l->l_cred; 471 uid_t ruid, euid, svuid; 472 473 ruid = SCARG(uap, ruid); 474 euid = SCARG(uap, euid); 475 476 if (ruid == -1) 477 ruid = kauth_cred_getuid(cred); 478 if (euid == -1) 479 euid = kauth_cred_geteuid(cred); 480 481 /* Saved uid is set to the new euid if the ruid changed */ 482 svuid = (ruid == kauth_cred_getuid(cred)) ? -1 : euid; 483 484 return do_setresuid(l, ruid, euid, svuid, 485 ID_R_EQ_R | ID_R_EQ_E | 486 ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S | 487 ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S); 488 } 489 490 /* ARGSUSED */ 491 int 492 sys_setgid(struct lwp *l, const struct sys_setgid_args *uap, register_t *retval) 493 { 494 /* { 495 syscallarg(gid_t) gid; 496 } */ 497 gid_t gid = SCARG(uap, gid); 498 499 return do_setresgid(l, gid, gid, gid, 500 ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R); 501 } 502 503 /* ARGSUSED */ 504 int 505 sys_setegid(struct lwp *l, const struct sys_setegid_args *uap, register_t *retval) 506 { 507 /* { 508 syscallarg(gid_t) egid; 509 } */ 510 511 return do_setresgid(l, -1, SCARG(uap, egid), -1, ID_E_EQ_R | ID_E_EQ_S); 512 } 513 514 int 515 sys_setregid(struct lwp *l, const struct sys_setregid_args *uap, register_t *retval) 516 { 517 /* { 518 syscallarg(gid_t) rgid; 519 syscallarg(gid_t) egid; 520 } */ 521 kauth_cred_t cred = l->l_cred; 522 gid_t rgid, egid, svgid; 523 524 rgid = SCARG(uap, rgid); 525 egid = SCARG(uap, egid); 526 527 if (rgid == -1) 528 rgid = kauth_cred_getgid(cred); 529 if (egid == -1) 530 egid = kauth_cred_getegid(cred); 531 532 /* Saved gid is set to the new egid if the rgid changed */ 533 svgid = rgid == kauth_cred_getgid(cred) ? -1 : egid; 534 535 return do_setresgid(l, rgid, egid, svgid, 536 ID_R_EQ_R | ID_R_EQ_E | 537 ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S | 538 ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S); 539 } 540 541 int 542 sys_issetugid(struct lwp *l, const void *v, register_t *retval) 543 { 544 struct proc *p = l->l_proc; 545 546 /* 547 * Note: OpenBSD sets a P_SUGIDEXEC flag set at execve() time, 548 * we use PK_SUGID because we consider changing the owners as 549 * "tainting" as well. 550 * This is significant for procs that start as root and "become" 551 * a user without an exec - programs cannot know *everything* 552 * that libc *might* have put in their data segment. 553 */ 554 *retval = (p->p_flag & PK_SUGID) != 0; 555 return (0); 556 } 557 558 /* ARGSUSED */ 559 int 560 sys_setgroups(struct lwp *l, const struct sys_setgroups_args *uap, register_t *retval) 561 { 562 /* { 563 syscallarg(int) gidsetsize; 564 syscallarg(const gid_t *) gidset; 565 } */ 566 kauth_cred_t ncred; 567 int error; 568 569 ncred = kauth_cred_alloc(); 570 error = kauth_cred_setgroups(ncred, SCARG(uap, gidset), 571 SCARG(uap, gidsetsize), -1, UIO_USERSPACE); 572 if (error != 0) { 573 kauth_cred_free(ncred); 574 return error; 575 } 576 577 return kauth_proc_setgroups(l, ncred); 578 } 579 580 /* 581 * Get login name, if available. 582 */ 583 /* ARGSUSED */ 584 int 585 sys___getlogin(struct lwp *l, const struct sys___getlogin_args *uap, register_t *retval) 586 { 587 /* { 588 syscallarg(char *) namebuf; 589 syscallarg(size_t) namelen; 590 } */ 591 struct proc *p = l->l_proc; 592 char login[sizeof(p->p_session->s_login)]; 593 size_t namelen = SCARG(uap, namelen); 594 595 if (namelen > sizeof(login)) 596 namelen = sizeof(login); 597 mutex_enter(proc_lock); 598 memcpy(login, p->p_session->s_login, namelen); 599 mutex_exit(proc_lock); 600 return (copyout(login, (void *)SCARG(uap, namebuf), namelen)); 601 } 602 603 /* 604 * Set login name. 605 */ 606 /* ARGSUSED */ 607 int 608 sys___setlogin(struct lwp *l, const struct sys___setlogin_args *uap, register_t *retval) 609 { 610 /* { 611 syscallarg(const char *) namebuf; 612 } */ 613 struct proc *p = l->l_proc; 614 struct session *sp; 615 char newname[sizeof sp->s_login + 1]; 616 int error; 617 618 if ((error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_SETID, 619 p, NULL, NULL, NULL)) != 0) 620 return (error); 621 error = copyinstr(SCARG(uap, namebuf), newname, sizeof newname, NULL); 622 if (error != 0) 623 return (error == ENAMETOOLONG ? EINVAL : error); 624 625 mutex_enter(proc_lock); 626 sp = p->p_session; 627 if (sp->s_flags & S_LOGIN_SET && p->p_pid != sp->s_sid && 628 strncmp(newname, sp->s_login, sizeof sp->s_login) != 0) 629 log(LOG_WARNING, "%s (pid %d) changing logname from " 630 "%.*s to %s\n", p->p_comm, p->p_pid, 631 (int)sizeof sp->s_login, sp->s_login, newname); 632 sp->s_flags |= S_LOGIN_SET; 633 strncpy(sp->s_login, newname, sizeof sp->s_login); 634 mutex_exit(proc_lock); 635 return (0); 636 } 637