[haiku-bugs] Re: [Haiku] #14961: Audit all syscalls for permissions and access checks

  • From: "Haiku" <trac@xxxxxxxxxxxx>
  • To: undisclosed-recipients: ;
  • Date: Sat, 14 Sep 2019 02:52:53 -0000

#14961: Audit all syscalls for permissions and access checks
-----------------------------+----------------------------
   Reporter:  waddlesplash   |      Owner:  waddlesplash
       Type:  bug            |     Status:  assigned
   Priority:  blocker        |  Milestone:  R1/beta2
  Component:  System/Kernel  |    Version:  R1/Development
 Resolution:                 |   Keywords:  security
 Blocked By:                 |   Blocking:
Has a Patch:  0              |   Platform:  All
-----------------------------+----------------------------
Description changed by waddlesplash:

Old description:

Here's a full list of source files containing syscall implementations:

 * OK ~~src/system/kernel/arch/arm/arch_atomic32.cpp~~
 * OK ~~src/system/kernel/arch/arm/arch_atomic64.cpp~~
 * OK ~~src/system/kernel/arch/m68k/arch_atomic.cpp~~
 * OK ~~src/system/kernel/arch/x86/arch_system_info.cpp~~
 * OK ~~src/system/kernel/arch/x86/syscalls_compat.cpp~~
 * OK ~~src/system/kernel/debug/debug.cpp~~
 * OK ~~src/system/kernel/debug/frame_buffer_console.cpp~~
 * OK ~~src/system/kernel/debug/safemode_settings.cpp~~
 * OK ~~src/system/kernel/debug/system_profiler.cpp~~
 * OK ~~src/system/kernel/debug/tracing.cpp~~
 * OK ~~src/system/kernel/debug/user_debugger.cpp~~
 * NEEDSWORK
src/system/kernel/disk_device_manager/ddm_userland_interface.cpp
 * OK ~~src/system/kernel/UserTimer.cpp~~
 * OK ~~src/system/kernel/cpu.cpp~~
 * OK ~~src/system/kernel/elf.cpp~~
 * OK ~~src/system/kernel/fs/fd.cpp~~
 * src/system/kernel/fs/node_monitor.cpp
 * src/system/kernel/fs/socket.cpp
 * src/system/kernel/fs/vfs.cpp
 * src/system/kernel/image.cpp
 * src/system/kernel/locks/user_mutex.cpp
 * src/system/kernel/messaging/MessagingService.cpp
 * src/system/kernel/port.cpp
 * src/system/kernel/posix/realtime_sem.cpp
 * src/system/kernel/posix/xsi_message_queue.cpp
 * src/system/kernel/posix/xsi_semaphore.cpp
 * src/system/kernel/real_time_clock.cpp
 * src/system/kernel/scheduler/scheduler.cpp
 * src/system/kernel/scheduler/scheduling_analysis.cpp
 * src/system/kernel/sem.cpp
 * src/system/kernel/shutdown.cpp
 * src/system/kernel/signal.cpp
 * src/system/kernel/syscalls.cpp
 * src/system/kernel/system_info.cpp
 * src/system/kernel/team.cpp
 * src/system/kernel/thread.cpp
 * src/system/kernel/usergroup.cpp
 * src/system/kernel/vm/vm.cpp
 * src/system/kernel/wait_for_objects.cpp

Each and every one of these needs to be audited, namely:
 * All passed pointers are checked against {{{IS_USER_ADDRESS}}} (thanks
to SMAP, largely already done)
 * All objects (e.g. FDs, areas, semaphores) manipulated by syscalls are
checked that the calling team has access to manipulate them
 * Whatever other things I think of adding here...

New description:

 Here's a full list of source files containing syscall implementations:

  * OK ~~src/system/kernel/arch/arm/arch_atomic32.cpp~~
  * OK ~~src/system/kernel/arch/arm/arch_atomic64.cpp~~
  * OK ~~src/system/kernel/arch/m68k/arch_atomic.cpp~~
  * OK ~~src/system/kernel/arch/x86/arch_system_info.cpp~~
  * OK ~~src/system/kernel/arch/x86/syscalls_compat.cpp~~
  * OK ~~src/system/kernel/debug/debug.cpp~~
  * OK ~~src/system/kernel/debug/frame_buffer_console.cpp~~
  * OK ~~src/system/kernel/debug/safemode_settings.cpp~~
  * OK ~~src/system/kernel/debug/system_profiler.cpp~~
  * OK ~~src/system/kernel/debug/tracing.cpp~~
  * OK ~~src/system/kernel/debug/user_debugger.cpp~~
  * NEEDSWORK
 src/system/kernel/disk_device_manager/ddm_userland_interface.cpp
  * OK ~~src/system/kernel/UserTimer.cpp~~
  * OK ~~src/system/kernel/cpu.cpp~~
  * OK ~~src/system/kernel/elf.cpp~~
  * OK ~~src/system/kernel/fs/fd.cpp~~
  * NEEDSWORK src/system/kernel/fs/node_monitor.cpp
  * OK ~~src/system/kernel/fs/socket.cpp~~
  * src/system/kernel/fs/vfs.cpp
  * src/system/kernel/image.cpp
  * src/system/kernel/locks/user_mutex.cpp
  * src/system/kernel/messaging/MessagingService.cpp
  * src/system/kernel/port.cpp
  * src/system/kernel/posix/realtime_sem.cpp
  * src/system/kernel/posix/xsi_message_queue.cpp
  * src/system/kernel/posix/xsi_semaphore.cpp
  * src/system/kernel/real_time_clock.cpp
  * src/system/kernel/scheduler/scheduler.cpp
  * src/system/kernel/scheduler/scheduling_analysis.cpp
  * src/system/kernel/sem.cpp
  * src/system/kernel/shutdown.cpp
  * src/system/kernel/signal.cpp
  * src/system/kernel/syscalls.cpp
  * src/system/kernel/system_info.cpp
  * src/system/kernel/team.cpp
  * src/system/kernel/thread.cpp
  * src/system/kernel/usergroup.cpp
  * src/system/kernel/vm/vm.cpp
  * src/system/kernel/wait_for_objects.cpp

 Each and every one of these needs to be audited, namely:
  * All passed pointers are checked against {{{IS_USER_ADDRESS}}} (thanks
 to SMAP, largely already done)
  * All objects (e.g. FDs, areas, semaphores) manipulated by syscalls are
 checked that the calling team has access to manipulate them
  * Whatever other things I think of adding here...

--
-- 
Ticket URL: <https://dev.haiku-os.org/ticket/14961#comment:5>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.

Other related posts:

  1. Home
  2. haiku-bugs
  3. Archive
  4. 09-2019