proc_rwmem check PRIV_PROC_MEM_WRITE when writing
Needs ReviewPublic
Actions

Authored by sjg on Fri, Nov 8, 5:09 AM.

Details

Reviewers

markj
stevek

Summary

This will fail when mac_veriexec is enforced.

Move the check from procfs_doprocmem to proc_rwmem to ensure all
cases are covered.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 60446
Build 57330: arc lint + arc unit

Event Timeline

sjg created this revision.Fri, Nov 8, 5:09 AM

Herald added subscribers: olce, imp. · View Herald TranscriptFri, Nov 8, 5:09 AM

sjg requested review of this revision.Fri, Nov 8, 5:09 AM

Harbormaster completed remote builds in B60446: Diff 146166.Fri, Nov 8, 5:09 AM

proc_rwmem() is also called by ptrace() and cuse(4). I can imagine you also want to prevent process tampering via ptrace(), but what about cuse(4), and more generally other potential uses where data transfers are performed by proc_rwmem()?

If this is a concern, an alternative would be to add a check of PRIV_PROC_MEM_WRITE directly in kern_ptrace().