Page MenuHomeFreeBSD
Differential D30939

procctl(2): add PROC_NO_NEW_PRIVS_CTL, PROC_NO_NEW_PRIVS_STATUS
ClosedPublic
Actions

Authored by trasz on Jun 29 2021, 4:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 6, 3:12 PM
Unknown Object (File)
Thu, Nov 28, 1:58 PM
Unknown Object (File)
Wed, Nov 27, 11:06 AM
Unknown Object (File)
Sat, Nov 23, 1:13 AM
Unknown Object (File)
Nov 18 2024, 3:15 PM
Unknown Object (File)
Nov 18 2024, 3:15 PM
Unknown Object (File)
Nov 18 2024, 1:00 PM
Unknown Object (File)
Nov 18 2024, 3:40 AM
View All 99 Files
Subscribers
imp
phk

Details

Reviewers
kib
Group Reviewers
manpages
Commits
rGdb8d680ebe9b: procctl(2): add PROC_NO_NEW_PRIVS_CTL, PROC_NO_NEW_PRIVS_STATUS
Summary

This introduces a new, per-process flag, "NO_NEW_PRIVS", which
is inherited, preserved on exec, and cannot be cleared. The flag,
when set, makes subsequent execs ignore any SUID and SGID bits,
instead executing those binaries as if they not set.

Main purpose of the flag is implementation of Linux PROC_NO_NEW_PRIVS
prctl(2), and possibly also unpriviledged chroot.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

trasz created this revision.Jun 29 2021, 4:39 PM
Herald added a reviewer: manpages. · View Herald TranscriptJun 29 2021, 4:39 PM
Herald added a subscriber: imp. · View Herald Transcript
trasz requested review of this revision.Jun 29 2021, 4:39 PM
Harbormaster completed remote builds in B40165: Diff 91506.Jun 29 2021, 4:40 PM
trasz mentioned this in D30940: proccontrol(1): implement 'nonewprivs'.Jun 29 2021, 4:43 PM
trasz mentioned this in D30130: Unprivileged chroot.
kib added a comment.Jun 30 2021, 5:24 AM

compat32 requires handling.
vfs_syscall.c chunk should be a separate commit, perhaps even two commits.

sys/kern/kern_exec.c
789

() != 0

IMO the condition should be merged into previous if()

sys/kern/kern_procctl.c
428

For me, it is too many lines.

if (state != PROC_NO_NEW_PRIS_ENABLE)
   return (EINVAL);
p->p_flag2 |= P2_NO_NEW_PRIVS;
return (0);
trasz updated this revision to Diff 91558.Jun 30 2021, 11:54 AM
Style, add compat32, drop unrelated (well, related, but will be reviewed

separately) chunk.
Harbormaster completed remote builds in B40183: Diff 91558.Jun 30 2021, 11:54 AM
kib accepted this revision.Jun 30 2021, 12:27 PM
Handle the man pages notes and bump the date. No need to update the review, I am fine with the code.
lib/libc/sys/procctl.2


569
s/created/activated


571
I do not think that 'descendants' is right.  It makes an impression that all existing children get this treatment, which is not true.



Probably a better wording would be '... process and its future descendants'.


583
Either SETUID/SETGID, or SUID/SGID.


590
Don't you missed .El there?
This revision is now accepted and ready to land.Jun 30 2021, 12:27 PM
trasz added a comment.Jul 1 2021, 8:10 AM
(Tinderboxed.)
Closed by commit rGdb8d680ebe9b: procctl(2): add PROC_NO_NEW_PRIVS_CTL, PROC_NO_NEW_PRIVS_STATUS (authored by trasz).  ·  Explain WhyJul 1 2021, 8:42 AM
This revision was automatically updated to reflect the committed changes.
trasz added a commit: rGdb8d680ebe9b: procctl(2): add PROC_NO_NEW_PRIVS_CTL, PROC_NO_NEW_PRIVS_STATUS.
phk added a subscriber: phk.EditedJul 9 2021, 7:46 AM
looks OK to me.



Is there any way to set this bit without writing C-code ? (ie: can it be used from a shell-script ?)



(Ignore that, I just found it in D30940 :-)
Revision Contents
Changeset List
PathSize
lib/
libc/
sys/
27 lines
sys/
compat/
freebsd32/
3 lines
kern/
5 lines
2 lines
32 lines
sys/
1 line
5 lines
Diff 91599
View Options
lib/libc/sys/procctl.2
Loading...
View Options
sys/compat/freebsd32/freebsd32_misc.c
Loading...
View Options
sys/kern/kern_exec.c
Loading...
View Options
sys/kern/kern_fork.c
Loading...
View Options
sys/kern/kern_procctl.c
Loading...
View Options
sys/sys/proc.h
Loading...
View Options
sys/sys/procctl.h
Loading...