aboutsummaryrefslogtreecommitdiff
path: root/sys/sys
diff options
context:
space:
mode:
authorEdward Tomasz Napierala <trasz@FreeBSD.org>2021-07-01 08:11:11 +0000
committerEdward Tomasz Napierala <trasz@FreeBSD.org>2021-07-01 08:42:07 +0000
commitdb8d680ebe9b12c7d9e0eb8bf9940fcef709f5ec (patch)
tree6b79578d1151497014969da1fda0b35f72c4c7db /sys/sys
parent93c3453f11c9bc99ae482565b3a3f29b39ab8f62 (diff)
downloadsrc-db8d680ebe9b12c7d9e0eb8bf9940fcef709f5ec.tar.gz
src-db8d680ebe9b12c7d9e0eb8bf9940fcef709f5ec.zip
procctl(2): add PROC_NO_NEW_PRIVS_CTL, PROC_NO_NEW_PRIVS_STATUS
This introduces a new, per-process flag, "NO_NEW_PRIVS", which is inherited, preserved on exec, and cannot be cleared. The flag, when set, makes subsequent execs ignore any SUID and SGID bits, instead executing those binaries as if they not set. The main purpose of the flag is implementation of Linux PROC_SET_NO_NEW_PRIVS prctl(2), and possibly also unpriviledged chroot. Reviewed By: kib Sponsored By: EPSRC Differential Revision: https://reviews.freebsd.org/D30939
Diffstat (limited to 'sys/sys')
-rw-r--r--sys/sys/proc.h1
-rw-r--r--sys/sys/procctl.h5
2 files changed, 6 insertions, 0 deletions
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 19e8d76c6f99..9813324bfa69 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -835,6 +835,7 @@ struct proc {
after exec */
#define P2_ITSTOPPED 0x00002000
#define P2_PTRACEREQ 0x00004000 /* Active ptrace req */
+#define P2_NO_NEW_PRIVS 0x00008000 /* Ignore setuid */
/* Flags protected by proctree_lock, kept in p_treeflags. */
#define P_TREE_ORPHANED 0x00000001 /* Reparented, on orphan list */
diff --git a/sys/sys/procctl.h b/sys/sys/procctl.h
index 90fb149830dc..cc0279fb0d08 100644
--- a/sys/sys/procctl.h
+++ b/sys/sys/procctl.h
@@ -63,6 +63,8 @@
#define PROC_PROTMAX_STATUS 16 /* query implicit PROT_MAX status */
#define PROC_STACKGAP_CTL 17 /* en/dis stack gap on MAP_STACK */
#define PROC_STACKGAP_STATUS 18 /* query stack gap */
+#define PROC_NO_NEW_PRIVS_CTL 19 /* disable setuid/setgid */
+#define PROC_NO_NEW_PRIVS_STATUS 20 /* query suid/sgid disabled status */
/* Operations for PROC_SPROTECT (passed in integer arg). */
#define PPROT_OP(x) ((x) & 0xf)
@@ -141,6 +143,9 @@ struct procctl_reaper_kill {
#define PROC_STACKGAP_ENABLE_EXEC 0x0004
#define PROC_STACKGAP_DISABLE_EXEC 0x0008
+#define PROC_NO_NEW_PRIVS_ENABLE 1
+#define PROC_NO_NEW_PRIVS_DISABLE 2
+
#ifndef _KERNEL
__BEGIN_DECLS
int procctl(idtype_t, id_t, int, void *);