Page MenuHomeFreeBSD

procctl: require debug privileges over the target for most of the _CTL commands
ClosedPublic

Authored by kib on Oct 15 2021, 8:14 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 24, 5:54 PM
Unknown Object (File)
Fri, Jan 24, 7:38 AM
Unknown Object (File)
Fri, Jan 24, 7:20 AM
Unknown Object (File)
Fri, Jan 24, 4:01 AM
Unknown Object (File)
Sat, Jan 11, 8:06 AM
Unknown Object (File)
Thu, Jan 9, 7:31 PM
Unknown Object (File)
Nov 17 2024, 4:51 AM
Unknown Object (File)
Nov 14 2024, 1:16 PM
Subscribers

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

kib requested review of this revision.Oct 15 2021, 8:14 PM
kib edited the summary of this revision. (Show Details)
sys/kern/kern_procctl.c
710

"single_proc" is too cryptic IMO, at first I thought it was referring to thread_single().

714

This looks like it should be named need_candebug.

885

The code below uses both data and &x to refer to the same thing, I think it should be consistent one way or the other.

887

I think this can copy out uninitialized bytes in some cases, e.g. for PROC_REAP_KILL I don't see any zeroing. I would zero out &x here and remove zeroing from the individual handlers where appropriate.

901

I wonder why we bother passing td when most handlers don't use it, and the rest expect td == curthread.

kib marked 5 inline comments as done.Oct 16 2021, 6:52 PM
kib added inline comments.
sys/kern/kern_procctl.c
901

Same as for any syscall. I find it sometimes convenient, in fact.

kib marked an inline comment as done.

single_proc->one_proc
candebug->need_candebug
zero x
remove data

sys/kern/kern_procctl.c
139

as in trace_ctl().

156
823
939

Why do we check p_state == PRS_NEW below but not here?

Is there any reason to permit operations on exiting processes here?

sys/kern/kern_procctl.c
712

copyout_on_error seems more precise.

kib marked 5 inline comments as done.Oct 18 2021, 9:30 PM
kib added inline comments.
sys/kern/kern_procctl.c
939

PRS_NEW is checked by pfind(), but not by the p_pglist iteration.
Also pfind() checks for zombies, but not for processes being exited.

After some rounds of changing my opinion, I think that there is no reason to disable looking at the exiting processes. On the other hand, p_pglist iteration needs to check for PRS_ZOMBIE

kib marked an inline comment as done.

s/9/0
s/always_copyout/copyout_on_error
Filter out zombies for group op
Remove uses of curproc

markj added inline comments.
sys/kern/kern_procctl.c
939

Ah, I missed that pfind() excludes PRS_NEW. I still wonder about the utility of permitting operations on exiting process, especially since some commands need to exclude them already, but ok.

This revision is now accepted and ready to land.Oct 19 2021, 2:41 PM
sys/kern/kern_procctl.c
939

For P_WEXIT but not yet PRS_ZOMBIE processes, it might be useful to be able to query some of the parameters reported by _STATUS commands. Not too useful, but might be interesting, e.g. reaper might want to query PDEATHSIG value, for something that could be relatively realistic.

Presumably need a clarification in procctl.2 also

Update man page for id zero and debug privs.

This revision now requires review to proceed.Oct 19 2021, 6:02 PM
This revision is now accepted and ready to land.Oct 19 2021, 7:46 PM