FreeBSD kernel kern code
Data Structures | Macros | Functions | Variables
kern_prot.c File Reference
#include <sys/cdefs.h>
#include "opt_inet.h"
#include "opt_inet6.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/acct.h>
#include <sys/kdb.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/loginclass.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/ptrace.h>
#include <sys/refcount.h>
#include <sys/sx.h>
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/sysent.h>
#include <sys/sysproto.h>
#include <sys/jail.h>
#include <sys/racct.h>
#include <sys/rctl.h>
#include <sys/resourcevar.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/syscallsubr.h>
#include <sys/sysctl.h>
#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>
Include dependency graph for kern_prot.c:

Go to the source code of this file.

Data Structures

struct  getpid_args
 
struct  getppid_args
 
struct  getpgrp_args
 
struct  getpgid_args
 
struct  getsid_args
 
struct  getuid_args
 
struct  geteuid_args
 
struct  getgid_args
 
struct  getegid_args
 
struct  getgroups_args
 
struct  setsid_args
 
struct  setpgid_args
 
struct  setuid_args
 
struct  seteuid_args
 
struct  setgid_args
 
struct  setegid_args
 
struct  setgroups_args
 
struct  setreuid_args
 
struct  setregid_args
 
struct  setresuid_args
 
struct  setresgid_args
 
struct  getresuid_args
 
struct  getresgid_args
 
struct  issetugid_args
 
struct  getlogin_args
 
struct  setlogin_args
 

Macros

#define POSIX_APPENDIX_B_4_2_2
 

Functions

 __FBSDID ("$FreeBSD$")
 
static MALLOC_DEFINE (M_CRED, "cred", "credentials")
 
 SYSCTL_NODE (_security, OID_AUTO, bsd, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "BSD security policy")
 
static void crfree_final (struct ucred *cr)
 
static void crsetgroups_locked (struct ucred *cr, int ngrp, gid_t *groups)
 
int sys_getpid (struct thread *td, struct getpid_args *uap)
 
int sys_getppid (struct thread *td, struct getppid_args *uap)
 
int kern_getppid (struct thread *td)
 
int sys_getpgrp (struct thread *td, struct getpgrp_args *uap)
 
int sys_getpgid (struct thread *td, struct getpgid_args *uap)
 
int sys_getsid (struct thread *td, struct getsid_args *uap)
 
int kern_getsid (struct thread *td, pid_t pid)
 
int sys_getuid (struct thread *td, struct getuid_args *uap)
 
int sys_geteuid (struct thread *td, struct geteuid_args *uap)
 
int sys_getgid (struct thread *td, struct getgid_args *uap)
 
int sys_getegid (struct thread *td, struct getegid_args *uap)
 
int sys_getgroups (struct thread *td, struct getgroups_args *uap)
 
int sys_setsid (struct thread *td, struct setsid_args *uap)
 
int sys_setpgid (struct thread *td, struct setpgid_args *uap)
 
int sys_setuid (struct thread *td, struct setuid_args *uap)
 
int sys_seteuid (struct thread *td, struct seteuid_args *uap)
 
int sys_setgid (struct thread *td, struct setgid_args *uap)
 
int sys_setegid (struct thread *td, struct setegid_args *uap)
 
int sys_setgroups (struct thread *td, struct setgroups_args *uap)
 
int kern_setgroups (struct thread *td, u_int ngrp, gid_t *groups)
 
int sys_setreuid (struct thread *td, struct setreuid_args *uap)
 
int sys_setregid (struct thread *td, struct setregid_args *uap)
 
int sys_setresuid (struct thread *td, struct setresuid_args *uap)
 
int sys_setresgid (struct thread *td, struct setresgid_args *uap)
 
int sys_getresuid (struct thread *td, struct getresuid_args *uap)
 
int sys_getresgid (struct thread *td, struct getresgid_args *uap)
 
int sys_issetugid (struct thread *td, struct issetugid_args *uap)
 
int sys___setugid (struct thread *td, struct __setugid_args *uap)
 
int groupmember (gid_t gid, struct ucred *cred)
 
int securelevel_gt (struct ucred *cr, int level)
 
int securelevel_ge (struct ucred *cr, int level)
 
 SYSCTL_INT (_security_bsd, OID_AUTO, see_other_uids, CTLFLAG_RW, &see_other_uids, 0, "Unprivileged processes may see subjects/objects with different real uid")
 
int cr_canseeotheruids (struct ucred *u1, struct ucred *u2)
 
 SYSCTL_INT (_security_bsd, OID_AUTO, see_other_gids, CTLFLAG_RW, &see_other_gids, 0, "Unprivileged processes may see subjects/objects with different real gid")
 
int cr_canseeothergids (struct ucred *u1, struct ucred *u2)
 
 SYSCTL_INT (_security_bsd, OID_AUTO, see_jail_proc, CTLFLAG_RW, &see_jail_proc, 0, "Unprivileged processes may see subjects/objects with different jail ids")
 
int cr_canseejailproc (struct ucred *u1, struct ucred *u2)
 
int cr_cansee (struct ucred *u1, struct ucred *u2)
 
int p_cansee (struct thread *td, struct proc *p)
 
 SYSCTL_INT (_security_bsd, OID_AUTO, conservative_signals, CTLFLAG_RW, &conservative_signals, 0, "Unprivileged processes prevented from " "sending certain signals to processes whose credentials have changed")
 
int cr_cansignal (struct ucred *cred, struct proc *proc, int signum)
 
int p_cansignal (struct thread *td, struct proc *p, int signum)
 
int p_cansched (struct thread *td, struct proc *p)
 
static int sysctl_unprivileged_proc_debug (SYSCTL_HANDLER_ARGS)
 
 SYSCTL_PROC (_security_bsd, OID_AUTO, unprivileged_proc_debug, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_PRISON|CTLFLAG_SECURE|CTLFLAG_MPSAFE, 0, 0, sysctl_unprivileged_proc_debug, "I", "Unprivileged processes may use process debugging facilities")
 
int p_candebug (struct thread *td, struct proc *p)
 
int cr_canseesocket (struct ucred *cred, struct socket *so)
 
int p_canwait (struct thread *td, struct proc *p)
 
struct ucred * crcowget (struct ucred *cr)
 
static struct ucred * crunuse (struct thread *td)
 
static void crunusebatch (struct ucred *cr, int users, int ref)
 
void crcowfree (struct thread *td)
 
struct ucred * crcowsync (void)
 
void credbatch_add (struct credbatch *crb, struct thread *td)
 
void credbatch_final (struct credbatch *crb)
 
struct ucred * crget (void)
 
struct ucred * crhold (struct ucred *cr)
 
void crfree (struct ucred *cr)
 
void crcopy (struct ucred *dest, struct ucred *src)
 
struct ucred * crdup (struct ucred *cr)
 
void cru2x (struct ucred *cr, struct xucred *xcr)
 
void cru2xt (struct thread *td, struct xucred *xcr)
 
void proc_set_cred_init (struct proc *p, struct ucred *newcred)
 
void proc_set_cred (struct proc *p, struct ucred *newcred)
 
void proc_unset_cred (struct proc *p)
 
struct ucred * crcopysafe (struct proc *p, struct ucred *cr)
 
void crextend (struct ucred *cr, int n)
 
void crsetgroups (struct ucred *cr, int ngrp, gid_t *groups)
 
int sys_getlogin (struct thread *td, struct getlogin_args *uap)
 
int sys_setlogin (struct thread *td, struct setlogin_args *uap)
 
void setsugid (struct proc *p)
 
void change_euid (struct ucred *newcred, struct uidinfo *euip)
 
void change_egid (struct ucred *newcred, gid_t egid)
 
void change_ruid (struct ucred *newcred, struct uidinfo *ruip)
 
void change_rgid (struct ucred *newcred, gid_t rgid)
 
void change_svuid (struct ucred *newcred, uid_t svuid)
 
void change_svgid (struct ucred *newcred, gid_t svgid)
 
 SYSCTL_BOOL (_security_bsd, OID_AUTO, allow_ptrace, CTLFLAG_RWTUN, &allow_ptrace, 0, "Deny ptrace(2) use by returning ENOSYS")
 

Variables

static int see_other_uids = 1
 
static int see_other_gids = 1
 
static int see_jail_proc = 1
 
static int conservative_signals = 1
 
bool allow_ptrace = true
 

Macro Definition Documentation

◆ POSIX_APPENDIX_B_4_2_2

#define POSIX_APPENDIX_B_4_2_2

Definition at line 471 of file kern_prot.c.

Function Documentation

◆ __FBSDID()

__FBSDID ( "$FreeBSD$"  )

◆ change_egid()

void change_egid ( struct ucred *  newcred,
gid_t  egid 
)

Definition at line 2425 of file kern_prot.c.

Referenced by do_execve(), sys_setegid(), sys_setgid(), sys_setregid(), and sys_setresgid().

Here is the caller graph for this function:

◆ change_euid()

void change_euid ( struct ucred *  newcred,
struct uidinfo *  euip 
)

Definition at line 2409 of file kern_prot.c.

References uifree(), and uihold().

Referenced by do_execve(), sys_seteuid(), sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ change_rgid()

void change_rgid ( struct ucred *  newcred,
gid_t  rgid 
)

Definition at line 2458 of file kern_prot.c.

Referenced by sys_setgid(), sys_setregid(), and sys_setresgid().

Here is the caller graph for this function:

◆ change_ruid()

void change_ruid ( struct ucred *  newcred,
struct uidinfo *  ruip 
)

Definition at line 2440 of file kern_prot.c.

References chgproccnt(), uifree(), and uihold().

Referenced by sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ change_svgid()

void change_svgid ( struct ucred *  newcred,
gid_t  svgid 
)

Definition at line 2484 of file kern_prot.c.

Referenced by do_execve(), sys_setgid(), sys_setregid(), and sys_setresgid().

Here is the caller graph for this function:

◆ change_svuid()

void change_svuid ( struct ucred *  newcred,
uid_t  svuid 
)

Definition at line 2471 of file kern_prot.c.

Referenced by do_execve(), sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the caller graph for this function:

◆ cr_cansee()

int cr_cansee ( struct ucred *  u1,
struct ucred *  u2 
)

Definition at line 1435 of file kern_prot.c.

References cr_canseejailproc(), cr_canseeothergids(), cr_canseeotheruids(), and prison_check().

Referenced by p_cansee(), and unp_pcblist().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ cr_canseejailproc()

int cr_canseejailproc ( struct ucred *  u1,
struct ucred *  u2 
)

Definition at line 1420 of file kern_prot.c.

References see_jail_proc.

Referenced by cr_cansee().

Here is the caller graph for this function:

◆ cr_canseeothergids()

int cr_canseeothergids ( struct ucred *  u1,
struct ucred *  u2 
)

Definition at line 1378 of file kern_prot.c.

References groupmember(), priv_check_cred(), and see_other_gids.

Referenced by cr_cansee(), cr_canseesocket(), cr_cansignal(), p_candebug(), and p_cansched().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ cr_canseeotheruids()

int cr_canseeotheruids ( struct ucred *  u1,
struct ucred *  u2 
)

Definition at line 1348 of file kern_prot.c.

References priv_check_cred(), and see_other_uids.

Referenced by cr_cansee(), cr_canseesocket(), cr_cansignal(), p_candebug(), p_cansched(), and p_canwait().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ cr_canseesocket()

int cr_canseesocket ( struct ucred *  cred,
struct socket *  so 
)

Definition at line 1779 of file kern_prot.c.

References cr_canseeothergids(), cr_canseeotheruids(), and prison_check().

Here is the call graph for this function:

◆ cr_cansignal()

int cr_cansignal ( struct ucred *  cred,
struct proc *  proc,
int  signum 
)

Definition at line 1494 of file kern_prot.c.

References conservative_signals, cr_canseeothergids(), cr_canseeotheruids(), prison_check(), and priv_check_cred().

Referenced by p_cansignal().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crcopy()

void crcopy ( struct ucred *  dest,
struct ucred *  src 
)

Definition at line 2100 of file kern_prot.c.

References crsetgroups(), prison_hold(), src, and uihold().

Referenced by crcopysafe(), crdup(), and create_init().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crcopysafe()

struct ucred * crcopysafe ( struct proc *  p,
struct ucred *  cr 
)

Definition at line 2220 of file kern_prot.c.

References crcopy(), and crextend().

Referenced by do_jail_attach(), kern_setgroups(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setloginclass(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crcowfree()

void crcowfree ( struct thread *  td)

Definition at line 1918 of file kern_prot.c.

References crfree(), and crunuse().

Referenced by create_init(), and thread_cow_free().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crcowget()

struct ucred * crcowget ( struct ucred *  cr)

Definition at line 1854 of file kern_prot.c.

Referenced by crcowsync(), create_init(), proc_set_cred_init(), thread_cow_get(), and thread_cow_get_proc().

Here is the caller graph for this function:

◆ crcowsync()

struct ucred * crcowsync ( void  )

Definition at line 1928 of file kern_prot.c.

References crcowget(), and crunuse().

Referenced by thread_cow_update().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crdup()

struct ucred * crdup ( struct ucred *  cr)

Definition at line 2124 of file kern_prot.c.

References crcopy(), and crget().

Referenced by do_execve(), kern_accessat(), and vfs_mount_alloc().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ credbatch_add()

void credbatch_add ( struct credbatch *  crb,
struct thread *  td 
)

Definition at line 1953 of file kern_prot.c.

References crunusebatch().

Referenced by thread_reap_domain().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ credbatch_final()

void credbatch_final ( struct credbatch *  crb)

Definition at line 1979 of file kern_prot.c.

References crunusebatch().

Referenced by thread_reap_domain().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crextend()

void crextend ( struct ucred *  cr,
int  n 
)

Definition at line 2244 of file kern_prot.c.

References free(), and malloc().

Referenced by crcopysafe(), crsetgroups(), and kern_setgroups().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crfree()

void crfree ( struct ucred *  cr)

Definition at line 2035 of file kern_prot.c.

References crfree_final().

Referenced by _fdrop(), acct_disable(), aio_aqueue(), aio_free_entry(), alq_shutdown(), buf_free(), crcowfree(), create_init(), do_execve(), do_jail_attach(), execve_nosetid(), kern_accessat(), kern_setgroups(), kqueue_close(), msq_remove(), proc0_init(), proc_unset_cred(), ptsdrv_free(), sem_remove(), shm_deallocate_segment(), sigiofree(), sodealloc(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setloginclass(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), sys_setuid(), sysctl_kern_proc_groups(), thread_cow_update(), umtx_shm_free_reg(), vfs_bio_getpages(), vfs_free_addrlist(), vfs_free_netcred(), and vfs_mount_destroy().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crfree_final()

static void crfree_final ( struct ucred *  cr)
static

Definition at line 2064 of file kern_prot.c.

References free(), loginclass_free(), prison_free(), and uifree().

Referenced by crfree(), and crunusebatch().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crget()

struct ucred * crget ( void  )

Definition at line 1991 of file kern_prot.c.

References malloc().

Referenced by crdup(), create_init(), do_jail_attach(), kern_setgroups(), proc0_init(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setloginclass(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), sys_setuid(), and vfs_hang_addrlist().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crhold()

struct ucred * crhold ( struct ucred *  cr)

Definition at line 2014 of file kern_prot.c.

Referenced by _falloc_noinstall(), aio_aqueue(), alq_open_flags(), breada(), breadn_flags(), cluster_wbuild(), do_jail_attach(), fsetown(), kern_kqueue(), make_dev_sv(), pts_alloc(), pts_alloc_external(), shmget_allocate_segment(), socreate(), sonewconn(), sys_acct(), sys_msgget(), sys_semget(), sys_setloginclass(), sys_setresuid(), sys_setreuid(), sys_setuid(), sysctl_kern_proc_groups(), umtx_shm_create_reg(), and vfs_stdcheckexp().

Here is the caller graph for this function:

◆ crsetgroups()

void crsetgroups ( struct ucred *  cr,
int  ngrp,
gid_t *  groups 
)

Definition at line 2319 of file kern_prot.c.

References crextend(), crsetgroups_locked(), and ngroups_max.

Referenced by crcopy(), and vfs_hang_addrlist().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crsetgroups_locked()

static void crsetgroups_locked ( struct ucred *  cr,
int  ngrp,
gid_t *  groups 
)
static

Definition at line 2287 of file kern_prot.c.

Referenced by crsetgroups(), and kern_setgroups().

Here is the caller graph for this function:

◆ cru2x()

void cru2x ( struct ucred *  cr,
struct xucred *  xcr 
)

Definition at line 2137 of file kern_prot.c.

Referenced by cru2xt().

Here is the caller graph for this function:

◆ cru2xt()

void cru2xt ( struct thread *  td,
struct xucred *  xcr 
)

Definition at line 2152 of file kern_prot.c.

References cru2x().

Referenced by uipc_listen(), and unp_copy_peercred().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ crunuse()

static struct ucred * crunuse ( struct thread *  td)
static

Definition at line 1867 of file kern_prot.c.

Referenced by crcowfree(), and crcowsync().

Here is the caller graph for this function:

◆ crunusebatch()

static void crunusebatch ( struct ucred *  cr,
int  users,
int  ref 
)
static

Definition at line 1893 of file kern_prot.c.

References crfree_final().

Referenced by credbatch_add(), and credbatch_final().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ groupmember()

int groupmember ( gid_t  gid,
struct ucred *  cred 
)

Definition at line 1272 of file kern_prot.c.

Referenced by _acl_denies(), can_hardlink(), cr_canseeothergids(), ipcperm(), ksem_chown(), mqf_chown(), mqfs_setattr(), p_candebug(), shm_chown(), vaccess(), vaccess_acl_posix1e(), and vaccess_vexec_smr().

Here is the caller graph for this function:

◆ kern_getppid()

int kern_getppid ( struct thread *  td)

Definition at line 128 of file kern_prot.c.

Referenced by sys_getpid(), and sys_getppid().

Here is the caller graph for this function:

◆ kern_getsid()

int kern_getsid ( struct thread *  td,
pid_t  pid 
)

Definition at line 200 of file kern_prot.c.

References p_cansee(), and pfind().

Referenced by sys_getsid().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ kern_setgroups()

int kern_setgroups ( struct thread *  td,
u_int  ngrp,
gid_t *  groups 
)

Definition at line 825 of file kern_prot.c.

References crcopysafe(), crextend(), crfree(), crget(), crsetgroups_locked(), ngroups_max, priv_check_cred(), proc_set_cred(), and setsugid().

Referenced by sys_setgroups().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ MALLOC_DEFINE()

static MALLOC_DEFINE ( M_CRED  ,
"cred"  ,
"credentials"   
)
static

◆ p_candebug()

int p_candebug ( struct thread *  td,
struct proc *  p 
)

Definition at line 1681 of file kern_prot.c.

References cr_canseeothergids(), cr_canseeotheruids(), groupmember(), initproc, prison_check(), priv_check(), and securelevel_gt().

Referenced by kern_procctl(), kern_ptrace(), pget(), and proc_can_ptrace().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ p_cansched()

int p_cansched ( struct thread *  td,
struct proc *  p 
)

Definition at line 1613 of file kern_prot.c.

References cr_canseeothergids(), cr_canseeotheruids(), prison_check(), and priv_check().

Referenced by cpuset_which(), donice(), protect_setchild(), sys_rtprio(), and sys_rtprio_thread().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ p_cansee()

int p_cansee ( struct thread *  td,
struct proc *  p 
)

Definition at line 1462 of file kern_prot.c.

References cr_cansee().

Referenced by filt_procattach(), kern_getpriority(), kern_getsid(), kern_procctl(), kern_ptrace(), kern_setpriority(), pget(), proc_can_ptrace(), sys_getpgid(), sys_rtprio(), sys_rtprio_thread(), sys_setpgid(), sysctl_kern_file(), and sysctl_kern_proc_iterate().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ p_cansignal()

int p_cansignal ( struct thread *  td,
struct proc *  p,
int  signum 
)

Definition at line 1572 of file kern_prot.c.

References cr_cansignal().

Referenced by kern_kill(), kern_sigqueue(), killpg1_sendsig(), reap_kill_proc(), sys_pdkill(), and sys_thr_kill2().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ p_canwait()

int p_canwait ( struct thread *  td,
struct proc *  p 
)

Definition at line 1809 of file kern_prot.c.

References cr_canseeotheruids(), and prison_check().

Referenced by proc_to_reap().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ proc_set_cred()

void proc_set_cred ( struct proc *  p,
struct ucred *  newcred 
)

Definition at line 2181 of file kern_prot.c.

Referenced by create_init(), do_execve(), do_jail_attach(), kern_setgroups(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setloginclass(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the caller graph for this function:

◆ proc_set_cred_init()

void proc_set_cred_init ( struct proc *  p,
struct ucred *  newcred 
)

Definition at line 2164 of file kern_prot.c.

References crcowget().

Referenced by fork1(), and proc0_init().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ proc_unset_cred()

void proc_unset_cred ( struct proc *  p)

Definition at line 2201 of file kern_prot.c.

References crfree().

Referenced by fork1(), and proc_reap().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ securelevel_ge()

int securelevel_ge ( struct ucred *  cr,
int  level 
)

Definition at line 1322 of file kern_prot.c.

References level.

◆ securelevel_gt()

int securelevel_gt ( struct ucred *  cr,
int  level 
)

Definition at line 1315 of file kern_prot.c.

References level.

Referenced by firmware_get_flags(), kern_kldload(), kern_kldunload(), p_candebug(), settime(), and sysctl_root().

Here is the caller graph for this function:

◆ setsugid()

void setsugid ( struct proc *  p)

Definition at line 2395 of file kern_prot.c.

Referenced by do_execve(), do_jail_attach(), kern_setgroups(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the caller graph for this function:

◆ sys___setugid()

int sys___setugid ( struct thread *  td,
struct __setugid_args *  uap 
)

Definition at line 1242 of file kern_prot.c.

◆ sys_getegid()

int sys_getegid ( struct thread *  td,
struct getegid_args uap 
)

Definition at line 283 of file kern_prot.c.

◆ sys_geteuid()

int sys_geteuid ( struct thread *  td,
struct geteuid_args uap 
)

Definition at line 247 of file kern_prot.c.

◆ sys_getgid()

int sys_getgid ( struct thread *  td,
struct getgid_args uap 
)

Definition at line 261 of file kern_prot.c.

◆ sys_getgroups()

int sys_getgroups ( struct thread *  td,
struct getgroups_args uap 
)

Definition at line 297 of file kern_prot.c.

References getgroups_args::gidset, and getgroups_args::gidsetsize.

◆ sys_getlogin()

int sys_getlogin ( struct thread *  td,
struct getlogin_args uap 
)

Definition at line 2340 of file kern_prot.c.

References getlogin_args::namebuf, and getlogin_args::namelen.

◆ sys_getpgid()

int sys_getpgid ( struct thread *  td,
struct getpgid_args uap 
)

Definition at line 161 of file kern_prot.c.

References p_cansee(), pfind(), and getpgid_args::pid.

Here is the call graph for this function:

◆ sys_getpgrp()

int sys_getpgrp ( struct thread *  td,
struct getpgrp_args uap 
)

Definition at line 144 of file kern_prot.c.

◆ sys_getpid()

int sys_getpid ( struct thread *  td,
struct getpid_args uap 
)

Definition at line 101 of file kern_prot.c.

References kern_getppid().

Here is the call graph for this function:

◆ sys_getppid()

int sys_getppid ( struct thread *  td,
struct getppid_args uap 
)

Definition at line 120 of file kern_prot.c.

References kern_getppid().

Here is the call graph for this function:

◆ sys_getresgid()

int sys_getresgid ( struct thread *  td,
struct getresgid_args uap 
)

Definition at line 1200 of file kern_prot.c.

References getresgid_args::egid, getresgid_args::rgid, and getresgid_args::sgid.

◆ sys_getresuid()

int sys_getresuid ( struct thread *  td,
struct getresuid_args uap 
)

Definition at line 1173 of file kern_prot.c.

References getresuid_args::euid, getresuid_args::ruid, and getresuid_args::suid.

◆ sys_getsid()

int sys_getsid ( struct thread *  td,
struct getsid_args uap 
)

Definition at line 193 of file kern_prot.c.

References kern_getsid(), and getsid_args::pid.

Here is the call graph for this function:

◆ sys_getuid()

int sys_getuid ( struct thread *  td,
struct getuid_args uap 
)

Definition at line 230 of file kern_prot.c.

◆ sys_issetugid()

int sys_issetugid ( struct thread *  td,
struct issetugid_args uap 
)

Definition at line 1225 of file kern_prot.c.

◆ sys_setegid()

int sys_setegid ( struct thread *  td,
struct setegid_args uap 
)

Definition at line 753 of file kern_prot.c.

References change_egid(), crcopysafe(), crfree(), crget(), setegid_args::egid, priv_check_cred(), proc_set_cred(), and setsugid().

Here is the call graph for this function:

◆ sys_seteuid()

int sys_seteuid ( struct thread *  td,
struct seteuid_args uap 
)

Definition at line 599 of file kern_prot.c.

References change_euid(), crcopysafe(), crfree(), crget(), seteuid_args::euid, priv_check_cred(), proc_set_cred(), setsugid(), uifind(), and uifree().

Here is the call graph for this function:

◆ sys_setgid()

int sys_setgid ( struct thread *  td,
struct setgid_args uap 
)

Definition at line 655 of file kern_prot.c.

References change_egid(), change_rgid(), change_svgid(), crcopysafe(), crfree(), crget(), setgid_args::gid, POSIX_APPENDIX_B_4_2_2, priv_check_cred(), proc_set_cred(), and setsugid().

Here is the call graph for this function:

◆ sys_setgroups()

int sys_setgroups ( struct thread *  td,
struct setgroups_args uap 
)

Definition at line 800 of file kern_prot.c.

References free(), setgroups_args::gidset, setgroups_args::gidsetsize, kern_setgroups(), malloc(), and ngroups_max.

Here is the call graph for this function:

◆ sys_setlogin()

int sys_setlogin ( struct thread *  td,
struct setlogin_args uap 
)

Definition at line 2368 of file kern_prot.c.

References CTASSERT(), setlogin_args::namebuf, and priv_check().

Here is the call graph for this function:

◆ sys_setpgid()

int sys_setpgid ( struct thread *  td,
struct setpgid_args uap 
)

Definition at line 381 of file kern_prot.c.

References enterpgrp(), enterthispgrp(), inferior(), p_cansee(), pfind(), pgfind(), setpgid_args::pgid, pgrp_zone, setpgid_args::pid, and proctree_lock.

Here is the call graph for this function:

◆ sys_setregid()

int sys_setregid ( struct thread *  td,
struct setregid_args uap 
)

Definition at line 954 of file kern_prot.c.

References change_egid(), change_rgid(), change_svgid(), crcopysafe(), crfree(), crget(), setregid_args::egid, priv_check_cred(), proc_set_cred(), setregid_args::rgid, and setsugid().

Here is the call graph for this function:

◆ sys_setresgid()

int sys_setresgid ( struct thread *  td,
struct setresgid_args uap 
)

Definition at line 1106 of file kern_prot.c.

References change_egid(), change_rgid(), change_svgid(), crcopysafe(), crfree(), crget(), setresgid_args::egid, priv_check_cred(), proc_set_cred(), setresgid_args::rgid, setsugid(), and setresgid_args::sgid.

Here is the call graph for this function:

◆ sys_setresuid()

int sys_setresuid ( struct thread *  td,
struct setresuid_args uap 
)

Definition at line 1019 of file kern_prot.c.

References change_euid(), change_ruid(), change_svuid(), crcopysafe(), crfree(), crget(), crhold(), setresuid_args::euid, priv_check_cred(), proc_set_cred(), setresuid_args::ruid, setsugid(), setresuid_args::suid, uifind(), and uifree().

Here is the call graph for this function:

◆ sys_setreuid()

int sys_setreuid ( struct thread *  td,
struct setreuid_args uap 
)

Definition at line 879 of file kern_prot.c.

References change_euid(), change_ruid(), change_svuid(), crcopysafe(), crfree(), crget(), crhold(), setreuid_args::euid, priv_check_cred(), proc_set_cred(), setreuid_args::ruid, setsugid(), uifind(), and uifree().

Here is the call graph for this function:

◆ sys_setsid()

int sys_setsid ( struct thread *  td,
struct setsid_args uap 
)

Definition at line 325 of file kern_prot.c.

References enterpgrp(), free(), malloc(), pgfind(), pgrp_zone, and proctree_lock.

Here is the call graph for this function:

◆ sys_setuid()

int sys_setuid ( struct thread *  td,
struct setuid_args uap 
)

Definition at line 480 of file kern_prot.c.

References change_euid(), change_ruid(), change_svuid(), crcopysafe(), crfree(), crget(), crhold(), POSIX_APPENDIX_B_4_2_2, priv_check_cred(), proc_set_cred(), setsugid(), setuid_args::uid, uifind(), and uifree().

Here is the call graph for this function:

◆ SYSCTL_BOOL()

SYSCTL_BOOL ( _security_bsd  ,
OID_AUTO  ,
allow_ptrace  ,
CTLFLAG_RWTUN  ,
allow_ptrace,
,
"Deny ptrace(2) use by returning ENOSYS"   
)

◆ SYSCTL_INT() [1/4]

SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
conservative_signals  ,
CTLFLAG_RW  ,
conservative_signals,
,
"Unprivileged processes prevented from " "sending certain signals to processes whose credentials have changed"   
)

◆ SYSCTL_INT() [2/4]

SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
see_jail_proc  ,
CTLFLAG_RW  ,
see_jail_proc,
,
"Unprivileged processes may see subjects/objects with different jail ids"   
)

◆ SYSCTL_INT() [3/4]

SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
see_other_gids  ,
CTLFLAG_RW  ,
see_other_gids,
,
"Unprivileged processes may see subjects/objects with different real gid"   
)

◆ SYSCTL_INT() [4/4]

SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
see_other_uids  ,
CTLFLAG_RW  ,
see_other_uids,
,
"Unprivileged processes may see subjects/objects with different real uid"   
)

◆ SYSCTL_NODE()

SYSCTL_NODE ( _security  ,
OID_AUTO  ,
bsd  ,
CTLFLAG_RW|  CTLFLAG_MPSAFE,
,
"BSD security policy"   
)

◆ SYSCTL_PROC()

SYSCTL_PROC ( _security_bsd  ,
OID_AUTO  ,
unprivileged_proc_debug  ,
CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_PRISON|CTLFLAG_SECURE|  CTLFLAG_MPSAFE,
,
,
sysctl_unprivileged_proc_debug  ,
"I"  ,
"Unprivileged processes may use process debugging facilities"   
)

◆ sysctl_unprivileged_proc_debug()

static int sysctl_unprivileged_proc_debug ( SYSCTL_HANDLER_ARGS  )
static

Definition at line 1645 of file kern_prot.c.

References prison_allow(), prison_set_allow(), and sysctl_handle_int().

Here is the call graph for this function:

Variable Documentation

◆ allow_ptrace

bool allow_ptrace = true

Definition at line 2490 of file kern_prot.c.

Referenced by sys_ptrace().

◆ conservative_signals

int conservative_signals = 1
static

Definition at line 1483 of file kern_prot.c.

Referenced by cr_cansignal().

◆ see_jail_proc

int see_jail_proc = 1
static

Definition at line 1406 of file kern_prot.c.

Referenced by cr_canseejailproc().

◆ see_other_gids

int see_other_gids = 1
static

Definition at line 1364 of file kern_prot.c.

Referenced by cr_canseeothergids().

◆ see_other_uids

int see_other_uids = 1
static

Definition at line 1334 of file kern_prot.c.

Referenced by cr_canseeotheruids().