Kernel: Move select Process members into protected memory

Process member variable like m_euid are very valuable targets for
kernel exploits and until now they have been writable at all times.

This patch moves m_euid along with a whole bunch of other members
into a new Process::ProtectedData struct. This struct is remapped
as read-only memory whenever we don't need to write to it.

This means that a kernel write primitive is no longer enough to
overwrite a process's effective UID, you must first unprotect the
protected data where the UID is stored. :^)

1 files changed, 2 insertions, 2 deletions

diff --git a/Kernel/Syscalls/profiling.cpp b/Kernel/Syscalls/profiling.cpp
index 01001fe161..62aa46a443 100644
--- a/Kernel/Syscalls/profiling.cpp
+++ b/Kernel/Syscalls/profiling.cpp
@@ -57,7 +57,7 @@ KResultOr<int> Process::sys$profiling_enable(pid_t pid)
         return ESRCH;
     if (process->is_dead())
         return ESRCH;
-    if (!is_superuser() && process->uid() != m_euid)
+    if (!is_superuser() && process->uid() != euid())
         return EPERM;
     if (!process->create_perf_events_buffer_if_needed())
         return ENOMEM;
@@ -79,7 +79,7 @@ KResultOr<int> Process::sys$profiling_disable(pid_t pid)
     auto process = Process::from_pid(pid);
     if (!process)
         return ESRCH;
-    if (!is_superuser() && process->uid() != m_euid)
+    if (!is_superuser() && process->uid() != euid())
         return EPERM;
     if (!process->is_profiling())
         return EINVAL;