[Midnightbsd-cvs] [MidnightBSD/src] ecb2af: prowld: validate MAINPID= against process ancestry...
Lucas Holt
noreply at github.com
Sun Apr 19 00:07:15 EDT 2026
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: ecb2afbcf3446e9fe151c3819fa9cc9a2cc2c55f
https://github.com/MidnightBSD/src/commit/ecb2afbcf3446e9fe151c3819fa9cc9a2cc2c55f
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M sbin/prowld/supervisor.c
Log Message:
-----------
prowld: validate MAINPID= against process ancestry and UID before accepting
Any process that can write to the notify socket could send MAINPID=<pid>
to redirect prowld's stop/watchdog signals onto an arbitrary process,
including privileged ones.
Add mainpid_valid() which uses sysctl(KERN_PROC_PID) to enforce three
conditions before accepting a MAINPID update:
1. The candidate PID must exist in the kernel process table.
2. Its effective UID must match the job's configured run user
(or root when no user is configured).
3. It must be a descendant of the currently tracked service PID,
verified by walking ki_ppid up to MAX_PPID_DEPTH (32) hops.
A rejected MAINPID= is logged at LOG_WARNING with the reason; the
existing tracked PID is left unchanged.
Add sys/param.h, sys/sysctl.h, and sys/user.h includes required for
kinfo_proc and KERN_PROC_PID.
AI-Assisted-by: Claude Sonnet 4.6
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list