Page MenuHomeFreeBSD

ssh: pass 0 to procctl(2) to operate on self
ClosedPublic

Authored by emaste on Jan 20 2022, 6:52 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 10, 11:44 PM
Unknown Object (File)
Tue, Dec 10, 9:31 AM
Unknown Object (File)
Nov 26 2024, 7:15 PM
Unknown Object (File)
Nov 25 2024, 6:13 AM
Unknown Object (File)
Nov 24 2024, 4:14 PM
Unknown Object (File)
Nov 23 2024, 9:41 AM
Unknown Object (File)
Nov 20 2024, 2:04 PM
Unknown Object (File)
Nov 20 2024, 2:04 PM
Subscribers

Details

Summary

As of f833ab9dd187 procctl(2) allows idtype P_PID with id = 0 as a shortcut for the calling process ID. The shortcut also bypasses the p_cansee / p_candebug test (since the process is able to act on itself.)

Use the id = 0 shortcut in ssh so that the self-procctl will succeed.

It's likely the case that procctl(2) should allow the self-operation with getpid(). This change is suitable for the base system where we can be certain we are running on a kernel with f833ab9dd187 (and id = 0 is preferable anyway).

Reported by: Shawn Webb
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste created this revision.
This revision is now accepted and ready to land.Jan 20 2022, 11:27 PM

Could abandon this change if we change kern_procctl to skip the `error = cmd_info->need_candebug ? p_candebug(td, p) : p_cansee(td, p); in the case that we're operating on ourself.

The change in this review is good because it removes one syscall (not too big achievement on its own, but stil a right thing to do). Removing the unneeded calls in kernel are also good IMO, we do not envision that a process can be stripped from debugging permissions to itself [I believe Windows allows such thing].

This revision was automatically updated to reflect the committed changes.