From 2ea5feb35b6703087f1a46eb83beb8126997e048 Mon Sep 17 00:00:00 2001
From: "Tobias C. Berner" <tcberner@gmail.com>
Date: Tue, 10 May 2016 08:49:58 +0200
Subject: [PATCH] Disallow ptrace on greeter and kwin_wayland process on
 FreeBSD [... for the future]

Summary:
Similar to[[ https://phabricator.kde.org/D1216 |  D1216 ]] add procctl call to disable ptrace on FreeBSD.

We cannot do the procfs-lookup to check whether the process is already being run inside gdb -- however, on FreeBSD, we could use the P_TRACED flag of the process to figure this out:
> sys/proc.h:#define P_TRACED        0x00800 /* Debugged process being traced. */

And the code would look something similar to

```
    pid_t pid = getpid();
    struct procstat *prstat = procstat_open_sysctl();
    struct kinfo_proc *procinfo;
    unsigned int cnt;
    procinfo = procstat_getprocs(prstat, KERN_PROC_PID, pid, &cnt);
    long p_flags = procinfo->ki_flag;
    int p_traced = p_flags & P_TRACED;
    if (p_traced != P_TRACED) {
        mode = PROC_TRACE_CTL_DISABLE;
        procctl(P_PID, getpid(), PROC_TRACE_CTL, &mode);
    }
    procstat_freeprocs(prstat,procinfo);
    procstat_close(prstat);
```

But as wayland is [far] in the future on FreeBSD, and that check above is a bit lengthy, I think it is enough if we add it once it is needed.

Reviewers: rakuco, graesslin

Reviewed By: graesslin

Subscribers: plasma-devel

Projects: #plasma

Differential Revision: https://phabricator.kde.org/D1425
---
 CMakeLists.txt      |  9 ++++++++-
 config-kwin.h.cmake |  2 ++
 main_wayland.cpp    | 12 ++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 39c35a232c..0cfff39667 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -300,7 +300,14 @@ check_include_files(malloc.h HAVE_MALLOC_H)
 
 check_include_file("sys/prctl.h" HAVE_SYS_PRCTL_H)
 check_symbol_exists(PR_SET_DUMPABLE "sys/prctl.h" HAVE_PR_SET_DUMPABLE)
-add_feature_info("prctl-dumpable" HAVE_PR_SET_DUMPABLE "Required for disallow ptrace on kwin_wayland process")
+check_include_file("sys/procctl.h" HAVE_SYS_PROCCTL_H)
+check_symbol_exists(PROC_TRACE_CTL "sys/procctl.h" HAVE_PROC_TRACE_CTL)
+if (HAVE_PR_SET_DUMPABLE OR HAVE_PROC_TRACE_CTL)
+    set(CAN_DISABLE_PTRACE TRUE)
+endif()
+add_feature_info("prctl/procctl tracing control"
+                 CAN_DISABLE_PTRACE
+                 "Required for disallowing ptrace on kwin_wayland process")
 
 configure_file(config-kwin.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config-kwin.h )
 
diff --git a/config-kwin.h.cmake b/config-kwin.h.cmake
index c7d741795e..88c9a03873 100644
--- a/config-kwin.h.cmake
+++ b/config-kwin.h.cmake
@@ -17,6 +17,8 @@
 #cmakedefine01 HAVE_WAYLAND_EGL
 #cmakedefine01 HAVE_SYS_PRCTL_H
 #cmakedefine01 HAVE_PR_SET_DUMPABLE
+#cmakedefine01 HAVE_SYS_PROCCTL_H
+#cmakedefine01 HAVE_PROC_TRACE_CTL
 #cmakedefine01 HAVE_BREEZE_DECO
 #if HAVE_BREEZE_DECO
 #define BREEZE_KDECORATION_PLUGIN_ID "${BREEZE_KDECORATION_PLUGIN_ID}"
diff --git a/main_wayland.cpp b/main_wayland.cpp
index 7d3b71a6b9..add8013a2a 100644
--- a/main_wayland.cpp
+++ b/main_wayland.cpp
@@ -56,6 +56,10 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #if HAVE_SYS_PRCTL_H
 #include <sys/prctl.h>
 #endif
+#if HAVE_SYS_PROCCTL_H
+#include <unistd.h>
+#include <sys/procctl.h>
+#endif
 
 #include <iostream>
 #include <iomanip>
@@ -403,6 +407,14 @@ static void disablePtrace()
     // disable ptrace in kwin_wayland
     prctl(PR_SET_DUMPABLE, 0);
 #endif
+#if HAVE_PROC_TRACE_CTL
+    // FreeBSD's rudimentary procfs does not support /proc/<pid>/exe
+    // We could use the P_TRACED flag of the process to find out
+    // if the process is being debugged ond FreeBSD.
+    int mode = PROC_TRACE_CTL_DISABLE;
+    procctl(P_PID, getpid(), PROC_TRACE_CTL, &mode);
+#endif
+
 }
 
 } // namespace