diff options
| author | Anton Lindqvist <anton@basename.se> | 2021-02-26 09:08:40 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2021-02-26 10:33:39 +0100 |
| commit | 9a8edab7d70628a31db73d3469f5b94a12d96068 (patch) | |
| tree | fce22834df82296810df837f14d8d76c4478ad9d /sys/openbsd | |
| parent | 76f7fc952d5c6a94c61aa2628568ffddb533272a (diff) | |
sys/openbsd: neutralize sysctl kern.maxproc
Yet another root only knob that can cause the syz-execprog process to
run out of resources[1].
[1] https://syzkaller.appspot.com/bug?id=39e86177b5ccebb26f3dd60ab2bf261d40e485d7
Diffstat (limited to 'sys/openbsd')
| -rw-r--r-- | sys/openbsd/init.go | 9 | ||||
| -rw-r--r-- | sys/openbsd/init_test.go | 5 |
2 files changed, 14 insertions, 0 deletions
diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go index e90ffb115..8eb9a726a 100644 --- a/sys/openbsd/init.go +++ b/sys/openbsd/init.go @@ -19,6 +19,7 @@ func InitTarget(target *prog.Target) { DIOCCLRSTATES: target.GetConst("DIOCCLRSTATES"), DIOCKILLSTATES: target.GetConst("DIOCKILLSTATES"), KERN_MAXCLUSTERS: target.GetConst("KERN_MAXCLUSTERS"), + KERN_MAXPROC: target.GetConst("KERN_MAXPROC"), KERN_MAXTHREAD: target.GetConst("KERN_MAXTHREAD"), KERN_WITNESS: target.GetConst("KERN_WITNESS"), S_IFCHR: target.GetConst("S_IFCHR"), @@ -40,6 +41,7 @@ type arch struct { DIOCCLRSTATES uint64 DIOCKILLSTATES uint64 KERN_MAXCLUSTERS uint64 + KERN_MAXPROC uint64 KERN_MAXTHREAD uint64 KERN_WITNESS uint64 S_IFCHR uint64 @@ -242,6 +244,13 @@ func (arch *arch) neutralizeSysctlKern(mib []*prog.ConstArg) bool { return true } + // Do not fiddle with root only knob kern.maxproc, can cause the + // syz-execprog to run out of resources. + if len(mib) >= 2 && + mib[0].Val == arch.CTL_KERN && mib[1].Val == arch.KERN_MAXPROC { + return true + } + // Do not fiddle with root only knob kern.maxthread, can cause the // syz-execprog process to panic. if len(mib) >= 2 && diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go index 2a9ed640c..d97c5e49e 100644 --- a/sys/openbsd/init_test.go +++ b/sys/openbsd/init_test.go @@ -89,6 +89,11 @@ func TestNeutralize(t *testing.T) { Out: `sysctl$kern(&(0x7f0000cc0ff0)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x0)`, }, { + // Test for sysctl kern.maxproc. + In: `sysctl$kern(&(0x7f0000000300)={0x1, 0x6}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`, + Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`, + }, + { // Test for sysctl kern.maxthread. In: `sysctl$kern(&(0x7f0000000300)={0x1, 0x19}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`, Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`, |