Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
// Copyright 2014 The Crashpad Authors. All rights reserved.
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
#include "util/posix/process_info.h"
|
|
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include "base/logging.h"
|
|
|
|
|
#include "base/mac/mach_logging.h"
|
|
|
|
|
|
|
|
|
|
namespace crashpad {
|
|
|
|
|
|
|
|
|
|
ProcessInfo::ProcessInfo() : kern_proc_info_(), initialized_() {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ProcessInfo::~ProcessInfo() {
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-22 09:14:52 -07:00
|
|
|
|
bool ProcessInfo::InitializeWithPid(pid_t pid) {
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
INITIALIZATION_STATE_SET_INITIALIZING(initialized_);
|
|
|
|
|
|
|
|
|
|
int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
|
|
|
|
|
size_t len = sizeof(kern_proc_info_);
|
|
|
|
|
if (sysctl(mib, arraysize(mib), &kern_proc_info_, &len, nullptr, 0) != 0) {
|
|
|
|
|
PLOG(ERROR) << "sysctl for pid " << pid;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// This sysctl does not return an error if the pid was not found. 10.9.5
|
|
|
|
|
// xnu-2422.115.4/bsd/kern/kern_sysctl.c sysctl_prochandle() calls
|
|
|
|
|
// xnu-2422.115.4/bsd/kern/kern_proc.c proc_iterate(), which provides no
|
|
|
|
|
// indication of whether anything was done. To catch this, check that the PID
|
|
|
|
|
// has changed from the 0 value it was given when initialized by the
|
|
|
|
|
// constructor.
|
|
|
|
|
if (kern_proc_info_.kp_proc.p_pid == 0) {
|
|
|
|
|
LOG(WARNING) << "pid " << pid << " not found";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DCHECK_EQ(kern_proc_info_.kp_proc.p_pid, pid);
|
|
|
|
|
|
|
|
|
|
INITIALIZATION_STATE_SET_VALID(initialized_);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-22 09:14:52 -07:00
|
|
|
|
bool ProcessInfo::InitializeWithTask(task_t task) {
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
pid_t pid;
|
|
|
|
|
kern_return_t kr = pid_for_task(task, &pid);
|
|
|
|
|
if (kr != KERN_SUCCESS) {
|
|
|
|
|
MACH_LOG(ERROR, kr) << "pid_for_task";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-22 09:14:52 -07:00
|
|
|
|
return InitializeWithPid(pid);
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pid_t ProcessInfo::ProcessID() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
return kern_proc_info_.kp_proc.p_pid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pid_t ProcessInfo::ParentProcessID() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
return kern_proc_info_.kp_eproc.e_ppid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uid_t ProcessInfo::RealUserID() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
return kern_proc_info_.kp_eproc.e_pcred.p_ruid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uid_t ProcessInfo::EffectiveUserID() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
return kern_proc_info_.kp_eproc.e_ucred.cr_uid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uid_t ProcessInfo::SavedUserID() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
return kern_proc_info_.kp_eproc.e_pcred.p_svuid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
gid_t ProcessInfo::RealGroupID() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
return kern_proc_info_.kp_eproc.e_pcred.p_rgid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
gid_t ProcessInfo::EffectiveGroupID() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
return kern_proc_info_.kp_eproc.e_ucred.cr_gid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
gid_t ProcessInfo::SavedGroupID() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
return kern_proc_info_.kp_eproc.e_pcred.p_svgid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::set<gid_t> ProcessInfo::SupplementaryGroups() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
|
|
|
|
|
const short ngroups = kern_proc_info_.kp_eproc.e_ucred.cr_ngroups;
|
|
|
|
|
DCHECK_GE(ngroups, 0);
|
2014-12-16 12:18:32 -08:00
|
|
|
|
DCHECK_LE(static_cast<size_t>(ngroups),
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
arraysize(kern_proc_info_.kp_eproc.e_ucred.cr_groups));
|
|
|
|
|
|
|
|
|
|
const gid_t* groups = kern_proc_info_.kp_eproc.e_ucred.cr_groups;
|
|
|
|
|
return std::set<gid_t>(&groups[0], &groups[ngroups]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::set<gid_t> ProcessInfo::AllGroups() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
|
|
|
|
|
std::set<gid_t> all_groups = SupplementaryGroups();
|
|
|
|
|
all_groups.insert(RealGroupID());
|
|
|
|
|
all_groups.insert(EffectiveGroupID());
|
|
|
|
|
all_groups.insert(SavedGroupID());
|
|
|
|
|
return all_groups;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool ProcessInfo::DidChangePrivileges() const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
return kern_proc_info_.kp_proc.p_flag & P_SUGID;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-22 09:14:52 -07:00
|
|
|
|
bool ProcessInfo::Is64Bit() const {
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
2017-09-22 09:14:52 -07:00
|
|
|
|
return kern_proc_info_.kp_proc.p_flag & P_LP64;
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
}
|
|
|
|
|
|
2017-03-15 00:09:28 -04:00
|
|
|
|
bool ProcessInfo::StartTime(timeval* start_time) const {
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
*start_time = kern_proc_info_.kp_proc.p_starttime;
|
2017-03-15 00:09:28 -04:00
|
|
|
|
return true;
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool ProcessInfo::Arguments(std::vector<std::string>* argv) const {
|
|
|
|
|
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
|
|
|
|
|
|
|
|
|
// The format of KERN_PROCARGS2 is explained in 10.9.2 adv_cmds-153/ps/print.c
|
|
|
|
|
// getproclline(). It is an int (argc) followed by the executable’s string
|
|
|
|
|
// area. The string area consists of NUL-terminated strings, beginning with
|
|
|
|
|
// the executable path, and then starting on an aligned boundary, all of the
|
|
|
|
|
// elements of argv, envp, and applev.
|
|
|
|
|
|
|
|
|
|
// It is possible for a process to exec() in between the two sysctl() calls
|
|
|
|
|
// below. If that happens, and the string area of the new program is larger
|
|
|
|
|
// than that of the old one, args_size_estimate will be too small. To detect
|
|
|
|
|
// this situation, the second sysctl() attempts to fetch args_size_estimate +
|
|
|
|
|
// 1 bytes, expecting to only receive args_size_estimate. If it gets the extra
|
|
|
|
|
// byte, it indicates that the string area has grown, and the sysctl() pair
|
|
|
|
|
// will be retried a limited number of times.
|
|
|
|
|
|
|
|
|
|
size_t args_size_estimate;
|
|
|
|
|
size_t args_size;
|
|
|
|
|
std::string args;
|
|
|
|
|
int tries = 3;
|
|
|
|
|
const pid_t pid = ProcessID();
|
|
|
|
|
do {
|
|
|
|
|
int mib[] = {CTL_KERN, KERN_PROCARGS2, pid};
|
|
|
|
|
int rv =
|
|
|
|
|
sysctl(mib, arraysize(mib), nullptr, &args_size_estimate, nullptr, 0);
|
|
|
|
|
if (rv != 0) {
|
|
|
|
|
PLOG(ERROR) << "sysctl (size) for pid " << pid;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
args_size = args_size_estimate + 1;
|
|
|
|
|
args.resize(args_size);
|
|
|
|
|
rv = sysctl(mib, arraysize(mib), &args[0], &args_size, nullptr, 0);
|
|
|
|
|
if (rv != 0) {
|
|
|
|
|
PLOG(ERROR) << "sysctl (data) for pid " << pid;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
} while (args_size == args_size_estimate + 1 && tries--);
|
|
|
|
|
|
|
|
|
|
if (args_size == args_size_estimate + 1) {
|
|
|
|
|
LOG(ERROR) << "unexpected args_size";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// KERN_PROCARGS2 needs to at least contain argc.
|
|
|
|
|
if (args_size < sizeof(int)) {
|
|
|
|
|
LOG(ERROR) << "tiny args_size";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
args.resize(args_size);
|
|
|
|
|
|
|
|
|
|
// Get argc.
|
|
|
|
|
int argc;
|
|
|
|
|
memcpy(&argc, &args[0], sizeof(argc));
|
|
|
|
|
|
|
|
|
|
// Find the end of the executable path.
|
|
|
|
|
size_t start_pos = sizeof(argc);
|
|
|
|
|
size_t nul_pos = args.find('\0', start_pos);
|
|
|
|
|
if (nul_pos == std::string::npos) {
|
|
|
|
|
LOG(ERROR) << "unterminated executable path";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Find the beginning of the string area.
|
|
|
|
|
start_pos = args.find_first_not_of('\0', nul_pos);
|
|
|
|
|
if (start_pos == std::string::npos) {
|
|
|
|
|
LOG(ERROR) << "no string area";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::vector<std::string> local_argv;
|
|
|
|
|
while (argc-- && nul_pos != std::string::npos) {
|
|
|
|
|
nul_pos = args.find('\0', start_pos);
|
|
|
|
|
local_argv.push_back(args.substr(start_pos, nul_pos - start_pos));
|
|
|
|
|
start_pos = nul_pos + 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (argc >= 0) {
|
|
|
|
|
// Not every argument was recovered.
|
|
|
|
|
LOG(ERROR) << "did not recover all arguments";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
argv->swap(local_argv);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} // namespace crashpad
|