PERFORCE change 35088 for review
Robert Watson
rwatson at FreeBSD.org
Sun Jul 27 14:32:03 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=35088
Change 35088 by rwatson at rwatson_tislabs on 2003/07/27 07:31:34
For the kern.file sysctl, don't reveal file descriptor
information for processes the requesting thread isn't
permitted to see. This relates to PR 54211 submitted by
Pawel Jakub Dawidek, but is a subset solution in a slightly
different form. Per the comment, some information about
the total number of file descriptors is revealed, but this
is a product of the way in which the size is calculated.
Once we merge struct file label/access control support,
there will also need to be a canseefile() check here.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_descrip.c#45 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_descrip.c#45 (text+ko) ====
@@ -2305,6 +2305,14 @@
struct proc *p;
int error, n;
+ /*
+ * XXXMAC
+ * Note: because the number of file descriptors is calculated
+ * in different ways for sizing vs returning the data,
+ * there is information leakage from the first loop. However,
+ * it is of a similar order of magnitude to the leakage from
+ * global system statistics such as kern.openfiles.
+ */
sysctl_wire_old_buffer(req, 0);
if (req->oldptr == NULL) {
n = 16; /* A slight overestimate. */
@@ -2327,6 +2335,10 @@
sx_slock(&allproc_lock);
LIST_FOREACH(p, &allproc, p_list) {
PROC_LOCK(p);
+ if (p_cansee(req->td, p) != 0) {
+ PROC_UNLOCK(p);
+ continue;
+ }
xf.xf_pid = p->p_pid;
xf.xf_uid = p->p_ucred->cr_uid;
PROC_UNLOCK(p);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list