From f03800cee39c5cbe06c2b68aeb9c9cd558231c3b Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Mon, 11 Jan 2021 22:30:57 +0100 Subject: [PATCH] Kernel: Add dedicated "ptrace" pledge promise The vast majority of programs don't ever need to use sys$ptrace(), and it seems like a high-value system call to prevent a compromised process from using. This patch moves sys$ptrace() from the "proc" promise to its own, new "ptrace" promise and updates the affected apps. --- Applications/Debugger/main.cpp | 2 +- Base/usr/share/man/man2/pledge.md | 1 + DevTools/HackStudio/main.cpp | 4 ++-- Kernel/Process.h | 1 + Kernel/Syscalls/ptrace.cpp | 2 +- Userland/functrace.cpp | 2 +- 6 files changed, 7 insertions(+), 5 deletions(-) diff --git a/Applications/Debugger/main.cpp b/Applications/Debugger/main.cpp index 4feef9c4db..ef5bbe9671 100644 --- a/Applications/Debugger/main.cpp +++ b/Applications/Debugger/main.cpp @@ -194,7 +194,7 @@ int main(int argc, char** argv) { editor = Line::Editor::construct(); - if (pledge("stdio proc exec rpath tty sigaction cpath unix fattr", nullptr) < 0) { + if (pledge("stdio proc ptrace exec rpath tty sigaction cpath unix fattr", nullptr) < 0) { perror("pledge"); return 1; } diff --git a/Base/usr/share/man/man2/pledge.md b/Base/usr/share/man/man2/pledge.md index cd7911c812..1a1a5a4aaf 100644 --- a/Base/usr/share/man/man2/pledge.md +++ b/Base/usr/share/man/man2/pledge.md @@ -53,6 +53,7 @@ If the process later attempts to use any system functionality it has previously * `sigaction`: Change signal handlers and dispositions (\*) * `sendfd`: Send file descriptors over a local socket * `recvfd`: Receive file descriptors over a local socket +* `ptrace`: The [`ptrace(2)`](ptrace.md) syscall (\*) Promises marked with an asterisk (\*) are SerenityOS specific extensions not supported by the original OpenBSD `pledge()`. diff --git a/DevTools/HackStudio/main.cpp b/DevTools/HackStudio/main.cpp index 2cb6706fc1..3ca8b1a8a0 100644 --- a/DevTools/HackStudio/main.cpp +++ b/DevTools/HackStudio/main.cpp @@ -57,14 +57,14 @@ static void update_path_environment_variable(); int main(int argc, char** argv) { - if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd", nullptr) < 0) { + if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd ptrace", nullptr) < 0) { perror("pledge"); return 1; } auto app = GUI::Application::construct(argc, argv); - if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd", nullptr) < 0) { + if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd ptrace", nullptr) < 0) { perror("pledge"); return 1; } diff --git a/Kernel/Process.h b/Kernel/Process.h index 2887aacd22..b324eb4c85 100644 --- a/Kernel/Process.h +++ b/Kernel/Process.h @@ -66,6 +66,7 @@ extern VirtualAddress g_return_to_ring3_from_signal_trampoline; __ENUMERATE_PLEDGE_PROMISE(inet) \ __ENUMERATE_PLEDGE_PROMISE(id) \ __ENUMERATE_PLEDGE_PROMISE(proc) \ + __ENUMERATE_PLEDGE_PROMISE(ptrace) \ __ENUMERATE_PLEDGE_PROMISE(exec) \ __ENUMERATE_PLEDGE_PROMISE(unix) \ __ENUMERATE_PLEDGE_PROMISE(recvfd) \ diff --git a/Kernel/Syscalls/ptrace.cpp b/Kernel/Syscalls/ptrace.cpp index 71963d80f9..a4b82edfaa 100644 --- a/Kernel/Syscalls/ptrace.cpp +++ b/Kernel/Syscalls/ptrace.cpp @@ -37,7 +37,7 @@ namespace Kernel { int Process::sys$ptrace(Userspace user_params) { - REQUIRE_PROMISE(proc); + REQUIRE_PROMISE(ptrace); Syscall::SC_ptrace_params params; if (!copy_from_user(¶ms, user_params)) return -EFAULT; diff --git a/Userland/functrace.cpp b/Userland/functrace.cpp index 763e7a4a35..dcb2d046b3 100644 --- a/Userland/functrace.cpp +++ b/Userland/functrace.cpp @@ -112,7 +112,7 @@ static NonnullOwnPtr> instrument_code() int main(int argc, char** argv) { - if (pledge("stdio proc exec rpath sigaction", nullptr) < 0) { + if (pledge("stdio proc exec rpath sigaction ptrace", nullptr) < 0) { perror("pledge"); return 1; }