Commit 3d442424 authored by jD91mZM2's avatar jD91mZM2

WIP(ptrace): Finally add stronger security checks

parent e3d8f23c
......@@ -2,7 +2,7 @@ use alloc::sync::Arc;
use alloc::boxed::Box;
use alloc::collections::BTreeMap;
use core::alloc::{GlobalAlloc, Layout};
use core::mem;
use core::{iter, mem};
use core::sync::atomic::Ordering;
use crate::paging;
use spin::RwLock;
......@@ -30,6 +30,15 @@ impl ContextList {
self.map.get(&id)
}
/// Get an iterator of all parents
pub fn anchestors(&'_ self, id: ContextId) -> impl Iterator<Item = (ContextId, &Arc<RwLock<Context>>)> + '_ {
iter::successors(self.get(id).map(|context| (id, context)), move |(_id, context)| {
let context = context.read();
let id = context.ppid;
self.get(id).map(|context| (id, context))
})
}
/// Get the current context.
pub fn current(&self) -> Option<&Arc<RwLock<Context>>> {
self.map.get(&super::CONTEXT_ID.load(Ordering::SeqCst))
......
......@@ -75,16 +75,30 @@ impl Scheme for ProcScheme {
};
let contexts = context::contexts();
let context = contexts.get(pid).ok_or(Error::new(ESRCH))?;
let target = contexts.get(pid).ok_or(Error::new(ESRCH))?;
{
// TODO: Put better security here?
// Unless root, check security
if uid != 0 && gid != 0 {
let current = contexts.current().ok_or(Error::new(ESRCH))?;
let current = current.read();
let target = target.read();
let context = context.read();
if uid != 0 && gid != 0
&& uid != context.euid && gid != context.egid {
// Do we own the process?
if uid != target.euid && gid != target.egid {
return Err(Error::new(EPERM));
}
// Is it a subprocess of us? In the future, a capability
// could bypass this check.
match contexts.anchestors(target.ppid).find(|&(id, _context)| id == current.id) {
Some((id, context)) => {
// Paranoid sanity check, as ptrace security holes
// wouldn't be fun
assert_eq!(id, current.id);
assert_eq!(id, context.read().id);
},
None => return Err(Error::new(EPERM))
}
}
if let Operation::Trace = operation {
......@@ -95,8 +109,8 @@ impl Scheme for ProcScheme {
}
traced.insert(pid);
let mut context = context.write();
context.ptrace_stop = true;
let mut target = target.write();
target.ptrace_stop = true;
}
let id = self.next_id.fetch_add(1, Ordering::SeqCst);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment