CVS commit: src/distrib/notes/common
Module Name:src Committed By: elad Date: Thu Oct 17 02:58:56 UTC 2013 Modified Files: src/distrib/notes/common: main Log Message: Readd myself. To generate a diff of this commit: cvs rdiff -u -r1.497 -r1.498 src/distrib/notes/common/main Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/notes/common/main diff -u src/distrib/notes/common/main:1.497 src/distrib/notes/common/main:1.498 --- src/distrib/notes/common/main:1.497 Wed Aug 28 15:39:30 2013 +++ src/distrib/notes/common/main Thu Oct 17 02:58:56 2013 @@ -1,4 +1,4 @@ -.\ $NetBSD: main,v 1.497 2013/08/28 15:39:30 slp Exp $ +.\ $NetBSD: main,v 1.498 2013/10/17 02:58:56 elad Exp $ .\ .\ Copyright (c) 1999-2012 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -1166,6 +1166,7 @@ If you're one of them, and would like to .It Ta Emmanuel Dreyfus Ta Mt m...@netbsd.org .It Ta Matthias Drochner Ta Mt droch...@netbsd.org .It Ta Jun Ebihara Ta Mt j...@netbsd.org +.It Ta Elad Efrat Ta Mt e...@netbsd.org .It Ta H\(oavard Eidnes Ta Mt h...@netbsd.org .It Ta Jaime A Fournier Ta Mt o...@netbsd.org .It Ta Stoned Elipot Ta Mt s...@netbsd.org
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Tue Mar 13 18:36:49 UTC 2012 Modified Files: src/sys/kern: kern_auth.c Log Message: Remove TNF license. To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.67 src/sys/kern/kern_auth.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_auth.c diff -u src/sys/kern/kern_auth.c:1.66 src/sys/kern/kern_auth.c:1.67 --- src/sys/kern/kern_auth.c:1.66 Sun Dec 4 19:24:58 2011 +++ src/sys/kern/kern_auth.c Tue Mar 13 18:36:49 2012 @@ -1,30 +1,4 @@ -/* $NetBSD: kern_auth.c,v 1.66 2011/12/04 19:24:58 jym Exp $ */ - -/*- - * Copyright (c) 2006, 2007 The NetBSD Foundation, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - *notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - *notice, this list of conditions and the following disclaimer in the - *documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ +/* $NetBSD: kern_auth.c,v 1.67 2012/03/13 18:36:49 elad Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org @@ -54,7 +28,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_auth.c,v 1.66 2011/12/04 19:24:58 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_auth.c,v 1.67 2012/03/13 18:36:49 elad Exp $); #include sys/types.h #include sys/param.h
CVS commit: src/sys/sys
Module Name:src Committed By: elad Date: Tue Mar 13 18:50:42 UTC 2012 Modified Files: src/sys/sys: param.h Log Message: 6.99.4 To generate a diff of this commit: cvs rdiff -u -r1.411 -r1.412 src/sys/sys/param.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/sys/param.h diff -u src/sys/sys/param.h:1.411 src/sys/sys/param.h:1.412 --- src/sys/sys/param.h:1.411 Sun Feb 19 21:06:58 2012 +++ src/sys/sys/param.h Tue Mar 13 18:50:41 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: param.h,v 1.411 2012/02/19 21:06:58 rmind Exp $ */ +/* $NetBSD: param.h,v 1.412 2012/03/13 18:50:41 elad Exp $ */ /*- * Copyright (c) 1982, 1986, 1989, 1993 @@ -63,7 +63,7 @@ * 2.99.9 (299000900) */ -#define __NetBSD_Version__ 699000300 /* NetBSD 6.99.3 */ +#define __NetBSD_Version__ 699000400 /* NetBSD 6.99.4 */ #define __NetBSD_Prereq__(M,m,p) (M) * 1) + \ (m) * 100) + (p) * 100) = __NetBSD_Version__)
CVS commit: src/sys/dist/pf/net
Module Name:src Committed By: elad Date: Wed Dec 30 16:49:03 UTC 2009 Modified Files: src/sys/dist/pf/net: pf.c Log Message: Use the right member to store gid in the non-NetBSD case. Pointed out by uebayasi@ and cegger@, thanks! To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.58 src/sys/dist/pf/net/pf.c:1.59 --- src/sys/dist/pf/net/pf.c:1.58 Wed Dec 30 07:00:01 2009 +++ src/sys/dist/pf/net/pf.c Wed Dec 30 16:49:02 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.58 2009/12/30 07:00:01 elad Exp $ */ +/* $NetBSD: pf.c,v 1.59 2009/12/30 16:49:02 elad Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: pf.c,v 1.58 2009/12/30 07:00:01 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: pf.c,v 1.59 2009/12/30 16:49:02 elad Exp $); #include bpfilter.h #include pflog.h @@ -2829,7 +2829,7 @@ #else so = inp-inp_socket; pd-lookup.uid = so-so_euid; - pd-lookup.uid = so-so_egid; + pd-lookup.gid = so-so_egid; #endif /* !__NetBSD__ */ pd-lookup.pid = so-so_cpid; return (1);
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Wed Dec 30 18:33:53 UTC 2009 Modified Files: src/sys/kern: uipc_socket2.c Log Message: Always use resource limits from the process, as proposed in http://mail-index.netbsd.org/tech-kern/2009/12/30/msg006756.html okay chris...@. To generate a diff of this commit: cvs rdiff -u -r1.104 -r1.105 src/sys/kern/uipc_socket2.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_socket2.c diff -u src/sys/kern/uipc_socket2.c:1.104 src/sys/kern/uipc_socket2.c:1.105 --- src/sys/kern/uipc_socket2.c:1.104 Wed Sep 2 14:56:57 2009 +++ src/sys/kern/uipc_socket2.c Wed Dec 30 18:33:53 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_socket2.c,v 1.104 2009/09/02 14:56:57 tls Exp $ */ +/* $NetBSD: uipc_socket2.c,v 1.105 2009/12/30 18:33:53 elad Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -58,7 +58,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_socket2.c,v 1.104 2009/09/02 14:56:57 tls Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_socket2.c,v 1.105 2009/12/30 18:33:53 elad Exp $); #include opt_mbuftrace.h #include opt_sb_max.h @@ -597,10 +597,7 @@ if (cc == 0 || cc sb_max_adj) return (0); - if (kauth_cred_geteuid(l-l_cred) == so-so_uidinfo-ui_uid) - maxcc = l-l_proc-p_rlimit[RLIMIT_SBSIZE].rlim_cur; - else - maxcc = RLIM_INFINITY; + maxcc = l-l_proc-p_rlimit[RLIMIT_SBSIZE].rlim_cur; uidinfo = so-so_uidinfo; if (!chgsbsize(uidinfo, sb-sb_hiwat, cc, maxcc))
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Wed Dec 30 18:57:17 UTC 2009
Modified Files:
src/sys/kern: subr_pool.c
src/sys/sys: pool.h
Log Message:
Turn PA_INITIALIZED to a reference count for the pool allocator, and once
it drops to zero destroy the mutex we initialize. This fixes the problem
mentioned in
http://mail-index.netbsd.org/tech-kern/2009/12/28/msg006727.html
Also remove pa_flags now that it's no longer needed.
Idea from matt@, okay m...@.
To generate a diff of this commit:
cvs rdiff -u -r1.177 -r1.178 src/sys/kern/subr_pool.c
cvs rdiff -u -r1.67 -r1.68 src/sys/sys/pool.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/subr_pool.c
diff -u src/sys/kern/subr_pool.c:1.177 src/sys/kern/subr_pool.c:1.178
--- src/sys/kern/subr_pool.c:1.177 Tue Oct 20 17:24:22 2009
+++ src/sys/kern/subr_pool.c Wed Dec 30 18:57:17 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_pool.c,v 1.177 2009/10/20 17:24:22 jym Exp $ */
+/* $NetBSD: subr_pool.c,v 1.178 2009/12/30 18:57:17 elad Exp $ */
/*-
* Copyright (c) 1997, 1999, 2000, 2002, 2007, 2008 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: subr_pool.c,v 1.177 2009/10/20 17:24:22 jym Exp $);
+__KERNEL_RCSID(0, $NetBSD: subr_pool.c,v 1.178 2009/12/30 18:57:17 elad Exp $);
#include opt_ddb.h
#include opt_pool.h
@@ -104,6 +104,9 @@
static kmutex_t pool_head_lock;
static kcondvar_t pool_busy;
+/* This lock protects initialization of a potentially shared pool allocator */
+static kmutex_t pool_allocator_lock;
+
typedef uint32_t pool_item_bitmap_t;
#define BITMAP_SIZE (CHAR_BIT * sizeof(pool_item_bitmap_t))
#define BITMAP_MASK (BITMAP_SIZE - 1)
@@ -604,6 +607,8 @@
pool_init(cache_cpu_pool, sizeof(pool_cache_cpu_t), coherency_unit,
0, 0, pcachecpu, pool_allocator_nointr, IPL_NONE);
+
+ mutex_init(pool_allocator_lock, MUTEX_DEFAULT, IPL_NONE);
}
/*
@@ -650,7 +655,8 @@
palloc = pool_allocator_nointr_fullpage;
}
#endif /* POOL_SUBPAGE */
- if ((palloc-pa_flags PA_INITIALIZED) == 0) {
+ mutex_enter(pool_allocator_lock);
+ if (palloc-pa_refcnt++ == 0) {
if (palloc-pa_pagesz == 0)
palloc-pa_pagesz = PAGE_SIZE;
@@ -663,8 +669,8 @@
if (palloc-pa_backingmapptr != NULL) {
pa_reclaim_register(palloc);
}
- palloc-pa_flags |= PA_INITIALIZED;
}
+ mutex_exit(pool_allocator_lock);
if (align == 0)
align = ALIGN(1);
@@ -892,6 +898,11 @@
TAILQ_REMOVE(pp-pr_alloc-pa_list, pp, pr_alloc_list);
mutex_exit(pp-pr_alloc-pa_lock);
+ mutex_enter(pool_allocator_lock);
+ if (--pp-pr_alloc-pa_refcnt == 0)
+ mutex_destroy(pp-pr_alloc-pa_lock);
+ mutex_exit(pool_allocator_lock);
+
mutex_enter(pp-pr_lock);
KASSERT(pp-pr_cache == NULL);
Index: src/sys/sys/pool.h
diff -u src/sys/sys/pool.h:1.67 src/sys/sys/pool.h:1.68
--- src/sys/sys/pool.h:1.67 Thu Oct 15 20:50:12 2009
+++ src/sys/sys/pool.h Wed Dec 30 18:57:16 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: pool.h,v 1.67 2009/10/15 20:50:12 thorpej Exp $ */
+/* $NetBSD: pool.h,v 1.68 2009/12/30 18:57:16 elad Exp $ */
/*-
* Copyright (c) 1997, 1998, 1999, 2000, 2007 The NetBSD Foundation, Inc.
@@ -63,8 +63,7 @@
/* The following fields are for internal use only. */
kmutex_t pa_lock;
TAILQ_HEAD(, pool) pa_list; /* list of pools using this allocator */
- int pa_flags;
-#define PA_INITIALIZED 0x01
+ uint32_t pa_refcnt; /* number of pools using this allocator */
int pa_pagemask;
int pa_pageshift;
struct vm_map *pa_backingmap;
CVS commit: src/sys/netinet6
Module Name:src
Committed By: elad
Date: Wed Dec 30 23:23:58 UTC 2009
Modified Files:
src/sys/netinet6: ipsec.c
Log Message:
Collapse identical switch cases.
To generate a diff of this commit:
cvs rdiff -u -r1.142 -r1.143 src/sys/netinet6/ipsec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/ipsec.c
diff -u src/sys/netinet6/ipsec.c:1.142 src/sys/netinet6/ipsec.c:1.143
--- src/sys/netinet6/ipsec.c:1.142 Thu May 7 21:51:47 2009
+++ src/sys/netinet6/ipsec.c Wed Dec 30 23:23:58 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.142 2009/05/07 21:51:47 elad Exp $ */
+/* $NetBSD: ipsec.c,v 1.143 2009/12/30 23:23:58 elad Exp $ */
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ipsec.c,v 1.142 2009/05/07 21:51:47 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: ipsec.c,v 1.143 2009/12/30 23:23:58 elad Exp $);
#include opt_inet.h
#include opt_ipsec.h
@@ -482,6 +482,7 @@
if (pcbsp-priv) {
switch (currsp-policy) {
case IPSEC_POLICY_BYPASS:
+ case IPSEC_POLICY_IPSEC:
currsp-refcnt++;
*error = 0;
ipsec_fillpcbcache(pcbsp, m, currsp, dir);
@@ -506,12 +507,6 @@
ipsec_fillpcbcache(pcbsp, m, ip4_def_policy, dir);
return ip4_def_policy;
- case IPSEC_POLICY_IPSEC:
- currsp-refcnt++;
- *error = 0;
- ipsec_fillpcbcache(pcbsp, m, currsp, dir);
- return currsp;
-
default:
ipseclog((LOG_ERR, ipsec4_getpolicybysock:
Invalid policy for PCB %d\n, currsp-policy));
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Thu Dec 31 02:20:37 UTC 2009 Modified Files: src/sys/kern: kern_auth.c Log Message: Tiny cosmetics... To generate a diff of this commit: cvs rdiff -u -r1.64 -r1.65 src/sys/kern/kern_auth.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_auth.c diff -u src/sys/kern/kern_auth.c:1.64 src/sys/kern/kern_auth.c:1.65 --- src/sys/kern/kern_auth.c:1.64 Thu Sep 3 04:45:27 2009 +++ src/sys/kern/kern_auth.c Thu Dec 31 02:20:36 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_auth.c,v 1.64 2009/09/03 04:45:27 elad Exp $ */ +/* $NetBSD: kern_auth.c,v 1.65 2009/12/31 02:20:36 elad Exp $ */ /*- * Copyright (c) 2006, 2007 The NetBSD Foundation, Inc. @@ -54,7 +54,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_auth.c,v 1.64 2009/09/03 04:45:27 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_auth.c,v 1.65 2009/12/31 02:20:36 elad Exp $); #include sys/types.h #include sys/param.h @@ -65,7 +65,7 @@ #include sys/kauth.h #include sys/kmem.h #include sys/rwlock.h -#include sys/sysctl.h /* for pi_[p]cread */ +#include sys/sysctl.h #include sys/atomic.h #include sys/specificdata.h #include sys/vnode.h @@ -149,6 +149,7 @@ static specificdata_domain_t kauth_domain; static pool_cache_t kauth_cred_cache; + krwlock_t kauth_lock; /* Allocate new, empty kauth credentials. */
CVS commit: src/etc/rc.d
Module Name:src Committed By: elad Date: Tue Dec 29 17:06:11 UTC 2009 Modified Files: src/etc/rc.d: securelevel Log Message: Securelevel might not be present, properly complain instead of printing error messages from sysctl(8). To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/etc/rc.d/securelevel Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/etc/rc.d/securelevel diff -u src/etc/rc.d/securelevel:1.7 src/etc/rc.d/securelevel:1.8 --- src/etc/rc.d/securelevel:1.7 Wed Nov 12 12:35:52 2008 +++ src/etc/rc.d/securelevel Tue Dec 29 17:06:10 2009 @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: securelevel,v 1.7 2008/11/12 12:35:52 ad Exp $ +# $NetBSD: securelevel,v 1.8 2009/12/29 17:06:10 elad Exp $ # # PROVIDE: securelevel @@ -19,7 +19,12 @@ # it is 0, change it to 1 here, before we start daemons # or login services. # - osecurelevel=$(sysctl -n kern.securelevel) + osecurelevel=$(sysctl -n kern.securelevel 2-) + if [ $? != 0 ]; then + echo Can't set securelevel. (kern.securelevel sysctl not present.) + exit 1 + fi + if [ -n $securelevel -a $securelevel != $osecurelevel ]; then if [ $securelevel -lt $osecurelevel ]; then echo Can't lower securelevel.
CVS commit: src/sys/kern
Module Name:src
Committed By: elad
Date: Tue Dec 29 17:49:22 UTC 2009
Modified Files:
src/sys/kern: kern_module.c
Log Message:
Move the listener plugging to module_init(), as it runs after kauth_init()
now. (Leaving only the module kthread creation in module_init2().)
To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 src/sys/kern/kern_module.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_module.c
diff -u src/sys/kern/kern_module.c:1.54 src/sys/kern/kern_module.c:1.55
--- src/sys/kern/kern_module.c:1.54 Wed Nov 18 17:40:45 2009
+++ src/sys/kern/kern_module.c Tue Dec 29 17:49:21 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_module.c,v 1.54 2009/11/18 17:40:45 pooka Exp $ */
+/* $NetBSD: kern_module.c,v 1.55 2009/12/29 17:49:21 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_module.c,v 1.54 2009/11/18 17:40:45 pooka Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_module.c,v 1.55 2009/12/29 17:49:21 elad Exp $);
#define _MODULE_INTERNAL
@@ -137,6 +137,23 @@
}
}
+static int
+module_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+
+ if (action != KAUTH_SYSTEM_MODULE)
+ return result;
+
+ if ((uintptr_t)arg2 != 0) /* autoload */
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
/*
* module_init:
*
@@ -165,23 +182,9 @@
machine, __NetBSD_Version__ / 1,
__NetBSD_Version__ / 100 % 100);
#endif
-}
-
-static int
-module_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
-void *arg0, void *arg1, void *arg2, void *arg3)
-{
- int result;
-
- result = KAUTH_RESULT_DEFER;
-
- if (action != KAUTH_SYSTEM_MODULE)
- return result;
- if ((uintptr_t)arg2 != 0) /* autoload */
- result = KAUTH_RESULT_ALLOW;
-
- return result;
+ module_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+ module_listener_cb, NULL);
}
/*
@@ -198,9 +201,6 @@
NULL, NULL, modunload);
if (error != 0)
panic(module_init: %d, error);
-
- module_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
- module_listener_cb, NULL);
}
SYSCTL_SETUP(sysctl_module_setup, sysctl module setup)
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Tue Dec 29 20:21:46 UTC 2009
Modified Files:
src/sys/arch/amiga/stand/bootblock/boot: Makefile
src/sys/arch/amiga/stand/bootblock/bootxx_ffs: Makefile
src/sys/arch/amiga/stand/bootblock/ppcboot: Makefile
src/sys/arch/next68k/stand/boot: Makefile
src/sys/lib/libsa: exec.c
Log Message:
Don't abuse INSECURE for allowing exec() to load files not owned by uid 0.
Adjust references where this has been used.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 src/sys/arch/amiga/stand/bootblock/boot/Makefile
cvs rdiff -u -r1.11 -r1.12 \
src/sys/arch/amiga/stand/bootblock/bootxx_ffs/Makefile
cvs rdiff -u -r1.6 -r1.7 src/sys/arch/amiga/stand/bootblock/ppcboot/Makefile
cvs rdiff -u -r1.22 -r1.23 src/sys/arch/next68k/stand/boot/Makefile
cvs rdiff -u -r1.27 -r1.28 src/sys/lib/libsa/exec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amiga/stand/bootblock/boot/Makefile
diff -u src/sys/arch/amiga/stand/bootblock/boot/Makefile:1.40 src/sys/arch/amiga/stand/bootblock/boot/Makefile:1.41
--- src/sys/arch/amiga/stand/bootblock/boot/Makefile:1.40 Sat Oct 17 11:18:17 2009
+++ src/sys/arch/amiga/stand/bootblock/boot/Makefile Tue Dec 29 20:21:45 2009
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.40 2009/10/17 11:18:17 mlelstv Exp $
+# $NetBSD: Makefile,v 1.41 2009/12/29 20:21:45 elad Exp $
.include bsd.sys.mk # for HOST_SH
@@ -48,8 +48,8 @@
OBJS= $(SOBJS) $(COBJS)
-#XX#DEFS = -D_STANDALONE -DINSECURE -DDYNAMIC_CRC_TABLE -DNOBYFOUR -UBYFOUR
-DEFS = -D_STANDALONE -DINSECURE
+#XX#DEFS = -D_STANDALONE -DSA_EXEC_ANYOWNER -DDYNAMIC_CRC_TABLE -DNOBYFOUR -UBYFOUR
+DEFS = -D_STANDALONE -DSA_EXEC_ANYOWNER
DEFS += -D__INTERNAL_LIBSA_CREAD
#DEFS += -DSERCONSOLE
SOBJS += cread.o
Index: src/sys/arch/amiga/stand/bootblock/bootxx_ffs/Makefile
diff -u src/sys/arch/amiga/stand/bootblock/bootxx_ffs/Makefile:1.11 src/sys/arch/amiga/stand/bootblock/bootxx_ffs/Makefile:1.12
--- src/sys/arch/amiga/stand/bootblock/bootxx_ffs/Makefile:1.11 Mon Jan 12 07:42:30 2009
+++ src/sys/arch/amiga/stand/bootblock/bootxx_ffs/Makefile Tue Dec 29 20:21:46 2009
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.11 2009/01/12 07:42:30 tsutsui Exp $
+# $NetBSD: Makefile,v 1.12 2009/12/29 20:21:46 elad Exp $
### what we need:
@@ -33,7 +33,7 @@
OBJS= $(SOBJS) $(COBJS)
-DEFS = -D_STANDALONE -DINSECURE -D_PRIMARY_BOOT
+DEFS = -D_STANDALONE -DSA_EXEC_ANYOWNER -D_PRIMARY_BOOT
.NOPATH: ${OBJS} x.out f.out libboot.a xxstart.o
Index: src/sys/arch/amiga/stand/bootblock/ppcboot/Makefile
diff -u src/sys/arch/amiga/stand/bootblock/ppcboot/Makefile:1.6 src/sys/arch/amiga/stand/bootblock/ppcboot/Makefile:1.7
--- src/sys/arch/amiga/stand/bootblock/ppcboot/Makefile:1.6 Sun Oct 19 22:05:21 2008
+++ src/sys/arch/amiga/stand/bootblock/ppcboot/Makefile Tue Dec 29 20:21:46 2009
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.6 2008/10/19 22:05:21 apb Exp $
+# $NetBSD: Makefile,v 1.7 2009/12/29 20:21:46 elad Exp $
### what we need:
@@ -28,7 +28,7 @@
OBJS= $(SOBJS) $(COBJS)
-DEFS = -DPPCBOOTER -D_STANDALONE -DINSECURE -DDEBUG_MEMORY_LIST
+DEFS = -DPPCBOOTER -D_STANDALONE -DSA_EXEC_ANYOWNER -DDEBUG_MEMORY_LIST
### main target: ###
Index: src/sys/arch/next68k/stand/boot/Makefile
diff -u src/sys/arch/next68k/stand/boot/Makefile:1.22 src/sys/arch/next68k/stand/boot/Makefile:1.23
--- src/sys/arch/next68k/stand/boot/Makefile:1.22 Mon Jan 12 07:47:47 2009
+++ src/sys/arch/next68k/stand/boot/Makefile Tue Dec 29 20:21:46 2009
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.22 2009/01/12 07:47:47 tsutsui Exp $
+# $NetBSD: Makefile,v 1.23 2009/12/29 20:21:46 elad Exp $
NOMAN= # defined
@@ -25,7 +25,7 @@
# XXX make defs arch-indep.
INCLUDES+= -I${.OBJDIR} -I${S}/arch -I${S} -I${S}/lib/libsa
DEFS+= -D_STANDALONE -DMC68040 -DSUPPORT_BOOTP -DSUPPORT_DHCP -DDEBUG -DSD_DEBUG -DSCSI_DEBUG # -DEN_DEBUG -DNETIF_DEBUG
-SAMISCCPPFLAGS= -DSUPPORT_DHCP -DSUPPORT_BOOTP -DINSECURE # -DBOOTP_DEBUG -DETHER_DEBUG -DNET_DEBUG # -DNETIF_DEBUG -DNFS_DEBUG -DARP_DEBUG
+SAMISCCPPFLAGS= -DSUPPORT_DHCP -DSUPPORT_BOOTP -DSA_EXEC_ANYOWNER # -DBOOTP_DEBUG -DETHER_DEBUG -DNET_DEBUG # -DNETIF_DEBUG -DNFS_DEBUG -DARP_DEBUG
WARNS=1
CFLAGS+= -ffreestanding -nostdinc ${INCLUDES} ${DEFS}
CFLAGS+= -Wall -Wmissing-prototypes -Wstrict-prototypes -Wpointer-arith
Index: src/sys/lib/libsa/exec.c
diff -u src/sys/lib/libsa/exec.c:1.27 src/sys/lib/libsa/exec.c:1.28
--- src/sys/lib/libsa/exec.c:1.27 Sun Aug 16 13:26:16 2009
+++ src/sys/lib/libsa/exec.c Tue Dec 29 20:21:46 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: exec.c,v 1.27 2009/08/16 13:26:16 matt Exp $ */
+/* $NetBSD: exec.c,v 1.28 2009/12/29 20:21:46 elad Exp $ */
/*-
* Copyright (c) 1982, 1986, 1990, 1993
@@ -29,13 +29,9 @@
* SUCH DAMAGE.
*/
-#ifdef _KERNEL_OPT
-#include opt_insecure.h
-#endif
-
#include sys/param.h
#include
CVS commit: src/sys/kern
Module Name:src
Committed By: elad
Date: Wed Dec 30 06:58:51 UTC 2009
Modified Files:
src/sys/kern: uipc_socket.c
Log Message:
Use credentials from the socket.
To generate a diff of this commit:
cvs rdiff -u -r1.198 -r1.199 src/sys/kern/uipc_socket.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_socket.c
diff -u src/sys/kern/uipc_socket.c:1.198 src/sys/kern/uipc_socket.c:1.199
--- src/sys/kern/uipc_socket.c:1.198 Tue Dec 29 04:23:43 2009
+++ src/sys/kern/uipc_socket.c Wed Dec 30 06:58:50 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_socket.c,v 1.198 2009/12/29 04:23:43 elad Exp $ */
+/* $NetBSD: uipc_socket.c,v 1.199 2009/12/30 06:58:50 elad Exp $ */
/*-
* Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.198 2009/12/29 04:23:43 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.199 2009/12/30 06:58:50 elad Exp $);
#include opt_compat_netbsd.h
#include opt_sock_counters.h
@@ -452,10 +452,8 @@
case KAUTH_REQ_NETWORK_SOCKET_DROP: {
/* Normal users can only drop their own connections. */
struct socket *so = (struct socket *)arg1;
- uid_t sockuid = so-so_uidinfo-ui_uid;
- if (sockuid == kauth_cred_getuid(cred) ||
- sockuid == kauth_cred_geteuid(cred))
+ if (proc_uidmatch(cred, so-so_cred))
result = KAUTH_RESULT_ALLOW;
break;
CVS commit: src/sys/netinet
Module Name:src
Committed By: elad
Date: Wed Dec 30 06:59:32 UTC 2009
Modified Files:
src/sys/netinet: tcp_usrreq.c
Log Message:
Get the uid from the socket's credentials.
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 src/sys/netinet/tcp_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/tcp_usrreq.c
diff -u src/sys/netinet/tcp_usrreq.c:1.157 src/sys/netinet/tcp_usrreq.c:1.158
--- src/sys/netinet/tcp_usrreq.c:1.157 Wed Sep 16 15:23:05 2009
+++ src/sys/netinet/tcp_usrreq.c Wed Dec 30 06:59:32 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_usrreq.c,v 1.157 2009/09/16 15:23:05 pooka Exp $ */
+/* $NetBSD: tcp_usrreq.c,v 1.158 2009/12/30 06:59:32 elad Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -95,7 +95,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: tcp_usrreq.c,v 1.157 2009/09/16 15:23:05 pooka Exp $);
+__KERNEL_RCSID(0, $NetBSD: tcp_usrreq.c,v 1.158 2009/12/30 06:59:32 elad Exp $);
#include opt_inet.h
#include opt_ipsec.h
@@ -1161,7 +1161,7 @@
int error;
uid_t uid;
- uid = sockp-so_uidinfo-ui_uid;
+ uid = kauth_cred_geteuid(sockp-so_cred);
if (oldp) {
sz = MIN(sizeof(uid), *oldlenp);
error = copyout(uid, oldp, sz);
CVS commit: src/sys/dist/pf/net
Module Name:src Committed By: elad Date: Wed Dec 30 07:00:01 UTC 2009 Modified Files: src/sys/dist/pf/net: pf.c Log Message: Get uid/gid from the socket's credentials. To generate a diff of this commit: cvs rdiff -u -r1.57 -r1.58 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.57 src/sys/dist/pf/net/pf.c:1.58 --- src/sys/dist/pf/net/pf.c:1.57 Mon Sep 14 10:36:49 2009 +++ src/sys/dist/pf/net/pf.c Wed Dec 30 07:00:01 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.57 2009/09/14 10:36:49 degroote Exp $ */ +/* $NetBSD: pf.c,v 1.58 2009/12/30 07:00:01 elad Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: pf.c,v 1.57 2009/09/14 10:36:49 degroote Exp $); +__KERNEL_RCSID(0, $NetBSD: pf.c,v 1.58 2009/12/30 07:00:01 elad Exp $); #include bpfilter.h #include pflog.h @@ -2824,12 +2824,13 @@ break; #endif /* INET6 */ } - pd-lookup.uid = so-so_uidinfo-ui_uid; + pd-lookup.uid = kauth_cred_geteuid(so-so_cred); + pd-lookup.gid = kauth_cred_getegid(so-so_cred); #else so = inp-inp_socket; pd-lookup.uid = so-so_euid; + pd-lookup.uid = so-so_egid; #endif /* !__NetBSD__ */ - pd-lookup.gid = so-so_egid; pd-lookup.pid = so-so_cpid; return (1); }
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Tue Dec 29 03:48:18 UTC 2009 Modified Files: src/sys/kern: uipc_socket.c Log Message: Remove commented-out code that should not have gone in. To generate a diff of this commit: cvs rdiff -u -r1.196 -r1.197 src/sys/kern/uipc_socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/uipc_socket.c diff -u src/sys/kern/uipc_socket.c:1.196 src/sys/kern/uipc_socket.c:1.197 --- src/sys/kern/uipc_socket.c:1.196 Sun Dec 20 09:36:06 2009 +++ src/sys/kern/uipc_socket.c Tue Dec 29 03:48:18 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_socket.c,v 1.196 2009/12/20 09:36:06 dsl Exp $ */ +/* $NetBSD: uipc_socket.c,v 1.197 2009/12/29 03:48:18 elad Exp $ */ /*- * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.196 2009/12/20 09:36:06 dsl Exp $); +__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.197 2009/12/29 03:48:18 elad Exp $); #include opt_compat_netbsd.h #include opt_sock_counters.h @@ -561,7 +561,6 @@ so-so_snd.sb_mowner = prp-pr_domain-dom_mowner; so-so_mowner = prp-pr_domain-dom_mowner; #endif - /* so-so_cred = kauth_cred_dup(l-l_cred); */ uid = kauth_cred_geteuid(l-l_cred); so-so_uidinfo = uid_find(uid); so-so_egid = kauth_cred_getegid(l-l_cred); @@ -704,7 +703,6 @@ /* Remove acccept filter if one is present. */ if (so-so_accf != NULL) (void)accept_filt_clear(so); - /* kauth_cred_free(so-so_cred); */ sounlock(so); if (refs == 0) /* XXX */ soput(so);
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Tue Dec 29 04:23:43 UTC 2009
Modified Files:
src/sys/kern: uipc_socket.c uipc_syscalls.c
src/sys/sys: socketvar.h
Log Message:
Add credentials to to sockets.
We don't need any deferred free etc. because we no longer free the
credentials in interrupt context.
Tons of help from matt@, thanks!
To generate a diff of this commit:
cvs rdiff -u -r1.197 -r1.198 src/sys/kern/uipc_socket.c
cvs rdiff -u -r1.138 -r1.139 src/sys/kern/uipc_syscalls.c
cvs rdiff -u -r1.123 -r1.124 src/sys/sys/socketvar.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_socket.c
diff -u src/sys/kern/uipc_socket.c:1.197 src/sys/kern/uipc_socket.c:1.198
--- src/sys/kern/uipc_socket.c:1.197 Tue Dec 29 03:48:18 2009
+++ src/sys/kern/uipc_socket.c Tue Dec 29 04:23:43 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_socket.c,v 1.197 2009/12/29 03:48:18 elad Exp $ */
+/* $NetBSD: uipc_socket.c,v 1.198 2009/12/29 04:23:43 elad Exp $ */
/*-
* Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.197 2009/12/29 03:48:18 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.198 2009/12/29 04:23:43 elad Exp $);
#include opt_compat_netbsd.h
#include opt_sock_counters.h
@@ -582,6 +582,7 @@
sofree(so);
return error;
}
+ so-so_cred = kauth_cred_dup(l-l_cred);
sounlock(so);
*aso = so;
return 0;
@@ -771,6 +772,7 @@
discard:
if (so-so_state SS_NOFDREF)
panic(soclose: NOFDREF);
+ kauth_cred_free(so-so_cred);
so-so_state |= SS_NOFDREF;
sofree(so);
return (error);
Index: src/sys/kern/uipc_syscalls.c
diff -u src/sys/kern/uipc_syscalls.c:1.138 src/sys/kern/uipc_syscalls.c:1.139
--- src/sys/kern/uipc_syscalls.c:1.138 Sun Dec 20 09:36:06 2009
+++ src/sys/kern/uipc_syscalls.c Tue Dec 29 04:23:43 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_syscalls.c,v 1.138 2009/12/20 09:36:06 dsl Exp $ */
+/* $NetBSD: uipc_syscalls.c,v 1.139 2009/12/29 04:23:43 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.138 2009/12/20 09:36:06 dsl Exp $);
+__KERNEL_RCSID(0, $NetBSD: uipc_syscalls.c,v 1.139 2009/12/29 04:23:43 elad Exp $);
#include opt_pipe.h
@@ -80,6 +80,7 @@
#include sys/un.h
#include sys/ktrace.h
#include sys/event.h
+#include sys/kauth.h
#include sys/mount.h
#include sys/syscallargs.h
@@ -228,9 +229,11 @@
fp2-f_ops = socketops;
fp2-f_data = so2;
error = soaccept(so2, nam);
+ so2-so_cred = kauth_cred_dup(so-so_cred);
sounlock(so);
if (error) {
/* an error occurred, free the file descriptor and mbuf */
+ kauth_cred_free(so2-so_cred);
m_freem(nam);
mutex_enter(fp2-f_lock);
fp2-f_count++;
Index: src/sys/sys/socketvar.h
diff -u src/sys/sys/socketvar.h:1.123 src/sys/sys/socketvar.h:1.124
--- src/sys/sys/socketvar.h:1.123 Sun Dec 20 09:36:06 2009
+++ src/sys/sys/socketvar.h Tue Dec 29 04:23:43 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: socketvar.h,v 1.123 2009/12/20 09:36:06 dsl Exp $ */
+/* $NetBSD: socketvar.h,v 1.124 2009/12/29 04:23:43 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -177,6 +177,7 @@
void *so_accept_filter_arg; /* saved filter args */
char *so_accept_filter_str; /* saved user args */
} *so_accf;
+ kauth_cred_t so_cred; /* socket credentials */
};
#define SB_EMPTY_FIXUP(sb) \
CVS commit: src/sys/sys
Module Name:src Committed By: elad Date: Tue Dec 29 04:24:32 UTC 2009 Modified Files: src/sys/sys: param.h Log Message: Changes to struct socket (added credentials) - 5.99.23. To generate a diff of this commit: cvs rdiff -u -r1.357 -r1.358 src/sys/sys/param.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/sys/param.h diff -u src/sys/sys/param.h:1.357 src/sys/sys/param.h:1.358 --- src/sys/sys/param.h:1.357 Mon Nov 9 17:11:29 2009 +++ src/sys/sys/param.h Tue Dec 29 04:24:32 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: param.h,v 1.357 2009/11/09 17:11:29 cegger Exp $ */ +/* $NetBSD: param.h,v 1.358 2009/12/29 04:24:32 elad Exp $ */ /*- * Copyright (c) 1982, 1986, 1989, 1993 @@ -63,7 +63,7 @@ * 2.99.9 (299000900) */ -#define __NetBSD_Version__ 599002200 /* NetBSD 5.99.22 */ +#define __NetBSD_Version__ 599002300 /* NetBSD 5.99.23 */ #define __NetBSD_Prereq__(M,m,p) (M) * 1) + \ (m) * 100) + (p) * 100) = __NetBSD_Version__)
CVS commit: src/sys/secmodel/suser
Module Name:src
Committed By: elad
Date: Tue Dec 29 04:25:30 UTC 2009
Modified Files:
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Use the socket credentials, now that we have them, instead of uidinfo.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.33 src/sys/secmodel/suser/secmodel_suser.c:1.34
--- src/sys/secmodel/suser/secmodel_suser.c:1.33 Thu Dec 24 19:02:07 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Tue Dec 29 04:25:30 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.33 2009/12/24 19:02:07 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.34 2009/12/29 04:25:30 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.33 2009/12/24 19:02:07 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.34 2009/12/29 04:25:30 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -50,7 +50,6 @@
#include sys/sysctl.h
#include sys/vnode.h
#include sys/proc.h
-#include sys/uidinfo.h
#include sys/module.h
#include secmodel/suser/suser.h
@@ -752,11 +751,10 @@
if (secmodel_suser_curtain) {
struct socket *so;
-uid_t so_uid;
so = (struct socket *)arg1;
-so_uid = so-so_uidinfo-ui_uid;
-if (kauth_cred_geteuid(cred) != so_uid)
+
+if (!proc_uidmatch(cred, so-so_cred))
result = KAUTH_RESULT_DENY;
}
CVS commit: src/sys/kern
Module Name:src
Committed By: elad
Date: Mon Dec 28 07:16:41 UTC 2009
Modified Files:
src/sys/kern: kern_verifiedexec.c
Log Message:
In veriexec_file_verify(), always check 'lockstate' before unlocking
'veriexec_op_lock'. Triggering a panic is possible in the path from
veriexec_openchk() (easily repeatable). The two switch cases at the
bottom of the function are going to panic anyway, but they might as well
panic as they're intended to as opposed to tripping over a locking
violation...
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 src/sys/kern/kern_verifiedexec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_verifiedexec.c
diff -u src/sys/kern/kern_verifiedexec.c:1.120 src/sys/kern/kern_verifiedexec.c:1.121
--- src/sys/kern/kern_verifiedexec.c:1.120 Mon Dec 28 02:35:20 2009
+++ src/sys/kern/kern_verifiedexec.c Mon Dec 28 07:16:41 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_verifiedexec.c,v 1.120 2009/12/28 02:35:20 elad Exp $ */
+/* $NetBSD: kern_verifiedexec.c,v 1.121 2009/12/28 07:16:41 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org
@@ -29,7 +29,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_verifiedexec.c,v 1.120 2009/12/28 02:35:20 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_verifiedexec.c,v 1.121 2009/12/28 07:16:41 elad Exp $);
#include opt_veriexec.h
@@ -629,7 +629,8 @@
name, NULL, REPORT_ALWAYS);
kmem_free(digest, vfe-ops-hash_len);
rw_exit(vfe-lock);
- rw_exit(veriexec_op_lock);
+ if (lockstate == VERIEXEC_UNLOCKED)
+rw_exit(veriexec_op_lock);
return (error);
}
@@ -650,7 +651,8 @@
/* IPS mode: Enforce access type. */
if (veriexec_strict = VERIEXEC_IPS) {
rw_exit(vfe-lock);
- rw_exit(veriexec_op_lock);
+ if (lockstate == VERIEXEC_UNLOCKED)
+rw_exit(veriexec_op_lock);
return (EPERM);
}
}
@@ -679,7 +681,8 @@
case FINGERPRINT_NOTEVAL:
/* Should not happen. */
rw_exit(vfe-lock);
- rw_exit(veriexec_op_lock);
+ if (lockstate == VERIEXEC_UNLOCKED)
+ rw_exit(veriexec_op_lock);
veriexec_file_report(vfe, Not-evaluated status
post evaluation; inconsistency detected., name,
NULL, REPORT_ALWAYS|REPORT_PANIC);
@@ -709,7 +712,8 @@
default:
/* Should never happen. */
rw_exit(vfe-lock);
- rw_exit(veriexec_op_lock);
+ if (lockstate == VERIEXEC_UNLOCKED)
+ rw_exit(veriexec_op_lock);
veriexec_file_report(vfe, Invalid status
post evaluation., name, NULL, REPORT_ALWAYS|REPORT_PANIC);
}
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Sat Dec 26 21:41:14 UTC 2009 Modified Files: src/sys/kern: kern_ssp.c Log Message: Put a space after ':'... To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/sys/kern/kern_ssp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_ssp.c diff -u src/sys/kern/kern_ssp.c:1.2 src/sys/kern/kern_ssp.c:1.3 --- src/sys/kern/kern_ssp.c:1.2 Thu Feb 26 05:50:54 2009 +++ src/sys/kern/kern_ssp.c Sat Dec 26 21:41:14 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ssp.c,v 1.2 2009/02/26 05:50:54 kenh Exp $ */ +/* $NetBSD: kern_ssp.c,v 1.3 2009/12/26 21:41:14 elad Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -27,7 +27,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_ssp.c,v 1.2 2009/02/26 05:50:54 kenh Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_ssp.c,v 1.3 2009/12/26 21:41:14 elad Exp $); #include sys/param.h #include sys/systm.h @@ -49,7 +49,7 @@ int s; #ifdef DIAGNOSTIC - printf(Initializing SSP:); + printf(Initializing SSP: ); #endif /* * We initialize ssp here carefully:
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Fri Dec 25 18:51:41 UTC 2009 Modified Files: src/sys/kern: kern_fileassoc.c Log Message: No need for these prototypes here. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/sys/kern/kern_fileassoc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_fileassoc.c diff -u src/sys/kern/kern_fileassoc.c:1.31 src/sys/kern/kern_fileassoc.c:1.32 --- src/sys/kern/kern_fileassoc.c:1.31 Mon May 5 17:11:17 2008 +++ src/sys/kern/kern_fileassoc.c Fri Dec 25 18:51:41 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_fileassoc.c,v 1.31 2008/05/05 17:11:17 ad Exp $ */ +/* $NetBSD: kern_fileassoc.c,v 1.32 2009/12/25 18:51:41 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org @@ -28,7 +28,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_fileassoc.c,v 1.31 2008/05/05 17:11:17 ad Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_fileassoc.c,v 1.32 2009/12/25 18:51:41 elad Exp $); #include opt_fileassoc.h @@ -50,12 +50,6 @@ #define FILEASSOC_INITIAL_TABLESIZE 128 -static struct fileassoc_hash_entry * -fileassoc_file_lookup(struct vnode *, fhandle_t *); -static struct fileassoc_hash_entry * -fileassoc_file_add(struct vnode *, fhandle_t *); -static struct fileassoc_table *fileassoc_table_resize(struct fileassoc_table *); - static specificdata_domain_t fileassoc_domain; static specificdata_key_t fileassoc_mountspecific_key; static ONCE_DECL(control);
CVS commit: src/sys/kern
Module Name:src
Committed By: elad
Date: Fri Dec 25 20:05:43 UTC 2009
Modified Files:
src/sys/kern: kern_fileassoc.c
Log Message:
This subsystem had leftovers from the time it was part of Veriexec, and then
from when I first implemented it as metahook.
Cleanup a lot of the mess by unifying variable names, add struct member
prefixes, adjust comments, etc.
No functional change intended.
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/sys/kern/kern_fileassoc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_fileassoc.c
diff -u src/sys/kern/kern_fileassoc.c:1.32 src/sys/kern/kern_fileassoc.c:1.33
--- src/sys/kern/kern_fileassoc.c:1.32 Fri Dec 25 18:51:41 2009
+++ src/sys/kern/kern_fileassoc.c Fri Dec 25 20:05:43 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_fileassoc.c,v 1.32 2009/12/25 18:51:41 elad Exp $ */
+/* $NetBSD: kern_fileassoc.c,v 1.33 2009/12/25 20:05:43 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
@@ -28,7 +28,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_fileassoc.c,v 1.32 2009/12/25 18:51:41 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_fileassoc.c,v 1.33 2009/12/25 20:05:43 elad Exp $);
#include opt_fileassoc.h
@@ -36,15 +36,10 @@
#include sys/mount.h
#include sys/queue.h
#include sys/vnode.h
-#include sys/namei.h
-#include sys/exec.h
-#include sys/proc.h
-#include sys/inttypes.h
#include sys/errno.h
#include sys/fileassoc.h
#include sys/specificdata.h
#include sys/hash.h
-#include sys/fstypes.h
#include sys/kmem.h
#include sys/once.h
@@ -55,34 +50,35 @@
static ONCE_DECL(control);
/*
- * Hook entry.
- * Includes the hook name for identification and private hook clear callback.
+ * Assoc entry.
+ * Includes the assoc name for identification and private clear callback.
*/
struct fileassoc {
- LIST_ENTRY(fileassoc) list;
- const char *name; /* name. */
- fileassoc_cleanup_cb_t cleanup_cb; /* clear callback. */
- specificdata_key_t key;
+ LIST_ENTRY(fileassoc) assoc_list;
+ const char *assoc_name;/* Name. */
+ fileassoc_cleanup_cb_t assoc_cleanup_cb; /* Clear callback. */
+ specificdata_key_t assoc_key;
};
static LIST_HEAD(, fileassoc) fileassoc_list;
+static kmutex_t fileassoc_list_lock;
/* An entry in the per-mount hash table. */
-struct fileassoc_hash_entry {
- fhandle_t *handle;/* File handle */
- specificdata_reference data; /* Hooks. */
- u_int nassocs; /* # of hooks. */
- LIST_ENTRY(fileassoc_hash_entry) entries; /* List pointer. */
+struct fileassoc_file {
+ fhandle_t *faf_handle;/* File handle */
+ specificdata_reference faf_data; /* Assoc data. */
+ u_int faf_nassocs;/* # of assocs. */
+ LIST_ENTRY(fileassoc_file) faf_list; /* List pointer. */
};
-LIST_HEAD(fileassoc_hashhead, fileassoc_hash_entry);
+LIST_HEAD(fileassoc_hash_entry, fileassoc_file);
struct fileassoc_table {
- struct fileassoc_hashhead *hash_tbl;
- size_t hash_size;/* Number of slots. */
- u_long hash_mask;
- size_t hash_used;/* # of used slots. */
- specificdata_reference data;
+ struct fileassoc_hash_entry *tbl_hash;
+ u_long tbl_mask;/* Hash table mask. */
+ size_t tbl_nslots;/* Number of slots. */
+ size_t tbl_nused;/* # of used slots. */
+ specificdata_reference tbl_data;
};
/*
@@ -91,74 +87,72 @@
*/
#define FILEASSOC_HASH(tbl, handle) \
(hash32_buf((handle), FHANDLE_SIZE(handle), HASH32_BUF_INIT) \
- ((tbl)-hash_mask))
+ ((tbl)-tbl_mask))
static void *
-file_getdata(struct fileassoc_hash_entry *e, const struct fileassoc *assoc)
+file_getdata(struct fileassoc_file *faf, const struct fileassoc *assoc)
{
- return specificdata_getspecific(fileassoc_domain, e-data,
- assoc-key);
+ return specificdata_getspecific(fileassoc_domain, faf-faf_data,
+ assoc-assoc_key);
}
static void
-file_setdata(struct fileassoc_hash_entry *e, const struct fileassoc *assoc,
+file_setdata(struct fileassoc_file *faf, const struct fileassoc *assoc,
void *data)
{
- specificdata_setspecific(fileassoc_domain, e-data, assoc-key,
- data);
+ specificdata_setspecific(fileassoc_domain, faf-faf_data,
+ assoc-assoc_key, data);
}
static void
-file_cleanup(struct fileassoc_hash_entry *e, const struct fileassoc *assoc)
+file_cleanup(struct fileassoc_file *faf, const struct fileassoc *assoc)
{
fileassoc_cleanup_cb_t cb;
void *data;
- cb = assoc-cleanup_cb;
+ cb = assoc-assoc_cleanup_cb;
if (cb == NULL) {
return;
}
- data = file_getdata(e, assoc);
+ data = file_getdata(faf, assoc);
(*cb)(data);
}
static void
-file_free(struct fileassoc_hash_entry *e)
+file_free(struct fileassoc_file *faf)
{
struct fileassoc *assoc;
- LIST_REMOVE(e, entries);
+ LIST_REMOVE(faf, faf_list);
- LIST_FOREACH(assoc, fileassoc_list, list) {
- file_cleanup(e, assoc);
+ LIST_FOREACH(assoc, fileassoc_list, assoc_list) {
+ file_cleanup(faf
CVS commit: src/sys/kern
Module Name:src
Committed By: elad
Date: Fri Dec 25 20:07:18 UTC 2009
Modified Files:
src/sys/kern: kern_fileassoc.c
Log Message:
Oops - unintentional locking bit that's not yet ready.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/sys/kern/kern_fileassoc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_fileassoc.c
diff -u src/sys/kern/kern_fileassoc.c:1.33 src/sys/kern/kern_fileassoc.c:1.34
--- src/sys/kern/kern_fileassoc.c:1.33 Fri Dec 25 20:05:43 2009
+++ src/sys/kern/kern_fileassoc.c Fri Dec 25 20:07:18 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_fileassoc.c,v 1.33 2009/12/25 20:05:43 elad Exp $ */
+/* $NetBSD: kern_fileassoc.c,v 1.34 2009/12/25 20:07:18 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
@@ -28,7 +28,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_fileassoc.c,v 1.33 2009/12/25 20:05:43 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_fileassoc.c,v 1.34 2009/12/25 20:07:18 elad Exp $);
#include opt_fileassoc.h
@@ -61,7 +61,6 @@
};
static LIST_HEAD(, fileassoc) fileassoc_list;
-static kmutex_t fileassoc_list_lock;
/* An entry in the per-mount hash table. */
struct fileassoc_file {
@@ -171,8 +170,6 @@
}
fileassoc_domain = specificdata_domain_create();
- mutex_init(fileassoc_list_lock, MUTEX_DEFAULT, IPL_NONE);
-
return 0;
}
@@ -200,9 +197,7 @@
assoc-assoc_cleanup_cb = cleanup_cb;
assoc-assoc_key = key;
- mutex_enter(fileassoc_list_lock);
LIST_INSERT_HEAD(fileassoc_list, assoc, assoc_list);
- mutex_exit(fileassoc_list_lock);
*result = assoc;
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Fri Dec 25 22:57:54 UTC 2009 Modified Files: src/sys/kern: kern_verifiedexec.c Log Message: Only kmem_free() the filename if we have one. To generate a diff of this commit: cvs rdiff -u -r1.118 -r1.119 src/sys/kern/kern_verifiedexec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_verifiedexec.c diff -u src/sys/kern/kern_verifiedexec.c:1.118 src/sys/kern/kern_verifiedexec.c:1.119 --- src/sys/kern/kern_verifiedexec.c:1.118 Sat Nov 7 07:27:49 2009 +++ src/sys/kern/kern_verifiedexec.c Fri Dec 25 22:57:54 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_verifiedexec.c,v 1.118 2009/11/07 07:27:49 cegger Exp $ */ +/* $NetBSD: kern_verifiedexec.c,v 1.119 2009/12/25 22:57:54 elad Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org @@ -29,7 +29,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_verifiedexec.c,v 1.118 2009/11/07 07:27:49 cegger Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_verifiedexec.c,v 1.119 2009/12/25 22:57:54 elad Exp $); #include opt_veriexec.h @@ -913,9 +913,12 @@ * entries so we can destroy the object. */ - kmem_free(vfe-filename, vfe-filename_len); + if (vfe-filename_len 0) +kmem_free(vfe-filename, vfe-filename_len); + vfe-filename = NULL; vfe-filename_len = 0; + rw_downgrade(veriexec_op_lock); }
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Thu Dec 24 19:01:12 UTC 2009
Modified Files:
src/sys/kern: init_sysctl.c kern_sysctl.c
src/sys/sys: file.h
Log Message:
When reporting open files using sysctl, don't use 'filehead' to fetch files,
as we don't have a process context to authorize on. Instead, traverse the
file descriptor table of each process -- as we already do in one case.
Introduce a marker we can use to mark files we've seen in an iteration, as
the same file can be referenced more than once.
Hopefully this availability of filtering by process also makes life easier
for those who are interested in implementing process containers etc.
To generate a diff of this commit:
cvs rdiff -u -r1.170 -r1.171 src/sys/kern/init_sysctl.c
cvs rdiff -u -r1.226 -r1.227 src/sys/kern/kern_sysctl.c
cvs rdiff -u -r1.70 -r1.71 src/sys/sys/file.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/init_sysctl.c
diff -u src/sys/kern/init_sysctl.c:1.170 src/sys/kern/init_sysctl.c:1.171
--- src/sys/kern/init_sysctl.c:1.170 Sat Dec 12 17:29:34 2009
+++ src/sys/kern/init_sysctl.c Thu Dec 24 19:01:12 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: init_sysctl.c,v 1.170 2009/12/12 17:29:34 dsl Exp $ */
+/* $NetBSD: init_sysctl.c,v 1.171 2009/12/24 19:01:12 elad Exp $ */
/*-
* Copyright (c) 2003, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.170 2009/12/12 17:29:34 dsl Exp $);
+__KERNEL_RCSID(0, $NetBSD: init_sysctl.c,v 1.171 2009/12/24 19:01:12 elad Exp $);
#include opt_sysv.h
#include opt_compat_netbsd32.h
@@ -96,6 +96,10 @@
gid_t security_setidcore_group = 0;
mode_t security_setidcore_mode = (S_IRUSR|S_IWUSR);
+/* Initialized in sysctl_init() for now... */
+/* static */ kmutex_t sysctl_file_marker_lock;
+static u_int sysctl_file_marker = 1;
+
static const u_int sysctl_flagmap[] = {
PK_ADVLOCK, P_ADVLOCK,
PK_EXEC, P_EXEC,
@@ -1212,6 +1216,40 @@
return (sysctl_lookup(SYSCTLFN_CALL(node)));
}
+/*
+ * Expects to be called with proc_lock and sysctl_file_marker_lock locked.
+ */
+static void
+sysctl_file_marker_reset(void)
+{
+ struct proc *p;
+
+ PROCLIST_FOREACH(p, allproc) {
+ struct filedesc *fd = p-p_fd;
+ fdtab_t *dt;
+ u_int i;
+
+ mutex_enter(fd-fd_lock);
+
+ dt = fd-fd_dt;
+ for (i = 0; i dt-dt_nfiles; i++) {
+ struct file *fp;
+ fdfile_t *ff;
+
+ if ((ff = dt-dt_ff[i]) == NULL) {
+continue;
+ }
+
+ if ((fp = ff-ff_file) == NULL) {
+continue;
+ }
+
+ fp-f_marker = 0;
+ }
+
+ mutex_exit(fd-fd_lock);
+ }
+}
/*
* sysctl helper routine for kern.file pseudo-subtree.
@@ -1221,12 +1259,12 @@
{
int error;
size_t buflen;
- struct file *fp, *dp, *np, fbuf;
+ struct file *fp, fbuf;
char *start, *where;
+ struct proc *p;
start = where = oldp;
buflen = *oldlenp;
- dp = NULL;
if (where == NULL) {
/*
@@ -1254,59 +1292,105 @@
where += sizeof(filehead);
/*
- * allocate dummy file descriptor to make position in list
- */
- if ((dp = fgetdummy()) == NULL) {
- sysctl_relock();
- return ENOMEM;
- }
-
- /*
* followed by an array of file structures
*/
- mutex_enter(filelist_lock);
- for (fp = LIST_FIRST(filehead); fp != NULL; fp = np) {
- np = LIST_NEXT(fp, f_list);
- mutex_enter(fp-f_lock);
- if (fp-f_count == 0) {
- mutex_exit(fp-f_lock);
- continue;
+ mutex_enter(sysctl_file_marker_lock);
+ mutex_enter(proc_lock);
+ PROCLIST_FOREACH(p, allproc) {
+ struct filedesc *fd;
+ fdtab_t *dt;
+ u_int i;
+
+ if (p-p_stat == SIDL) {
+ /* skip embryonic processes */
+ continue;
}
+ mutex_enter(p-p_lock);
+ error = kauth_authorize_process(l-l_cred,
+ KAUTH_PROCESS_CANSEE, p,
+ KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_OPENFILES),
+ NULL, NULL);
+ mutex_exit(p-p_lock);
+ if (error != 0) {
+ /*
+ * Don't leak kauth retval if we're silently
+ * skipping this entry.
+ */
+ error = 0;
+ continue;
+ }
+
/*
- * XXX Need to prevent that from being an alternative way
- * XXX to getting process information.
+ * Grab a hold on the process.
*/
- if (kauth_authorize_generic(l-l_cred,
- KAUTH_GENERIC_CANSEE, fp-f_cred) != 0) {
- mutex_exit(fp-f_lock);
+ if (!rw_tryenter(p-p_reflock, RW_READER)) {
continue;
}
- if (buflen sizeof(struct file)) {
- *oldlenp = where - start;
- mutex_exit(fp-f_lock);
- error = ENOMEM;
- break;
+ mutex_exit(proc_lock);
+
+ fd = p-p_fd;
+ mutex_enter(fd-fd_lock);
+ dt = fd-fd_dt;
+ for (i = 0; i dt-dt_nfiles; i++) {
+ fdfile_t *ff;
+
+ if ((ff = dt-dt_ff[i]) == NULL) {
+continue;
+ }
+ if ((fp = ff-ff_file) == NULL) {
+continue;
+ }
+
+ mutex_enter(fp-f_lock);
+
+ if ((fp-f_count == 0) ||
+ (fp-f_marker == sysctl_file_marker)) {
+mutex_exit(fp-f_lock);
+continue;
+ }
+
+ /* Check
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Thu Dec 24 19:02:07 UTC 2009
Modified Files:
src/sys/secmodel/suser: secmodel_suser.c
src/sys/sys: kauth.h
Log Message:
Rename KAUTH_GENERIC_CANSEE to KAUTH_GENERIC_UNUSED1 and remove handling for
the former.
(I'll remove it from the header next time a kernel version bump happens.)
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.63 -r1.64 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.32 src/sys/secmodel/suser/secmodel_suser.c:1.33
--- src/sys/secmodel/suser/secmodel_suser.c:1.32 Wed Nov 18 09:47:18 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Thu Dec 24 19:02:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.32 2009/11/18 09:47:18 stacktic Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.33 2009/12/24 19:02:07 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.32 2009/11/18 09:47:18 stacktic Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.33 2009/12/24 19:02:07 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -237,14 +237,6 @@
result = KAUTH_RESULT_ALLOW;
break;
- case KAUTH_GENERIC_CANSEE:
- if (!secmodel_suser_curtain)
- result = KAUTH_RESULT_ALLOW;
- else if (isroot || kauth_cred_uidmatch(cred, arg0))
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
default:
break;
}
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.63 src/sys/sys/kauth.h:1.64
--- src/sys/sys/kauth.h:1.63 Thu Sep 3 04:45:27 2009
+++ src/sys/sys/kauth.h Thu Dec 24 19:02:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.63 2009/09/03 04:45:27 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.64 2009/12/24 19:02:07 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org
@@ -73,8 +73,8 @@
* Generic scope - actions.
*/
enum {
- KAUTH_GENERIC_CANSEE=1,
- KAUTH_GENERIC_ISSUSER
+ KAUTH_GENERIC_UNUSED1=1,
+ KAUTH_GENERIC_ISSUSER,
};
/*
CVS commit: src/sys/dev/ic
Module Name:src Committed By: elad Date: Thu Dec 24 19:16:28 UTC 2009 Modified Files: src/sys/dev/ic: igsfb.c Log Message: Change a comment. INSECURE has but one purpose. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/sys/dev/ic/igsfb.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/ic/igsfb.c diff -u src/sys/dev/ic/igsfb.c:1.47 src/sys/dev/ic/igsfb.c:1.48 --- src/sys/dev/ic/igsfb.c:1.47 Wed Nov 18 21:59:38 2009 +++ src/sys/dev/ic/igsfb.c Thu Dec 24 19:16:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: igsfb.c,v 1.47 2009/11/18 21:59:38 macallan Exp $ */ +/* $NetBSD: igsfb.c,v 1.48 2009/12/24 19:16:28 elad Exp $ */ /* * Copyright (c) 2002, 2003 Valeriy E. Ushakov @@ -31,7 +31,7 @@ * Integraphics Systems IGA 168x and CyberPro series. */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: igsfb.c,v 1.47 2009/11/18 21:59:38 macallan Exp $); +__KERNEL_RCSID(0, $NetBSD: igsfb.c,v 1.48 2009/12/24 19:16:28 elad Exp $); #include sys/param.h #include sys/systm.h @@ -571,7 +571,7 @@ /* * wsdisplay_accessops: mmap() - * XXX: allow mmapping i/o mapped i/o regs if INSECURE??? + * XXX: security considerations for allowing mmapping i/o mapped i/o regs? */ static paddr_t igsfb_mmap(void *v, void *vs, off_t offset, int prot)
CVS commit: src/sys/rump/librump/rumpkern
Module Name:src Committed By: elad Date: Fri Dec 25 01:56:44 UTC 2009 Modified Files: src/sys/rump/librump/rumpkern: emul.c Log Message: allow rump to build To generate a diff of this commit: cvs rdiff -u -r1.113 -r1.114 src/sys/rump/librump/rumpkern/emul.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/rump/librump/rumpkern/emul.c diff -u src/sys/rump/librump/rumpkern/emul.c:1.113 src/sys/rump/librump/rumpkern/emul.c:1.114 --- src/sys/rump/librump/rumpkern/emul.c:1.113 Wed Dec 16 20:57:15 2009 +++ src/sys/rump/librump/rumpkern/emul.c Fri Dec 25 01:56:43 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: emul.c,v 1.113 2009/12/16 20:57:15 pooka Exp $ */ +/* $NetBSD: emul.c,v 1.114 2009/12/25 01:56:43 elad Exp $ */ /* * Copyright (c) 2007 Antti Kantee. All Rights Reserved. @@ -28,7 +28,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: emul.c,v 1.113 2009/12/16 20:57:15 pooka Exp $); +__KERNEL_RCSID(0, $NetBSD: emul.c,v 1.114 2009/12/25 01:56:43 elad Exp $); #include sys/param.h #include sys/null.h @@ -111,6 +111,8 @@ kmutex_t tty_lock; +kmutex_t sysctl_file_marker_lock; + /* sparc doesn't sport constant page size */ #ifdef __sparc__ int nbpg = 4096;
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Wed Dec 23 00:21:39 UTC 2009 Modified Files: src/sys/kern: init_main.c Log Message: Including sysctl.h once is enough. To generate a diff of this commit: cvs rdiff -u -r1.412 -r1.413 src/sys/kern/init_main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/init_main.c diff -u src/sys/kern/init_main.c:1.412 src/sys/kern/init_main.c:1.413 --- src/sys/kern/init_main.c:1.412 Thu Dec 17 01:25:10 2009 +++ src/sys/kern/init_main.c Wed Dec 23 00:21:38 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: init_main.c,v 1.412 2009/12/17 01:25:10 rmind Exp $ */ +/* $NetBSD: init_main.c,v 1.413 2009/12/23 00:21:38 elad Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.412 2009/12/17 01:25:10 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.413 2009/12/23 00:21:38 elad Exp $); #include opt_ddb.h #include opt_ipsec.h @@ -152,7 +152,6 @@ #include sys/pset.h #include sys/sysctl.h #include sys/reboot.h -#include sys/sysctl.h #include sys/event.h #include sys/mbuf.h #include sys/sched.h
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Nov 14 18:36:57 UTC 2009
Modified Files:
src/sys/kern: init_main.c
src/sys/miscfs/specfs: spec_vnops.c specdev.h
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
- Move kauth_init() a little bit higher.
- Add spec_init() to authorize special device actions (and passthru too for
the time being). Move policy out of secmodel_suser.
To generate a diff of this commit:
cvs rdiff -u -r1.408 -r1.409 src/sys/kern/init_main.c
cvs rdiff -u -r1.126 -r1.127 src/sys/miscfs/specfs/spec_vnops.c
cvs rdiff -u -r1.38 -r1.39 src/sys/miscfs/specfs/specdev.h
cvs rdiff -u -r1.30 -r1.31 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/init_main.c
diff -u src/sys/kern/init_main.c:1.408 src/sys/kern/init_main.c:1.409
--- src/sys/kern/init_main.c:1.408 Tue Nov 3 05:23:28 2009
+++ src/sys/kern/init_main.c Sat Nov 14 18:36:57 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: init_main.c,v 1.408 2009/11/03 05:23:28 dyoung Exp $ */
+/* $NetBSD: init_main.c,v 1.409 2009/11/14 18:36:57 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.408 2009/11/03 05:23:28 dyoung Exp $);
+__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.409 2009/11/14 18:36:57 elad Exp $);
#include opt_ddb.h
#include opt_ipsec.h
@@ -338,6 +338,11 @@
/* Initialize callouts, part 1. */
callout_startup();
+ /* Initialize the kernel authorization subsystem. */
+ kauth_init();
+
+ spec_init();
+
/* Start module system. */
module_init();
@@ -349,7 +354,6 @@
* credential inheritance policy, it is needed at least before
* any process is created, specifically proc0.
*/
- kauth_init();
module_init_class(MODULE_CLASS_SECMODEL);
/* Initialize the buffer cache */
Index: src/sys/miscfs/specfs/spec_vnops.c
diff -u src/sys/miscfs/specfs/spec_vnops.c:1.126 src/sys/miscfs/specfs/spec_vnops.c:1.127
--- src/sys/miscfs/specfs/spec_vnops.c:1.126 Tue Oct 6 04:28:10 2009
+++ src/sys/miscfs/specfs/spec_vnops.c Sat Nov 14 18:36:57 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: spec_vnops.c,v 1.126 2009/10/06 04:28:10 elad Exp $ */
+/* $NetBSD: spec_vnops.c,v 1.127 2009/11/14 18:36:57 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -58,7 +58,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: spec_vnops.c,v 1.126 2009/10/06 04:28:10 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: spec_vnops.c,v 1.127 2009/11/14 18:36:57 elad Exp $);
#include sys/param.h
#include sys/proc.h
@@ -151,6 +151,8 @@
const struct vnodeopv_desc spec_vnodeop_opv_desc =
{ spec_vnodeop_p, spec_vnodeop_entries };
+static kauth_listener_t rawio_listener;
+
/* Returns true if vnode is /dev/mem or /dev/kmem. */
bool
iskmemvp(struct vnode *vp)
@@ -171,6 +173,32 @@
return (major(dev) == mem_no (minor(dev) 2 || minor(dev) == 14));
}
+static int
+rawio_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+
+ if ((action != KAUTH_DEVICE_RAWIO_SPEC)
+ (action != KAUTH_DEVICE_RAWIO_PASSTHRU))
+ return result;
+
+ /* Access is mandated by permissions. */
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
+void
+spec_init(void)
+{
+
+ rawio_listener = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
+ rawio_listener_cb, NULL);
+}
+
/*
* Initialize a vnode that represents a device.
*/
Index: src/sys/miscfs/specfs/specdev.h
diff -u src/sys/miscfs/specfs/specdev.h:1.38 src/sys/miscfs/specfs/specdev.h:1.39
--- src/sys/miscfs/specfs/specdev.h:1.38 Tue Oct 6 04:28:11 2009
+++ src/sys/miscfs/specfs/specdev.h Sat Nov 14 18:36:57 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: specdev.h,v 1.38 2009/10/06 04:28:11 elad Exp $ */
+/* $NetBSD: specdev.h,v 1.39 2009/11/14 18:36:57 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -156,5 +156,6 @@
#define spec_putpages genfs_putpages
bool iskmemvp(struct vnode *);
+void spec_init(void);
#endif /* _MISCFS_SPECFS_SPECDEV_H_ */
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.30 src/sys/secmodel/suser/secmodel_suser.c:1.31
--- src/sys/secmodel/suser/secmodel_suser.c:1.30 Wed Oct 7 01:31:41 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Nov 14 18:36:56 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.30 2009/10/07 01:31:41 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.31 2009/11/14 18:36:56 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.30 2009/10/07 01:31:41 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.31 2009/11/14 18:36:56 elad Exp
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Sun Nov 15 02:37:14 UTC 2009 Modified Files: src/sys/kern: init_main.c Log Message: Include miscfs/specfs/specdev.h for spec_init(). To generate a diff of this commit: cvs rdiff -u -r1.409 -r1.410 src/sys/kern/init_main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/init_main.c diff -u src/sys/kern/init_main.c:1.409 src/sys/kern/init_main.c:1.410 --- src/sys/kern/init_main.c:1.409 Sat Nov 14 18:36:57 2009 +++ src/sys/kern/init_main.c Sun Nov 15 02:37:13 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: init_main.c,v 1.409 2009/11/14 18:36:57 elad Exp $ */ +/* $NetBSD: init_main.c,v 1.410 2009/11/15 02:37:13 elad Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.409 2009/11/14 18:36:57 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.410 2009/11/15 02:37:13 elad Exp $); #include opt_ddb.h #include opt_ipsec.h @@ -218,6 +218,7 @@ #include miscfs/genfs/genfs.h #include miscfs/syncfs/syncfs.h +#include miscfs/specfs/specdev.h #include sys/cpu.h
CVS commit: src/sys/secmodel/suser
Module Name:src
Committed By: elad
Date: Tue Oct 6 20:34:22 UTC 2009
Modified Files:
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Allow root to do things that the subsystem allows as well (unify).
This is important in the case someone manages to load the suser secmodel
and remove subsystem specific listeners; without this change they would
have ended up with a root user that can only do privileged operations.
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.27 src/sys/secmodel/suser/secmodel_suser.c:1.28
--- src/sys/secmodel/suser/secmodel_suser.c:1.27 Mon Oct 5 04:20:13 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Tue Oct 6 20:34:22 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.27 2009/10/05 04:20:13 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.28 2009/10/06 20:34:22 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.27 2009/10/05 04:20:13 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.28 2009/10/06 20:34:22 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -304,6 +304,14 @@
case KAUTH_SYSTEM_MOUNT:
switch (req) {
+ case KAUTH_REQ_SYSTEM_MOUNT_GET:
+ if (isroot) {
+result = KAUTH_RESULT_ALLOW;
+break;
+ }
+
+ break;
+
case KAUTH_REQ_SYSTEM_MOUNT_NEW: {
struct mount *mp = ((struct vnode *)arg1)-v_mount;
u_long flags = (u_long)arg2;
@@ -437,6 +445,20 @@
result = KAUTH_RESULT_ALLOW;
break;
+ case KAUTH_SYSTEM_DEBUG:
+ switch (req) {
+ case KAUTH_REQ_SYSTEM_DEBUG_IPKDB:
+ if (isroot)
+result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ default:
+ break;
+ }
+
+ break;
+
case KAUTH_SYSTEM_CHSYSFLAGS:
/*
* Needs to be checked in conjunction with the immutable and
@@ -481,6 +503,7 @@
case KAUTH_PROCESS_PTRACE:
case KAUTH_PROCESS_SCHEDULER_GETPARAM:
case KAUTH_PROCESS_SCHEDULER_SETPARAM:
+ case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
case KAUTH_PROCESS_SETID:
case KAUTH_PROCESS_KEVENT_FILTER:
@@ -600,6 +623,7 @@
case KAUTH_NETWORK_BIND:
switch (req) {
+ case KAUTH_REQ_NETWORK_BIND_PORT:
case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
if (isroot)
result = KAUTH_RESULT_ALLOW;
@@ -610,6 +634,20 @@
}
break;
+ case KAUTH_NETWORK_FIREWALL:
+ switch (req) {
+ case KAUTH_REQ_NETWORK_FIREWALL_FW:
+ case KAUTH_REQ_NETWORK_FIREWALL_NAT:
+ if (isroot)
+result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ default:
+ break;
+ }
+ break;
+
case KAUTH_NETWORK_FORWSRCRT:
case KAUTH_NETWORK_ROUTE:
if (isroot)
@@ -619,6 +657,8 @@
case KAUTH_NETWORK_INTERFACE:
switch (req) {
+ case KAUTH_REQ_NETWORK_INTERFACE_GET:
+ case KAUTH_REQ_NETWORK_INTERFACE_SET:
case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
if (isroot)
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Tue Oct 6 21:07:06 UTC 2009
Modified Files:
src/sys/arch/x86/x86: x86_machdep.c
src/sys/kern: init_main.c kern_stub.c
src/sys/secmodel/suser: secmodel_suser.c
src/sys/sys: systm.h
Log Message:
Add a (weak aliased) machdep_init() as a place to do machdep initialization
that can't happen as early as the other init functions as called from
cpu_startup() -- for example, register kauth(9) listeners.
Put unprivileged policy in the x86 code; used by i386, amd64, and xen.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/arch/x86/x86/x86_machdep.c
cvs rdiff -u -r1.405 -r1.406 src/sys/kern/init_main.c
cvs rdiff -u -r1.19 -r1.20 src/sys/kern/kern_stub.c
cvs rdiff -u -r1.28 -r1.29 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.235 -r1.236 src/sys/sys/systm.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/x86/x86/x86_machdep.c
diff -u src/sys/arch/x86/x86/x86_machdep.c:1.34 src/sys/arch/x86/x86/x86_machdep.c:1.35
--- src/sys/arch/x86/x86/x86_machdep.c:1.34 Mon Oct 5 23:59:31 2009
+++ src/sys/arch/x86/x86/x86_machdep.c Tue Oct 6 21:07:05 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: x86_machdep.c,v 1.34 2009/10/05 23:59:31 rmind Exp $ */
+/* $NetBSD: x86_machdep.c,v 1.35 2009/10/06 21:07:05 elad Exp $ */
/*-
* Copyright (c) 2002, 2006, 2007 YAMAMOTO Takashi,
@@ -31,7 +31,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: x86_machdep.c,v 1.34 2009/10/05 23:59:31 rmind Exp $);
+__KERNEL_RCSID(0, $NetBSD: x86_machdep.c,v 1.35 2009/10/06 21:07:05 elad Exp $);
#include opt_modular.h
@@ -74,6 +74,8 @@
/* - */
+static kauth_listener_t x86_listener;
+
/*
* Given the type of a bootinfo entry, looks for a matching item inside
* the bootinfo structure. If found, returns a pointer to it (which must
@@ -816,3 +818,35 @@
DELAY(50); /* wait 0.5 sec to see if that did it */
}
}
+
+static int
+x86_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+
+ switch (action) {
+ case KAUTH_MACHDEP_IOPERM_GET:
+ case KAUTH_MACHDEP_LDT_GET:
+ case KAUTH_MACHDEP_LDT_SET:
+ case KAUTH_MACHDEP_MTRR_GET:
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
+void
+machdep_init(void)
+{
+
+ x86_listener = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
+ x86_listener_cb, NULL);
+}
Index: src/sys/kern/init_main.c
diff -u src/sys/kern/init_main.c:1.405 src/sys/kern/init_main.c:1.406
--- src/sys/kern/init_main.c:1.405 Sat Oct 3 22:32:56 2009
+++ src/sys/kern/init_main.c Tue Oct 6 21:07:05 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: init_main.c,v 1.405 2009/10/03 22:32:56 elad Exp $ */
+/* $NetBSD: init_main.c,v 1.406 2009/10/06 21:07:05 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.405 2009/10/03 22:32:56 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.406 2009/10/06 21:07:05 elad Exp $);
#include opt_ddb.h
#include opt_ipsec.h
@@ -569,6 +569,8 @@
wapbl_init();
#endif
+ machdep_init();
+
/*
* Create process 1 (init(8)). We do this now, as Unix has
* historically had init be process 1, and changing this would
Index: src/sys/kern/kern_stub.c
diff -u src/sys/kern/kern_stub.c:1.19 src/sys/kern/kern_stub.c:1.20
--- src/sys/kern/kern_stub.c:1.19 Sun Jul 19 02:50:44 2009
+++ src/sys/kern/kern_stub.c Tue Oct 6 21:07:06 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_stub.c,v 1.19 2009/07/19 02:50:44 rmind Exp $ */
+/* $NetBSD: kern_stub.c,v 1.20 2009/10/06 21:07:06 elad Exp $ */
/*-
* Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_stub.c,v 1.19 2009/07/19 02:50:44 rmind Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_stub.c,v 1.20 2009/10/06 21:07:06 elad Exp $);
#include opt_ptrace.h
#include opt_ktrace.h
@@ -130,6 +130,8 @@
__weak_alias(ktr_point,nullop);
#endif /* KTRACE */
+__weak_alias(machdep_init,nullop);
+
#if !defined(KERN_SA)
/*
* Scheduler activations system calls. These need to remain, even when
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.28 src/sys/secmodel/suser/secmodel_suser.c:1.29
--- src/sys/secmodel/suser/secmodel_suser.c:1.28 Tue Oct 6 20:34:22 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Tue Oct 6 21:07:06 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.28 2009/10/06 20:34:22 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.29 2009/10/06 21:07:06 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7
CVS commit: src/sys/secmodel/securelevel
Module Name:src Committed By: elad Date: Wed Oct 7 01:06:57 UTC 2009 Modified Files: src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: Compare against initproc, not pid 1, to check if it's init (unify). To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/securelevel/secmodel_securelevel.c diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.19 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.20 --- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.19 Tue Oct 6 05:03:58 2009 +++ src/sys/secmodel/securelevel/secmodel_securelevel.c Wed Oct 7 01:06:57 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_securelevel.c,v 1.19 2009/10/06 05:03:58 elad Exp $ */ +/* $NetBSD: secmodel_securelevel.c,v 1.20 2009/10/07 01:06:57 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -35,7 +35,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.19 2009/10/06 05:03:58 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.20 2009/10/07 01:06:57 elad Exp $); #ifdef _KERNEL_OPT #include opt_insecure.h @@ -66,8 +66,8 @@ static struct sysctllog *securelevel_sysctl_log; /* - * sysctl helper routine for securelevel. ensures that the value - * only rises unless the caller has pid 1 (assumed to be init). + * Sysctl helper routine for securelevel. Ensures that the value only rises + * unless the caller is init. */ int secmodel_securelevel_sysctl(SYSCTLFN_ARGS) @@ -82,7 +82,7 @@ if (error || newp == NULL) return (error); - if (newsecurelevel securelevel l l-l_proc-p_pid != 1) + if ((newsecurelevel securelevel) (l-l_proc != initproc)) return (EPERM); securelevel = newsecurelevel;
CVS commit: src/sys/secmodel/suser
Module Name:src
Committed By: elad
Date: Wed Oct 7 01:31:41 UTC 2009
Modified Files:
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Extract usermount policy to its own routine.
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.29 src/sys/secmodel/suser/secmodel_suser.c:1.30
--- src/sys/secmodel/suser/secmodel_suser.c:1.29 Tue Oct 6 21:07:06 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Wed Oct 7 01:31:41 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.29 2009/10/06 21:07:06 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.30 2009/10/07 01:31:41 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.29 2009/10/06 21:07:06 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.30 2009/10/07 01:31:41 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -252,6 +252,64 @@
return (result);
}
+static int
+suser_usermount_policy(kauth_cred_t cred, enum kauth_system_req req, void *arg1,
+void *arg2)
+{
+ struct mount *mp;
+ u_long flags;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+
+ if (!dovfsusermount)
+ return result;
+
+ switch (req) {
+ case KAUTH_REQ_SYSTEM_MOUNT_NEW:
+ mp = ((struct vnode *)arg1)-v_mount;
+ flags= (u_long)arg2;
+
+ if (usermount_common_policy(mp, flags) != 0)
+ break;
+
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
+ mp = arg1;
+
+ /* Must own the mount. */
+ if (mp-mnt_stat.f_owner != kauth_cred_geteuid(cred))
+ break;
+
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
+ mp = arg1;
+ flags = (u_long)arg2;
+
+ /* Must own the mount. */
+ if (mp-mnt_stat.f_owner != kauth_cred_geteuid(cred))
+ break;
+
+ if (usermount_common_policy(mp, flags) != 0)
+ break;
+
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
/*
* kauth(9) listener
*
@@ -312,69 +370,17 @@
break;
- case KAUTH_REQ_SYSTEM_MOUNT_NEW: {
- struct mount *mp = ((struct vnode *)arg1)-v_mount;
- u_long flags = (u_long)arg2;
-
+ case KAUTH_REQ_SYSTEM_MOUNT_NEW:
+ case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
+ case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
if (isroot) {
result = KAUTH_RESULT_ALLOW;
break;
}
- if (!dovfsusermount)
-break;
-
- if (usermount_common_policy(mp, flags) != 0)
-break;
-
- result = KAUTH_RESULT_ALLOW;
-
- break;
- }
-
- case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: {
- struct mount *mp = arg1;
-
- if (isroot) {
-result = KAUTH_RESULT_ALLOW;
-break;
- }
-
- if (!dovfsusermount)
-break;
-
- /* Must own the mount. */
- if (mp-mnt_stat.f_owner != kauth_cred_geteuid(cred))
-break;
-
- result = KAUTH_RESULT_ALLOW;
+ result = suser_usermount_policy(cred, req, arg1, arg2);
break;
- }
-
- case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: {
- struct mount *mp = arg1;
- u_long flags = (u_long)arg2;
-
- if (isroot) {
-result = KAUTH_RESULT_ALLOW;
-break;
- }
-
- if (!dovfsusermount)
-break;
-
- /* Must own the mount. */
- if (mp-mnt_stat.f_owner != kauth_cred_geteuid(cred))
-break;
-
- if (usermount_common_policy(mp, flags) != 0)
-break;
-
- result = KAUTH_RESULT_ALLOW;
-
- break;
- }
default:
break;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Tue Oct 6 04:28:11 UTC 2009
Modified Files:
src/sys/kern: kern_verifiedexec.c vfs_subr.c
src/sys/miscfs/specfs: spec_vnops.c specdev.h
src/sys/secmodel/keylock: secmodel_keylock.c
src/sys/secmodel/securelevel: secmodel_securelevel.c
src/sys/sys: vnode.h
Log Message:
Factor out a block of code that appears in three places (Veriexec, keylock,
and securelevel) so that others can use it as well.
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 src/sys/kern/kern_verifiedexec.c
cvs rdiff -u -r1.384 -r1.385 src/sys/kern/vfs_subr.c
cvs rdiff -u -r1.125 -r1.126 src/sys/miscfs/specfs/spec_vnops.c
cvs rdiff -u -r1.37 -r1.38 src/sys/miscfs/specfs/specdev.h
cvs rdiff -u -r1.3 -r1.4 src/sys/secmodel/keylock/secmodel_keylock.c
cvs rdiff -u -r1.16 -r1.17 \
src/sys/secmodel/securelevel/secmodel_securelevel.c
cvs rdiff -u -r1.209 -r1.210 src/sys/sys/vnode.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_verifiedexec.c
diff -u src/sys/kern/kern_verifiedexec.c:1.116 src/sys/kern/kern_verifiedexec.c:1.117
--- src/sys/kern/kern_verifiedexec.c:1.116 Sat Oct 3 21:03:55 2009
+++ src/sys/kern/kern_verifiedexec.c Tue Oct 6 04:28:10 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_verifiedexec.c,v 1.116 2009/10/03 21:03:55 elad Exp $ */
+/* $NetBSD: kern_verifiedexec.c,v 1.117 2009/10/06 04:28:10 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org
@@ -29,7 +29,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_verifiedexec.c,v 1.116 2009/10/03 21:03:55 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_verifiedexec.c,v 1.117 2009/10/06 04:28:10 elad Exp $);
#include opt_veriexec.h
@@ -1030,8 +1030,7 @@
switch (action) {
case KAUTH_DEVICE_RAWIO_SPEC: {
struct vnode *vp, *bvp;
- dev_t dev;
- int d_type;
+ int error;
if (req == KAUTH_REQ_DEVICE_RAWIO_SPEC_READ) {
result = KAUTH_RESULT_DEFER;
@@ -1041,60 +1040,22 @@
vp = arg1;
KASSERT(vp != NULL);
- dev = vp-v_rdev;
- d_type = D_OTHER;
- bvp = NULL;
-
/* Handle /dev/mem and /dev/kmem. */
- if ((vp-v_type == VCHR) iskmemdev(dev)) {
+ if (iskmemvp(vp)) {
if (veriexec_strict VERIEXEC_IPS)
result = KAUTH_RESULT_DEFER;
break;
}
- switch (vp-v_type) {
- case VCHR: {
- const struct cdevsw *cdev;
-
- cdev = cdevsw_lookup(dev);
- if (cdev != NULL) {
-dev_t blkdev;
-
-blkdev = devsw_chr2blk(dev);
-if (blkdev != NODEV) {
- vfinddev(blkdev, VBLK, bvp);
- if (bvp != NULL)
- d_type = cdev-d_flag
- D_TYPEMASK;
-}
- }
-
- break;
- }
- case VBLK: {
- const struct bdevsw *bdev;
-
- bdev = bdevsw_lookup(dev);
- if (bdev != NULL)
-d_type = bdev-d_flag D_TYPEMASK;
-
- bvp = vp;
-
- break;
- }
- default:
- result = KAUTH_RESULT_DEFER;
- break;
- }
-
- if (d_type != D_DISK) {
+ error = rawdev_mounted(vp, bvp);
+ if (error == EINVAL) {
result = KAUTH_RESULT_DEFER;
break;
}
/*
- * XXX: See vfs_mountedon() comment in secmodel/securelevel.
+ * XXX: See vfs_mountedon() comment in rawdev_mounted().
*/
vte = veriexec_table_lookup(bvp-v_mount);
if (vte == NULL) {
Index: src/sys/kern/vfs_subr.c
diff -u src/sys/kern/vfs_subr.c:1.384 src/sys/kern/vfs_subr.c:1.385
--- src/sys/kern/vfs_subr.c:1.384 Sat Sep 19 16:20:41 2009
+++ src/sys/kern/vfs_subr.c Tue Oct 6 04:28:10 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_subr.c,v 1.384 2009/09/19 16:20:41 jmcneill Exp $ */
+/* $NetBSD: vfs_subr.c,v 1.385 2009/10/06 04:28:10 elad Exp $ */
/*-
* Copyright (c) 1997, 1998, 2004, 2005, 2007, 2008 The NetBSD Foundation, Inc.
@@ -91,7 +91,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: vfs_subr.c,v 1.384 2009/09/19 16:20:41 jmcneill Exp $);
+__KERNEL_RCSID(0, $NetBSD: vfs_subr.c,v 1.385 2009/10/06 04:28:10 elad Exp $);
#include opt_ddb.h
#include opt_compat_netbsd.h
@@ -3289,3 +3289,76 @@
}
#endif /* DDB || DEBUGPRINT */
+/*
+ * Check if a device pointed to by vp is mounted.
+ *
+ * Returns:
+ * EINVAL if it's not a disk
+ * EBUSY if it's a disk and mounted
+ * 0 if it's a disk and not mounted
+ */
+int
+rawdev_mounted(struct vnode *vp, struct vnode **bvpp)
+{
+ struct vnode *bvp;
+ dev_t dev;
+ int d_type;
+
+ bvp = NULL;
+ dev = vp-v_rdev;
+ d_type = D_OTHER;
+
+ if (iskmemvp(vp))
+ return EINVAL;
+
+ switch (vp-v_type) {
+ case VCHR: {
+ const struct cdevsw *cdev;
+
+ cdev = cdevsw_lookup(dev);
+ if (cdev != NULL) {
+ dev_t blkdev;
+
+ blkdev = devsw_chr2blk(dev);
+ if (blkdev != NODEV) {
+vfinddev(blkdev, VBLK, bvp);
+if (bvp != NULL)
+ d_type = (cdev-d_flag D_TYPEMASK);
+ }
+ }
+
+ break;
+ }
+
+ case VBLK: {
+ const struct bdevsw *bdev;
+
+ bdev = bdevsw_lookup(dev);
+ if (bdev != NULL)
+ d_type = (bdev-d_flag D_TYPEMASK);
+
+ bvp = vp;
+
+ break
CVS commit: src/sys/secmodel/securelevel
Module Name:src
Committed By: elad
Date: Tue Oct 6 05:01:51 UTC 2009
Modified Files:
src/sys/secmodel/securelevel: secmodel_securelevel.c
Log Message:
Cosmetic changes to declarations. No functional change.
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 \
src/sys/secmodel/securelevel/secmodel_securelevel.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/securelevel/secmodel_securelevel.c
diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.17 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.18
--- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.17 Tue Oct 6 04:28:10 2009
+++ src/sys/secmodel/securelevel/secmodel_securelevel.c Tue Oct 6 05:01:51 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_securelevel.c,v 1.17 2009/10/06 04:28:10 elad Exp $ */
+/* $NetBSD: secmodel_securelevel.c,v 1.18 2009/10/06 05:01:51 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -35,7 +35,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.17 2009/10/06 04:28:10 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.18 2009/10/06 05:01:51 elad Exp $);
#ifdef _KERNEL_OPT
#include opt_insecure.h
@@ -216,9 +216,8 @@
* Responsibility: Securelevel
*/
int
-secmodel_securelevel_system_cb(kauth_cred_t cred,
-kauth_action_t action, void *cookie, void *arg0, void *arg1,
-void *arg2, void *arg3)
+secmodel_securelevel_system_cb(kauth_cred_t cred, kauth_action_t action,
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
int result;
enum kauth_system_req req;
@@ -332,9 +331,8 @@
* Responsibility: Securelevel
*/
int
-secmodel_securelevel_process_cb(kauth_cred_t cred,
-kauth_action_t action, void *cookie, void *arg0,
-void *arg1, void *arg2, void *arg3)
+secmodel_securelevel_process_cb(kauth_cred_t cred, kauth_action_t action,
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
struct proc *p;
int result;
@@ -391,9 +389,8 @@
* Responsibility: Securelevel
*/
int
-secmodel_securelevel_network_cb(kauth_cred_t cred,
-kauth_action_t action, void *cookie, void *arg0,
-void *arg1, void *arg2, void *arg3)
+secmodel_securelevel_network_cb(kauth_cred_t cred, kauth_action_t action,
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
int result;
enum kauth_network_req req;
@@ -435,9 +432,8 @@
* Responsibility: Securelevel
*/
int
-secmodel_securelevel_machdep_cb(kauth_cred_t cred,
-kauth_action_t action, void *cookie, void *arg0,
-void *arg1, void *arg2, void *arg3)
+secmodel_securelevel_machdep_cb(kauth_cred_t cred, kauth_action_t action,
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
int result;
@@ -470,9 +466,8 @@
* Responsibility: Securelevel
*/
int
-secmodel_securelevel_device_cb(kauth_cred_t cred,
-kauth_action_t action, void *cookie, void *arg0,
-void *arg1, void *arg2, void *arg3)
+secmodel_securelevel_device_cb(kauth_cred_t cred, kauth_action_t action,
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
int result;
CVS commit: src/sys/secmodel/securelevel
Module Name:src Committed By: elad Date: Tue Oct 6 05:03:58 UTC 2009 Modified Files: src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: Unify: = 0 - -1. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/securelevel/secmodel_securelevel.c diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.18 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.19 --- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.18 Tue Oct 6 05:01:51 2009 +++ src/sys/secmodel/securelevel/secmodel_securelevel.c Tue Oct 6 05:03:58 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_securelevel.c,v 1.18 2009/10/06 05:01:51 elad Exp $ */ +/* $NetBSD: secmodel_securelevel.c,v 1.19 2009/10/06 05:03:58 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -35,7 +35,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.18 2009/10/06 05:01:51 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.19 2009/10/06 05:03:58 elad Exp $); #ifdef _KERNEL_OPT #include opt_insecure.h @@ -364,7 +364,7 @@ } case KAUTH_PROCESS_PTRACE: - if ((p == initproc) (securelevel = 0)) + if ((p == initproc) (securelevel -1)) result = KAUTH_RESULT_DENY; break;
CVS commit: src/share/man/man7
Module Name:src Committed By: elad Date: Sun Oct 4 22:57:47 UTC 2009 Modified Files: src/share/man/man7: sysctl.7 Log Message: Slightly restructure vfs level documentation. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/share/man/man7/sysctl.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man7/sysctl.7 diff -u src/share/man/man7/sysctl.7:1.25 src/share/man/man7/sysctl.7:1.26 --- src/share/man/man7/sysctl.7:1.25 Fri Oct 2 20:31:19 2009 +++ src/share/man/man7/sysctl.7 Sun Oct 4 22:57:46 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: sysctl.7,v 1.25 2009/10/02 20:31:19 elad Exp $ +.\ $NetBSD: sysctl.7,v 1.26 2009/10/04 22:57:46 elad Exp $ .\ .\ Copyright (c) 1993 .\ The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\ .\ @(#)sysctl.3 8.4 (Berkeley) 5/9/95 .\ -.Dd October 2, 2009 +.Dd October 4, 2009 .Dt SYSCTL 7 .Os .Sh NAME @@ -131,18 +131,20 @@ A distinguished second level name, .Li vfs.generic ( VFS_GENERIC ) , is used to get general information about all filesystems. -One of its third level identifiers is -.Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM ) -that gives the highest valid filesystem type number. -Its other third level identifier is -.Li vfs.generic.conf ( VFS_CONF ) -that returns configuration information about the filesystem -type given as a fourth level identifier. -The remaining second level identifiers are the -filesystem type number returned by a +It has the following third level identifiers: +.Bl -tag -width compact +.It vfs.generic.maxtypenum ( VFS_MAXTYPENUM ) +The highest valid filesystem type number. +.It vfs.generic.conf ( VFS_CONF ) +Returns configuration information about the file-system type given as a fourth +level identifier. +.El +.Pp +The remaining second level identifiers are the file-system names, identified +by the type number returned by a .Xr statvfs 2 call or from -.Li vfs.generic.conf . +.Li vfs.generic.conf. The third level identifiers available for each filesystem are given in the header file that defines the mount argument structure for that filesystem.
CVS commit: src/sys/dist/ipf/netinet
Module Name:src Committed By: elad Date: Mon Oct 5 03:44:01 UTC 2009 Modified Files: src/sys/dist/ipf/netinet: ip_fil_netbsd.c Log Message: Attach the listener in the correct attach function. Should fix issues reported by Anon Ymous. To generate a diff of this commit: cvs rdiff -u -r1.52 -r1.53 src/sys/dist/ipf/netinet/ip_fil_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/ipf/netinet/ip_fil_netbsd.c diff -u src/sys/dist/ipf/netinet/ip_fil_netbsd.c:1.52 src/sys/dist/ipf/netinet/ip_fil_netbsd.c:1.53 --- src/sys/dist/ipf/netinet/ip_fil_netbsd.c:1.52 Sat Oct 3 00:37:02 2009 +++ src/sys/dist/ipf/netinet/ip_fil_netbsd.c Mon Oct 5 03:44:01 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_fil_netbsd.c,v 1.52 2009/10/03 00:37:02 elad Exp $ */ +/* $NetBSD: ip_fil_netbsd.c,v 1.53 2009/10/05 03:44:01 elad Exp $ */ /* * Copyright (C) 1993-2003 by Darren Reed. @@ -8,7 +8,7 @@ #if !defined(lint) #if defined(__NetBSD__) #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: ip_fil_netbsd.c,v 1.52 2009/10/03 00:37:02 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: ip_fil_netbsd.c,v 1.53 2009/10/05 03:44:01 elad Exp $); #else static const char sccsid[] = @(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed; static const char rcsid[] = @(#)Id: ip_fil_netbsd.c,v 2.55.2.66 2009/05/17 17:45:26 darrenr Exp; @@ -340,6 +340,12 @@ RWLOCK_INIT(ipf_mutex, ipf filter rwlock); RWLOCK_INIT(ipf_frcache, ipf cache rwlock); # endif + +#if (__NetBSD_Version__ = 599002000) + ipf_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK, + ipf_listener_cb, NULL); +#endif + } #endif @@ -481,11 +487,6 @@ timeout(fr_slowtimer, NULL, (hz / IPF_HZ_DIVIDE) * IPF_HZ_MULT); #endif -#if (__NetBSD_Version__ = 599002000) - ipf_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK, - ipf_listener_cb, NULL); -#endif - return 0; #if __NetBSD_Version__ = 10511
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Mon Oct 5 04:20:13 UTC 2009
Modified Files:
src/sys/kern: vfs_init.c
src/sys/secmodel/suser: secmodel_suser.c
src/sys/sys: mount.h
Log Message:
- Add usermount_common_policy() that implements some common (everything
but access control) user mounting policies: enforced MNT_NOSUID and
MNT_NODEV, no MNT_EXPORT, MNT_EXEC propagation. This can be useful for
secmodels that are interested in simply adding finer grained user mount
support.
- Add a mount subsystem listener for KAUTH_REQ_SYSTEM_MOUNT_GET.
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 src/sys/kern/vfs_init.c
cvs rdiff -u -r1.26 -r1.27 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.191 -r1.192 src/sys/sys/mount.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/vfs_init.c
diff -u src/sys/kern/vfs_init.c:1.44 src/sys/kern/vfs_init.c:1.45
--- src/sys/kern/vfs_init.c:1.44 Sun May 3 21:25:44 2009
+++ src/sys/kern/vfs_init.c Mon Oct 5 04:20:13 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_init.c,v 1.44 2009/05/03 21:25:44 elad Exp $ */
+/* $NetBSD: vfs_init.c,v 1.45 2009/10/05 04:20:13 elad Exp $ */
/*-
* Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
@@ -67,7 +67,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: vfs_init.c,v 1.44 2009/05/03 21:25:44 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: vfs_init.c,v 1.45 2009/10/05 04:20:13 elad Exp $);
#include sys/param.h
#include sys/mount.h
@@ -83,6 +83,7 @@
#include sys/module.h
#include sys/dirhash.h
#include sys/sysctl.h
+#include sys/kauth.h
/*
* Sigh, such primitive tools are these...
@@ -119,6 +120,8 @@
struct vfs_list_head vfs_list = /* vfs list */
LIST_HEAD_INITIALIZER(vfs_list);
+static kauth_listener_t mount_listener;
+
/*
* This code doesn't work if the defn is **vnodop_defns with cc.
* The problem is because of the compiler sometimes putting in an
@@ -332,6 +335,56 @@
#endif /* DEBUG */
/*
+ * Common routine to check if an unprivileged mount is allowed.
+ *
+ * We export just this part (i.e., without the access control) so that if a
+ * secmodel wants to implement finer grained user mounts it can do so without
+ * copying too much code. More elaborate policies (i.e., specific users allowed
+ * to also create devices and/or introduce set-id binaries, or export
+ * file-systems) will require a different implementation.
+ *
+ * This routine is intended to be called from listener context, and as such
+ * does not take credentials as an argument.
+ */
+int
+usermount_common_policy(struct mount *mp, u_long flags)
+{
+
+ /* No exporting if unprivileged. */
+ if (flags MNT_EXPORTED)
+ return EPERM;
+
+ /* Must have 'nosuid' and 'nodev'. */
+ if ((flags MNT_NODEV) == 0 || (flags MNT_NOSUID) == 0)
+ return EPERM;
+
+ /* Retain 'noexec'. */
+ if ((mp-mnt_flag MNT_NOEXEC) (flags MNT_NOEXEC) == 0)
+ return EPERM;
+
+ return 0;
+}
+
+static int
+mount_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+ enum kauth_system_req req;
+
+ result = KAUTH_RESULT_DEFER;
+ req = (enum kauth_system_req)arg0;
+
+ if ((action != KAUTH_SYSTEM_MOUNT) ||
+ (req != KAUTH_REQ_SYSTEM_MOUNT_GET))
+ return result;
+
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
+/*
* Initialize the vnode structures and initialize each file system type.
*/
void
@@ -382,6 +435,9 @@
*/
vfs_hooks_init();
+ mount_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+ mount_listener_cb, NULL);
+
/*
* Establish each file system which was statically
* included in the kernel.
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.26 src/sys/secmodel/suser/secmodel_suser.c:1.27
--- src/sys/secmodel/suser/secmodel_suser.c:1.26 Sat Oct 3 03:59:39 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Mon Oct 5 04:20:13 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.26 2009/10/03 03:59:39 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.27 2009/10/05 04:20:13 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.26 2009/10/03 03:59:39 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.27 2009/10/05 04:20:13 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -152,7 +152,6 @@
secmodel_suser_init(void)
{
secmodel_suser_curtain = 0;
- dovfsusermount = 0;
}
void
@@ -303,82 +302,71 @@
break;
- case KAUTH_SYSTEM_FS_RESERVEDSPACE:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
- break;
-
case KAUTH_SYSTEM_MOUNT:
switch (req) {
- case KAUTH_REQ_SYSTEM_MOUNT_GET:
- result = KAUTH_RESULT_ALLOW;
- break;
+ case KAUTH_REQ_SYSTEM_MOUNT_NEW
CVS commit: src/sys/kern
Module Name:src
Committed By: elad
Date: Sat Oct 3 20:24:39 UTC 2009
Modified Files:
src/sys/kern: uipc_domain.c
Log Message:
KAUTH_GENERIC_CANSEE - KAUTH_REQ_NETWORK_SOCKET_CANSEE.
Not quite the same semantics but it's okay. Once our sockets have
credentials (and they will) it's all the same.
To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.85 src/sys/kern/uipc_domain.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_domain.c
diff -u src/sys/kern/uipc_domain.c:1.84 src/sys/kern/uipc_domain.c:1.85
--- src/sys/kern/uipc_domain.c:1.84 Fri Sep 11 22:06:29 2009
+++ src/sys/kern/uipc_domain.c Sat Oct 3 20:24:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_domain.c,v 1.84 2009/09/11 22:06:29 dyoung Exp $ */
+/* $NetBSD: uipc_domain.c,v 1.85 2009/10/03 20:24:39 elad Exp $ */
/*
* Copyright (c) 1982, 1986, 1993
@@ -32,7 +32,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: uipc_domain.c,v 1.84 2009/09/11 22:06:29 dyoung Exp $);
+__KERNEL_RCSID(0, $NetBSD: uipc_domain.c,v 1.85 2009/10/03 20:24:39 elad Exp $);
#include sys/param.h
#include sys/socket.h
@@ -455,14 +455,14 @@
if (fp-f_count == 0 || fp-f_type != DTYPE_SOCKET ||
fp-f_data == NULL)
continue;
- if (kauth_authorize_generic(l-l_cred,
- KAUTH_GENERIC_CANSEE, fp-f_cred) != 0)
- continue;
so = (struct socket *)fp-f_data;
if (so-so_type != type)
continue;
if (so-so_proto-pr_domain-dom_family != pf)
continue;
+ if (kauth_authorize_network(l-l_cred, KAUTH_NETWORK_SOCKET,
+ KAUTH_REQ_NETWORK_SOCKET_CANSEE, so, NULL, NULL) != 0)
+ continue;
if (len = elem_size elem_count 0) {
mutex_enter(fp-f_lock);
fp-f_count++;
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Sat Oct 3 21:21:56 UTC 2009 Modified Files: src/sys/kern: kern_synch.c Log Message: Oops, forgot to make sched_listener static. Pointed out by rmind@, thansk! To generate a diff of this commit: cvs rdiff -u -r1.268 -r1.269 src/sys/kern/kern_synch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_synch.c diff -u src/sys/kern/kern_synch.c:1.268 src/sys/kern/kern_synch.c:1.269 --- src/sys/kern/kern_synch.c:1.268 Sat Oct 3 01:30:25 2009 +++ src/sys/kern/kern_synch.c Sat Oct 3 21:21:56 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $ */ +/* $NetBSD: kern_synch.c,v 1.269 2009/10/03 21:21:56 elad Exp $ */ /*- * Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009 @@ -69,7 +69,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_synch.c,v 1.269 2009/10/03 21:21:56 elad Exp $); #include opt_kstack.h #include opt_perfctrs.h @@ -128,7 +128,7 @@ unsigned sched_pstats_ticks; kcondvar_t lbolt; /* once a second sleep address */ -kauth_listener_t sched_listener; +static kauth_listener_t sched_listener; /* Preemption event counters */ static struct evcnt kpreempt_ev_crit;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Oct 3 22:32:57 UTC 2009
Modified Files:
src/sys/kern: init_main.c kern_synch.c sys_sched.c
src/sys/sys: sched.h
Log Message:
- Move sched_listener and co. from kern_synch.c to sys_sched.c, where it
really belongs (suggested by rmind@),
- Rename sched_init() to synch_init(), and introduce a new sched_init()
in sys_sched.c where we (a) initialize the sysctl node (no more
link-set) and (b) listen on the process scope with sched_listener.
Reviewed by and okay rm...@.
To generate a diff of this commit:
cvs rdiff -u -r1.404 -r1.405 src/sys/kern/init_main.c
cvs rdiff -u -r1.269 -r1.270 src/sys/kern/kern_synch.c
cvs rdiff -u -r1.33 -r1.34 src/sys/kern/sys_sched.c
cvs rdiff -u -r1.70 -r1.71 src/sys/sys/sched.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/init_main.c
diff -u src/sys/kern/init_main.c:1.404 src/sys/kern/init_main.c:1.405
--- src/sys/kern/init_main.c:1.404 Fri Oct 2 22:18:57 2009
+++ src/sys/kern/init_main.c Sat Oct 3 22:32:56 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: init_main.c,v 1.404 2009/10/02 22:18:57 elad Exp $ */
+/* $NetBSD: init_main.c,v 1.405 2009/10/03 22:32:56 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.404 2009/10/02 22:18:57 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: init_main.c,v 1.405 2009/10/03 22:32:56 elad Exp $);
#include opt_ddb.h
#include opt_ipsec.h
@@ -398,6 +398,8 @@
turnstile_init();
sleeptab_init(sleeptab);
+ sched_init();
+
/* Initialize processor-sets */
psets_init();
@@ -780,7 +782,7 @@
/* Setup the runqueues and scheduler. */
runq_init();
- sched_init();
+ synch_init();
/*
* Bus scans can make it appear as if the system has paused, so
Index: src/sys/kern/kern_synch.c
diff -u src/sys/kern/kern_synch.c:1.269 src/sys/kern/kern_synch.c:1.270
--- src/sys/kern/kern_synch.c:1.269 Sat Oct 3 21:21:56 2009
+++ src/sys/kern/kern_synch.c Sat Oct 3 22:32:56 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_synch.c,v 1.269 2009/10/03 21:21:56 elad Exp $ */
+/* $NetBSD: kern_synch.c,v 1.270 2009/10/03 22:32:56 elad Exp $ */
/*-
* Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009
@@ -69,7 +69,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_synch.c,v 1.269 2009/10/03 21:21:56 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_synch.c,v 1.270 2009/10/03 22:32:56 elad Exp $);
#include opt_kstack.h
#include opt_perfctrs.h
@@ -97,7 +97,6 @@
#include sys/lwpctl.h
#include sys/atomic.h
#include sys/simplelock.h
-#include sys/kauth.h
#include uvm/uvm_extern.h
@@ -128,8 +127,6 @@
unsigned sched_pstats_ticks;
kcondvar_t lbolt; /* once a second sleep address */
-static kauth_listener_t sched_listener;
-
/* Preemption event counters */
static struct evcnt kpreempt_ev_crit;
static struct evcnt kpreempt_ev_klock;
@@ -145,57 +142,8 @@
*/
int safepri;
-static int
-sched_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
-void *arg0, void *arg1, void *arg2, void *arg3)
-{
- struct proc *p;
- int result;
-
- result = KAUTH_RESULT_DEFER;
- p = arg0;
-
- switch (action) {
- case KAUTH_PROCESS_SCHEDULER_GETPARAM:
- if (kauth_cred_uidmatch(cred, p-p_cred))
- result = KAUTH_RESULT_ALLOW;
- break;
-
- case KAUTH_PROCESS_SCHEDULER_SETPARAM:
- if (kauth_cred_uidmatch(cred, p-p_cred)) {
- struct lwp *l;
- int policy;
- pri_t priority;
-
- l = arg1;
- policy = (int)(unsigned long)arg2;
- priority = (pri_t)(unsigned long)arg3;
-
- if ((policy == l-l_class ||
- (policy != SCHED_FIFO policy != SCHED_RR))
- priority = l-l_priority)
-result = KAUTH_RESULT_ALLOW;
- }
-
- break;
-
- case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
- result = KAUTH_RESULT_ALLOW;
- break;
-
- case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
- /* Privileged; we let the secmodel handle this. */
- break;
-
- default:
- break;
- }
-
- return result;
-}
-
void
-sched_init(void)
+synch_init(void)
{
cv_init(lbolt, lbolt);
@@ -210,9 +158,6 @@
kpreempt, immediate);
sched_pstats(NULL);
-
- sched_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
- sched_listener_cb, NULL);
}
/*
Index: src/sys/kern/sys_sched.c
diff -u src/sys/kern/sys_sched.c:1.33 src/sys/kern/sys_sched.c:1.34
--- src/sys/kern/sys_sched.c:1.33 Tue Mar 3 21:55:06 2009
+++ src/sys/kern/sys_sched.c Sat Oct 3 22:32:56 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_sched.c,v 1.33 2009/03/03 21:55:06 rmind Exp $ */
+/* $NetBSD: sys_sched.c,v 1.34 2009/10/03 22:32:56 elad Exp $ */
/*
* Copyright (c) 2008, Mindaugas Rasiukevicius rmind at NetBSD org
@@ -42,7 +42,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: sys_sched.c,v 1.33 2009/03/03 21:55:06 rmind Exp $);
+__KERNEL_RCSID(0, $NetBSD: sys_sched.c,v 1.34 2009/10/03 22:32:56
CVS commit: src/sys/kern
Module Name:src
Committed By: elad
Date: Sun Oct 4 03:15:08 UTC 2009
Modified Files:
src/sys/kern: kern_proc.c sys_process.c
Log Message:
Install floppies (haha) don't get built with ktrace/ptrace, so they don't
include kern/sys_process.c. Move proc_uidmatch() to kern/kern_proc.c which
always gets built instead.
Pointed out by Kurt Schreiner on current-users@:
http://mail-index.netbsd.org/current-users/2009/10/03/msg010745.html
To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 src/sys/kern/kern_proc.c
cvs rdiff -u -r1.149 -r1.150 src/sys/kern/sys_process.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_proc.c
diff -u src/sys/kern/kern_proc.c:1.153 src/sys/kern/kern_proc.c:1.154
--- src/sys/kern/kern_proc.c:1.153 Sat Oct 3 03:38:31 2009
+++ src/sys/kern/kern_proc.c Sun Oct 4 03:15:08 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_proc.c,v 1.153 2009/10/03 03:38:31 elad Exp $ */
+/* $NetBSD: kern_proc.c,v 1.154 2009/10/04 03:15:08 elad Exp $ */
/*-
* Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_proc.c,v 1.153 2009/10/03 03:38:31 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_proc.c,v 1.154 2009/10/04 03:15:08 elad Exp $);
#include opt_kstack.h
#include opt_maxuprc.h
@@ -1436,3 +1436,36 @@
specificdata_setspecific(proc_specificdata_domain,
p-p_specdataref, key, data);
}
+
+int
+proc_uidmatch(kauth_cred_t cred, kauth_cred_t target)
+{
+ int r = 0;
+
+ if (kauth_cred_getuid(cred) != kauth_cred_getuid(target) ||
+ kauth_cred_getuid(cred) != kauth_cred_getsvuid(target)) {
+ /*
+ * suid proc of ours or proc not ours
+ */
+ r = EPERM;
+ } else if (kauth_cred_getgid(target) != kauth_cred_getsvgid(target)) {
+ /*
+ * sgid proc has sgid back to us temporarily
+ */
+ r = EPERM;
+ } else {
+ /*
+ * our rgid must be in target's group list (ie,
+ * sub-processes started by a sgid process)
+ */
+ int ismember = 0;
+
+ if (kauth_cred_ismember_gid(cred,
+ kauth_cred_getgid(target), ismember) != 0 ||
+ !ismember)
+ r = EPERM;
+ }
+
+ return (r);
+}
+
Index: src/sys/kern/sys_process.c
diff -u src/sys/kern/sys_process.c:1.149 src/sys/kern/sys_process.c:1.150
--- src/sys/kern/sys_process.c:1.149 Fri Oct 2 22:38:45 2009
+++ src/sys/kern/sys_process.c Sun Oct 4 03:15:08 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_process.c,v 1.149 2009/10/02 22:38:45 elad Exp $ */
+/* $NetBSD: sys_process.c,v 1.150 2009/10/04 03:15:08 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,7 +118,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: sys_process.c,v 1.149 2009/10/02 22:38:45 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: sys_process.c,v 1.150 2009/10/04 03:15:08 elad Exp $);
#include opt_ptrace.h
#include opt_ktrace.h
@@ -1032,39 +1032,3 @@
KERNEL_LOCK(l-l_biglocks, l);
}
#endif /* KTRACE || PTRACE */
-
-/*
- * common code for corename, rlimit, and stopflag.
- */
-int
-proc_uidmatch(kauth_cred_t cred, kauth_cred_t target)
-{
- int r = 0;
-
- if (kauth_cred_getuid(cred) != kauth_cred_getuid(target) ||
- kauth_cred_getuid(cred) != kauth_cred_getsvuid(target)) {
- /*
- * suid proc of ours or proc not ours
- */
- r = EPERM;
- } else if (kauth_cred_getgid(target) != kauth_cred_getsvgid(target)) {
- /*
- * sgid proc has sgid back to us temporarily
- */
- r = EPERM;
- } else {
- /*
- * our rgid must be in target's group list (ie,
- * sub-processes started by a sgid process)
- */
- int ismember = 0;
-
- if (kauth_cred_ismember_gid(cred,
- kauth_cred_getgid(target), ismember) != 0 ||
- !ismember)
- r = EPERM;
- }
-
- return (r);
-}
-
CVS commit: src/sys/secmodel
Module Name:src Committed By: elad Date: Fri Oct 2 19:41:45 UTC 2009 Removed Files: src/sys/secmodel: secmodel.h Log Message: Remove secmodel.h, forgotten in previous commit: http://mail-index.netbsd.org/source-changes/2009/10/02/msg001437.html To generate a diff of this commit: cvs rdiff -u -r1.2 -r0 src/sys/secmodel/secmodel.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: elad Date: Fri Oct 2 19:50:37 UTC 2009 Modified Files: src/sbin/modstat: modstat.8 src/share/man/man9: secmodel_bsd44.9 secmodel_suser.9 Log Message: Bump date to today's date (rather than when the changes were made). To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/sbin/modstat/modstat.8 cvs rdiff -u -r1.12 -r1.13 src/share/man/man9/secmodel_bsd44.9 cvs rdiff -u -r1.1 -r1.2 src/share/man/man9/secmodel_suser.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/modstat/modstat.8 diff -u src/sbin/modstat/modstat.8:1.4 src/sbin/modstat/modstat.8:1.5 --- src/sbin/modstat/modstat.8:1.4 Fri Oct 2 18:50:14 2009 +++ src/sbin/modstat/modstat.8 Fri Oct 2 19:50:37 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: modstat.8,v 1.4 2009/10/02 18:50:14 elad Exp $ +.\ $NetBSD: modstat.8,v 1.5 2009/10/02 19:50:37 elad Exp $ .\ .\ Copyright (c) 1993 Christopher G. Demetriou .\ All rights reserved. @@ -32,7 +32,7 @@ .\ .\ Id: LICENSE,v 1.2 2000/06/14 15:57:33 cgd Exp .\ -.Dd September 29, 2009 +.Dd October 2, 2009 .Dt MODSTAT 8 .Os .Sh NAME Index: src/share/man/man9/secmodel_bsd44.9 diff -u src/share/man/man9/secmodel_bsd44.9:1.12 src/share/man/man9/secmodel_bsd44.9:1.13 --- src/share/man/man9/secmodel_bsd44.9:1.12 Fri Oct 2 18:50:13 2009 +++ src/share/man/man9/secmodel_bsd44.9 Fri Oct 2 19:50:37 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: secmodel_bsd44.9,v 1.12 2009/10/02 18:50:13 elad Exp $ +.\ $NetBSD: secmodel_bsd44.9,v 1.13 2009/10/02 19:50:37 elad Exp $ .\ .\ Copyright (c) 2006 Elad Efrat e...@netbsd.org .\ All rights reserved. @@ -25,7 +25,7 @@ .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\ -.Dd September 29, 2009 +.Dd October 2, 2009 .Dt SECMODEL_BSD44 9 .Os .Sh NAME Index: src/share/man/man9/secmodel_suser.9 diff -u src/share/man/man9/secmodel_suser.9:1.1 src/share/man/man9/secmodel_suser.9:1.2 --- src/share/man/man9/secmodel_suser.9:1.1 Fri Oct 2 18:50:13 2009 +++ src/share/man/man9/secmodel_suser.9 Fri Oct 2 19:50:37 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: secmodel_suser.9,v 1.1 2009/10/02 18:50:13 elad Exp $ +.\ $NetBSD: secmodel_suser.9,v 1.2 2009/10/02 19:50:37 elad Exp $ .\ .\ Copyright (c) 2009 Elad Efrat e...@netbsd.org .\ All rights reserved. @@ -25,7 +25,7 @@ .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\ -.Dd September 29, 2009 +.Dd October 2, 2009 .Dt SECMODEL_SUSER 9 .Os .Sh NAME
CVS commit: src/sys/secmodel/securelevel
Module Name:src Committed By: elad Date: Fri Oct 2 20:15:07 UTC 2009 Modified Files: src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: Create securelevel variable under securelevel node. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/securelevel/secmodel_securelevel.c diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.14 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.15 --- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.14 Fri Oct 2 18:50:14 2009 +++ src/sys/secmodel/securelevel/secmodel_securelevel.c Fri Oct 2 20:15:07 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_securelevel.c,v 1.14 2009/10/02 18:50:14 elad Exp $ */ +/* $NetBSD: secmodel_securelevel.c,v 1.15 2009/10/02 20:15:07 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -35,7 +35,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.14 2009/10/02 18:50:14 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.15 2009/10/02 20:15:07 elad Exp $); #ifdef _KERNEL_OPT #include opt_insecure.h @@ -118,6 +118,13 @@ NULL, 0, __UNCONST(Traditional NetBSD: Securelevel), 0, CTL_CREATE, CTL_EOL); + sysctl_createv(clog, 0, rnode, NULL, + CTLFLAG_PERMANENT|CTLFLAG_READWRITE, + CTLTYPE_INT, securelevel, + SYSCTL_DESCR(System security level), + secmodel_securelevel_sysctl, 0, NULL, 0, + CTL_CREATE, CTL_EOL); + /* Compatibility: kern.securelevel */ sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT,
CVS commit: src
Module Name:src Committed By: elad Date: Fri Oct 2 20:31:19 UTC 2009 Modified Files: src/sbin/mount: mount.8 src/share/man/man7: sysctl.7 src/share/man/man9: secmodel_securelevel.9 secmodel_suser.9 Log Message: Centralize documentation about exported sysctl variables in the relevant secmodel's man-page. To generate a diff of this commit: cvs rdiff -u -r1.67 -r1.68 src/sbin/mount/mount.8 cvs rdiff -u -r1.24 -r1.25 src/share/man/man7/sysctl.7 cvs rdiff -u -r1.6 -r1.7 src/share/man/man9/secmodel_securelevel.9 cvs rdiff -u -r1.2 -r1.3 src/share/man/man9/secmodel_suser.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/mount/mount.8 diff -u src/sbin/mount/mount.8:1.67 src/sbin/mount/mount.8:1.68 --- src/sbin/mount/mount.8:1.67 Mon Feb 23 08:14:53 2009 +++ src/sbin/mount/mount.8 Fri Oct 2 20:31:19 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: mount.8,v 1.67 2009/02/23 08:14:53 wiz Exp $ +.\ $NetBSD: mount.8,v 1.68 2009/10/02 20:31:19 elad Exp $ .\ .\ Copyright (c) 1980, 1989, 1991, 1993 .\ The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\ .\ @(#)mount.8 8.8 (Berkeley) 6/16/94 .\ -.Dd February 22, 2009 +.Dd October 2, 2009 .Dt MOUNT 8 .Os .Sh NAME @@ -133,23 +133,10 @@ .Pp In .Nx , -a file system can only be mounted by an ordinary user who owns the -point -.Ar node -and has access to the -.Ar special -device (at least read permissions). -Also, the -.Em vfs.generic.usermount -.Xr sysctl 3 -must be set to 1 to permit file system mounting by ordinary users, -see -.Xr sysctl 8 . -Finally, the flags -.Cm nosuid -and -.Cm nodev -must be given for non-superuser mounts. +the file-system mounting policy is dictated by the running security models. +The default security model may allow unprivileged mounting; see +.Xr secmodel_suser 9 +for details. .Pp The options are as follows: .Bl -tag -width indent Index: src/share/man/man7/sysctl.7 diff -u src/share/man/man7/sysctl.7:1.24 src/share/man/man7/sysctl.7:1.25 --- src/share/man/man7/sysctl.7:1.24 Fri Sep 11 19:43:26 2009 +++ src/share/man/man7/sysctl.7 Fri Oct 2 20:31:19 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: sysctl.7,v 1.24 2009/09/11 19:43:26 wiz Exp $ +.\ $NetBSD: sysctl.7,v 1.25 2009/10/02 20:31:19 elad Exp $ .\ .\ Copyright (c) 1993 .\ The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\ .\ @(#)sysctl.3 8.4 (Berkeley) 5/9/95 .\ -.Dd September 11, 2009 +.Dd October 2, 2009 .Dt SYSCTL 7 .Os .Sh NAME @@ -713,9 +713,8 @@ Maximum socket buffer size. .\ XXX units? .It Li kern.securelevel ( KERN_SECURELVL ) -The system security level. -This level may be raised by processes with appropriate privilege. -It may only be lowered by process 1. +See +.Xr secmodel_securelevel 9 . .It Li kern.somaxkva ( KERN_SOMAXKVA ) Maximum amount of kernel memory to be used for socket buffers. .\ XXX units? Index: src/share/man/man9/secmodel_securelevel.9 diff -u src/share/man/man9/secmodel_securelevel.9:1.6 src/share/man/man9/secmodel_securelevel.9:1.7 --- src/share/man/man9/secmodel_securelevel.9:1.6 Sat Jul 25 16:20:11 2009 +++ src/share/man/man9/secmodel_securelevel.9 Fri Oct 2 20:31:19 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: secmodel_securelevel.9,v 1.6 2009/07/25 16:20:11 mbalmer Exp $ +.\ $NetBSD: secmodel_securelevel.9,v 1.7 2009/10/02 20:31:19 elad Exp $ .\ .\ Copyright (c) 2006 Elad Efrat e...@netbsd.org .\ Copyright (c) 2000 Hugh Graham @@ -180,6 +180,16 @@ interpreter, through any mechanism) and the kernel itself are programs that run while the security level is 0 and must be considered part of the TCB. +.Pp +The following +.Xr sysctl 3 +variables are exported: +.Bl -tag -width compact +.It security.models.securelevel.securelevel +The system security level. +This level may be raised by processes with appropriate privilege. +It may only be lowered by process 1 (init). +.El .Sh SEE ALSO .Xr kauth 9 , .Xr secmodel 9 , Index: src/share/man/man9/secmodel_suser.9 diff -u src/share/man/man9/secmodel_suser.9:1.2 src/share/man/man9/secmodel_suser.9:1.3 --- src/share/man/man9/secmodel_suser.9:1.2 Fri Oct 2 19:50:37 2009 +++ src/share/man/man9/secmodel_suser.9 Fri Oct 2 20:31:19 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: secmodel_suser.9,v 1.2 2009/10/02 19:50:37 elad Exp $ +.\ $NetBSD: secmodel_suser.9,v 1.3 2009/10/02 20:31:19 elad Exp $ .\ .\ Copyright (c) 2009 Elad Efrat e...@netbsd.org .\ All rights reserved. @@ -41,6 +41,43 @@ .Em super-user is the host administrator, considered to have higher privileges than other users. +.Pp +The following +.Xr sysctl 3 +variables are exported: +.Bl -tag -width compact +.It security.models.suser.curtain +If non-zero, will filter returned objects according to the user-id +requesting information about them, preventing from users any access to +objects they don't own. +.Pp +At the moment, it affects +.Xr ps 1 , +.Xr
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Fri Oct 2 22:38:45 UTC 2009
Modified Files:
src/sys/kern: kern_resource.c sys_process.c
src/sys/secmodel/suser: secmodel_suser.c
src/sys/sys: proc.h
Log Message:
Move rlimit policy back to the subsystem.
For this we needed proc_uidmatch() exposed, which makes a lot of sense,
so put it back in sys_process.c for use in other places as well.
To generate a diff of this commit:
cvs rdiff -u -r1.152 -r1.153 src/sys/kern/kern_resource.c
cvs rdiff -u -r1.148 -r1.149 src/sys/kern/sys_process.c
cvs rdiff -u -r1.5 -r1.6 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.290 -r1.291 src/sys/sys/proc.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_resource.c
diff -u src/sys/kern/kern_resource.c:1.152 src/sys/kern/kern_resource.c:1.153
--- src/sys/kern/kern_resource.c:1.152 Tue May 26 06:57:38 2009
+++ src/sys/kern/kern_resource.c Fri Oct 2 22:38:45 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_resource.c,v 1.152 2009/05/26 06:57:38 elad Exp $ */
+/* $NetBSD: kern_resource.c,v 1.153 2009/10/02 22:38:45 elad Exp $ */
/*-
* Copyright (c) 1982, 1986, 1991, 1993
@@ -37,7 +37,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_resource.c,v 1.152 2009/05/26 06:57:38 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_resource.c,v 1.153 2009/10/02 22:38:45 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -69,6 +69,43 @@
static pool_cache_t plimit_cache;
static pool_cache_t pstats_cache;
+static kauth_listener_t rlimit_listener;
+
+static int
+rlimit_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct proc *p;
+ int result;
+ enum kauth_process_req req;
+
+ result = KAUTH_RESULT_DEFER;
+ p = arg0;
+ req = (enum kauth_process_req)(unsigned long)arg1;
+
+ if (action != KAUTH_PROCESS_RLIMIT)
+ return result;
+
+ if (req == KAUTH_REQ_PROCESS_RLIMIT_SET) {
+ struct rlimit *new_rlimit;
+ u_long which;
+
+ if ((p != curlwp-l_proc)
+ (proc_uidmatch(cred, p-p_cred) != 0))
+ return result;
+
+ new_rlimit = arg2;
+ which = (u_long)arg3;
+
+ if (new_rlimit-rlim_max = p-p_rlimit[which].rlim_max)
+ result = KAUTH_RESULT_ALLOW;
+ } else if (req == KAUTH_REQ_PROCESS_RLIMIT_GET) {
+ result = KAUTH_RESULT_ALLOW;
+ }
+
+ return result;
+}
+
void
resource_init(void)
{
@@ -77,6 +114,9 @@
plimitpl, NULL, IPL_NONE, NULL, NULL, NULL);
pstats_cache = pool_cache_init(sizeof(struct pstats), 0, 0, 0,
pstatspl, NULL, IPL_NONE, NULL, NULL, NULL);
+
+ rlimit_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ rlimit_listener_cb, NULL);
}
/*
Index: src/sys/kern/sys_process.c
diff -u src/sys/kern/sys_process.c:1.148 src/sys/kern/sys_process.c:1.149
--- src/sys/kern/sys_process.c:1.148 Fri Oct 2 22:18:57 2009
+++ src/sys/kern/sys_process.c Fri Oct 2 22:38:45 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_process.c,v 1.148 2009/10/02 22:18:57 elad Exp $ */
+/* $NetBSD: sys_process.c,v 1.149 2009/10/02 22:38:45 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,7 +118,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: sys_process.c,v 1.148 2009/10/02 22:18:57 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: sys_process.c,v 1.149 2009/10/02 22:38:45 elad Exp $);
#include opt_ptrace.h
#include opt_ktrace.h
@@ -1033,3 +1033,38 @@
}
#endif /* KTRACE || PTRACE */
+/*
+ * common code for corename, rlimit, and stopflag.
+ */
+int
+proc_uidmatch(kauth_cred_t cred, kauth_cred_t target)
+{
+ int r = 0;
+
+ if (kauth_cred_getuid(cred) != kauth_cred_getuid(target) ||
+ kauth_cred_getuid(cred) != kauth_cred_getsvuid(target)) {
+ /*
+ * suid proc of ours or proc not ours
+ */
+ r = EPERM;
+ } else if (kauth_cred_getgid(target) != kauth_cred_getsvgid(target)) {
+ /*
+ * sgid proc has sgid back to us temporarily
+ */
+ r = EPERM;
+ } else {
+ /*
+ * our rgid must be in target's group list (ie,
+ * sub-processes started by a sgid process)
+ */
+ int ismember = 0;
+
+ if (kauth_cred_ismember_gid(cred,
+ kauth_cred_getgid(target), ismember) != 0 ||
+ !ismember)
+ r = EPERM;
+ }
+
+ return (r);
+}
+
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.5 src/sys/secmodel/suser/secmodel_suser.c:1.6
--- src/sys/secmodel/suser/secmodel_suser.c:1.5 Fri Oct 2 22:18:57 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 2 22:38:45 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.5 2009/10/02 22:18:57 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.6 2009/10/02 22:38:45 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.5 2009/10/02 22:18:57 elad Exp $);
+__KERNEL_RCSID(0
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Fri Oct 2 22:46:18 UTC 2009
Modified Files:
src/sys/kern: kern_resource.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Stick nice policy in its own subsystem and call the listener resource
rather than rlimit...
To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 src/sys/kern/kern_resource.c
cvs rdiff -u -r1.6 -r1.7 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_resource.c
diff -u src/sys/kern/kern_resource.c:1.153 src/sys/kern/kern_resource.c:1.154
--- src/sys/kern/kern_resource.c:1.153 Fri Oct 2 22:38:45 2009
+++ src/sys/kern/kern_resource.c Fri Oct 2 22:46:18 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_resource.c,v 1.153 2009/10/02 22:38:45 elad Exp $ */
+/* $NetBSD: kern_resource.c,v 1.154 2009/10/02 22:46:18 elad Exp $ */
/*-
* Copyright (c) 1982, 1986, 1991, 1993
@@ -37,7 +37,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_resource.c,v 1.153 2009/10/02 22:38:45 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_resource.c,v 1.154 2009/10/02 22:46:18 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -69,38 +69,66 @@
static pool_cache_t plimit_cache;
static pool_cache_t pstats_cache;
-static kauth_listener_t rlimit_listener;
+static kauth_listener_t resource_listener;
static int
-rlimit_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+resource_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
void *arg0, void *arg1, void *arg2, void *arg3)
{
struct proc *p;
int result;
- enum kauth_process_req req;
result = KAUTH_RESULT_DEFER;
p = arg0;
- req = (enum kauth_process_req)(unsigned long)arg1;
- if (action != KAUTH_PROCESS_RLIMIT)
- return result;
+ switch (action) {
+ case KAUTH_PROCESS_NICE:
+ if (kauth_cred_geteuid(cred) != kauth_cred_geteuid(p-p_cred)
+kauth_cred_getuid(cred) != kauth_cred_geteuid(p-p_cred)) {
+break;
+}
- if (req == KAUTH_REQ_PROCESS_RLIMIT_SET) {
- struct rlimit *new_rlimit;
- u_long which;
+if ((u_long)arg1 = p-p_nice)
+result = KAUTH_RESULT_ALLOW;
- if ((p != curlwp-l_proc)
- (proc_uidmatch(cred, p-p_cred) != 0))
- return result;
+ break;
+
+ case KAUTH_PROCESS_RLIMIT: {
+ enum kauth_process_req req;
- new_rlimit = arg2;
- which = (u_long)arg3;
+ req = (enum kauth_process_req)(unsigned long)arg1;
- if (new_rlimit-rlim_max = p-p_rlimit[which].rlim_max)
+ switch (req) {
+ case KAUTH_REQ_PROCESS_RLIMIT_GET:
result = KAUTH_RESULT_ALLOW;
- } else if (req == KAUTH_REQ_PROCESS_RLIMIT_GET) {
- result = KAUTH_RESULT_ALLOW;
+ break;
+
+ case KAUTH_REQ_PROCESS_RLIMIT_SET: {
+ struct rlimit *new_rlimit;
+ u_long which;
+
+ if ((p != curlwp-l_proc)
+ (proc_uidmatch(cred, p-p_cred) != 0))
+break;
+
+ new_rlimit = arg2;
+ which = (u_long)arg3;
+
+ if (new_rlimit-rlim_max = p-p_rlimit[which].rlim_max)
+result = KAUTH_RESULT_ALLOW;
+
+ break;
+ }
+
+ default:
+ break;
+ }
+
+ break;
+ }
+
+ default:
+ break;
}
return result;
@@ -115,8 +143,8 @@
pstats_cache = pool_cache_init(sizeof(struct pstats), 0, 0, 0,
pstatspl, NULL, IPL_NONE, NULL, NULL, NULL);
- rlimit_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
- rlimit_listener_cb, NULL);
+ resource_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ resource_listener_cb, NULL);
}
/*
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.6 src/sys/secmodel/suser/secmodel_suser.c:1.7
--- src/sys/secmodel/suser/secmodel_suser.c:1.6 Fri Oct 2 22:38:45 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 2 22:46:18 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.6 2009/10/02 22:38:45 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.6 2009/10/02 22:38:45 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -645,19 +645,7 @@
break;
case KAUTH_PROCESS_NICE:
- if (isroot) {
- result = KAUTH_RESULT_ALLOW;
- break;
- }
-
- if (kauth_cred_geteuid(cred) !=
- kauth_cred_geteuid(p-p_cred)
- kauth_cred_getuid(cred) !=
- kauth_cred_geteuid(p-p_cred)) {
- break;
- }
-
- if ((u_long)arg1 = p-p_nice)
+ if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Fri Oct 2 23:00:02 UTC 2009
Modified Files:
src/sys/miscfs/procfs: procfs_vfsops.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Put procfs policy back in the subsystem.
To generate a diff of this commit:
cvs rdiff -u -r1.83 -r1.84 src/sys/miscfs/procfs/procfs_vfsops.c
cvs rdiff -u -r1.7 -r1.8 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/miscfs/procfs/procfs_vfsops.c
diff -u src/sys/miscfs/procfs/procfs_vfsops.c:1.83 src/sys/miscfs/procfs/procfs_vfsops.c:1.84
--- src/sys/miscfs/procfs/procfs_vfsops.c:1.83 Sun Mar 15 17:22:38 2009
+++ src/sys/miscfs/procfs/procfs_vfsops.c Fri Oct 2 23:00:02 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: procfs_vfsops.c,v 1.83 2009/03/15 17:22:38 cegger Exp $ */
+/* $NetBSD: procfs_vfsops.c,v 1.84 2009/10/02 23:00:02 elad Exp $ */
/*
* Copyright (c) 1993
@@ -76,7 +76,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: procfs_vfsops.c,v 1.83 2009/03/15 17:22:38 cegger Exp $);
+__KERNEL_RCSID(0, $NetBSD: procfs_vfsops.c,v 1.84 2009/10/02 23:00:02 elad Exp $);
#if defined(_KERNEL_OPT)
#include opt_compat_netbsd.h
@@ -110,6 +110,8 @@
static struct sysctllog *procfs_sysctl_log;
+static kauth_listener_t procfs_listener;
+
/*
* VFS Operations.
*
@@ -305,6 +307,45 @@
};
static int
+procfs_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct proc *p;
+ struct pfsnode *pfs;
+ enum kauth_process_req req;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+ p = arg0;
+ pfs = arg1;
+ req = (enum kauth_process_req)(unsigned long)arg2;
+
+ if (action != KAUTH_PROCESS_PROCFS)
+ return result;
+
+ /* Privileged; let secmodel handle that. */
+ if (req == KAUTH_REQ_PROCESS_PROCFS_CTL)
+ return result;
+
+ switch (pfs-pfs_type) {
+ case PFSregs:
+ case PFSfpregs:
+ case PFSmem:
+ if (kauth_cred_getuid(cred) != kauth_cred_getuid(p-p_cred) ||
+ ISSET(p-p_flag, PK_SUGID))
+ break;
+
+ /*FALLTHROUGH*/
+ default:
+ result = KAUTH_RESULT_ALLOW;
+ break;
+ }
+
+ return result;
+}
+
+
+static int
procfs_modcmd(modcmd_t cmd, void *arg)
{
int error;
@@ -330,12 +371,17 @@
* one more instance of the number to vfs mapping problem,
* but 12 is the order as taken from sys/mount.h
*/
+
+ procfs_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ procfs_listener_cb, NULL);
+
break;
case MODULE_CMD_FINI:
error = vfs_detach(procfs_vfsops);
if (error != 0)
break;
sysctl_teardown(procfs_sysctl_log);
+ kauth_unlisten_scope(procfs_listener);
break;
default:
error = ENOTTY;
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.7 src/sys/secmodel/suser/secmodel_suser.c:1.8
--- src/sys/secmodel/suser/secmodel_suser.c:1.7 Fri Oct 2 22:46:18 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 2 23:00:02 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.8 2009/10/02 23:00:02 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.8 2009/10/02 23:00:02 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -574,36 +574,11 @@
break;
- case KAUTH_PROCESS_PROCFS: {
- enum kauth_process_req req = (enum kauth_process_req)arg2;
- struct pfsnode *pfs = arg1;
-
- if (isroot) {
- result = KAUTH_RESULT_ALLOW;
- break;
- }
-
- if (req == KAUTH_REQ_PROCESS_PROCFS_CTL) {
- break;
- }
-
- switch (pfs-pfs_type) {
- case PFSregs:
- case PFSfpregs:
- case PFSmem:
- if (kauth_cred_getuid(cred) !=
- kauth_cred_getuid(p-p_cred) ||
- ISSET(p-p_flag, PK_SUGID)) {
-break;
- }
- /*FALLTHROUGH*/
- default:
+ case KAUTH_PROCESS_PROCFS:
+ if (isroot)
result = KAUTH_RESULT_ALLOW;
- break;
- }
break;
- }
case KAUTH_PROCESS_PTRACE:
if (isroot)
CVS commit: src/sys/secmodel/suser
Module Name:src
Committed By: elad
Date: Fri Oct 2 23:06:33 UTC 2009
Modified Files:
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
- Squeeze function declarations where possible,
- KAUTH_RESULT_DEFER is the default (set at the beginning of each listener)
and as such does not need to be set explicitly in the switches.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.8 src/sys/secmodel/suser/secmodel_suser.c:1.9
--- src/sys/secmodel/suser/secmodel_suser.c:1.8 Fri Oct 2 23:00:02 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 2 23:06:33 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.8 2009/10/02 23:00:02 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.9 2009/10/02 23:06:33 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.8 2009/10/02 23:00:02 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.9 2009/10/02 23:06:33 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -232,8 +232,7 @@
*/
int
secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
-void *cookie, void *arg0, void *arg1,
-void *arg2, void *arg3)
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
bool isroot;
int result;
@@ -256,7 +255,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
@@ -272,8 +270,7 @@
*/
int
secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
-void *cookie, void *arg0, void *arg1,
-void *arg2, void *arg3)
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
bool isroot;
int result;
@@ -392,7 +389,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
@@ -439,7 +435,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
break;
@@ -496,7 +491,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
@@ -695,7 +689,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
@@ -711,8 +704,7 @@
*/
int
secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
-void *cookie, void *arg0, void *arg1, void *arg2,
-void *arg3)
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
bool isroot;
int result;
@@ -742,7 +734,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
@@ -803,7 +794,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
break;
@@ -870,7 +860,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
break;
@@ -950,7 +939,6 @@
default:
- result = KAUTH_RESULT_DEFER;
break;
}
@@ -966,8 +954,7 @@
*/
int
secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
-void *cookie, void *arg0, void *arg1, void *arg2,
-void *arg3)
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
bool isroot;
int result;
@@ -994,7 +981,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
@@ -1010,8 +996,7 @@
*/
int
secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
-void *cookie, void *arg0, void *arg1, void *arg2,
-void *arg3)
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
struct tty *tty;
bool isroot;
@@ -1100,7 +1085,6 @@
break;
default:
- result = KAUTH_RESULT_DEFER;
break;
}
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Fri Oct 2 23:16:22 UTC 2009
Modified Files:
src/sys/net: route.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Move routing socket security policy back to the subsystem.
To generate a diff of this commit:
cvs rdiff -u -r1.118 -r1.119 src/sys/net/route.c
cvs rdiff -u -r1.9 -r1.10 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/route.c
diff -u src/sys/net/route.c:1.118 src/sys/net/route.c:1.119
--- src/sys/net/route.c:1.118 Wed Sep 16 15:23:04 2009
+++ src/sys/net/route.c Fri Oct 2 23:16:21 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: route.c,v 1.118 2009/09/16 15:23:04 pooka Exp $ */
+/* $NetBSD: route.c,v 1.119 2009/10/02 23:16:21 elad Exp $ */
/*-
* Copyright (c) 1998, 2008 The NetBSD Foundation, Inc.
@@ -93,7 +93,7 @@
#include opt_route.h
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: route.c,v 1.118 2009/09/16 15:23:04 pooka Exp $);
+__KERNEL_RCSID(0, $NetBSD: route.c,v 1.119 2009/10/02 23:16:21 elad Exp $);
#include sys/param.h
#include sys/sysctl.h
@@ -108,6 +108,7 @@
#include sys/kernel.h
#include sys/ioctl.h
#include sys/pool.h
+#include sys/kauth.h
#include net/if.h
#include net/if_dl.h
@@ -138,6 +139,8 @@
static int _rtcache_debug = 0;
#endif /* RTFLUSH_DEBUG */
+static kauth_listener_t route_listener;
+
static int rtdeletemsg(struct rtentry *);
static int rtflushclone1(struct rtentry *, void *);
static void rtflushclone(sa_family_t family, struct rtentry *);
@@ -260,6 +263,22 @@
dom-dom_rtoffset);
}
+static int
+route_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct rt_msghdr *rtm;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+ rtm = arg1;
+
+ if (rtm-rtm_type == RTM_GET)
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
void
route_init(void)
{
@@ -276,6 +295,9 @@
rt_init();
rn_init(); /* initialize all zeroes, all ones, mask table */
rtable_init((void **)rt_tables);
+
+ route_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
+ route_listener_cb, NULL);
}
void
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.9 src/sys/secmodel/suser/secmodel_suser.c:1.10
--- src/sys/secmodel/suser/secmodel_suser.c:1.9 Fri Oct 2 23:06:33 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 2 23:16:21 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.9 2009/10/02 23:06:33 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.10 2009/10/02 23:16:21 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.9 2009/10/02 23:06:33 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.10 2009/10/02 23:16:21 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -865,16 +865,9 @@
break;
case KAUTH_NETWORK_ROUTE:
- switch (((struct rt_msghdr *)arg1)-rtm_type) {
- case RTM_GET:
+ if (isroot)
result = KAUTH_RESULT_ALLOW;
- break;
- default:
- if (isroot)
-result = KAUTH_RESULT_ALLOW;
- break;
- }
break;
case KAUTH_NETWORK_SOCKET:
CVS commit: src/sys/secmodel/suser
Module Name:src Committed By: elad Date: Fri Oct 2 23:18:12 UTC 2009 Modified Files: src/sys/secmodel/suser: secmodel_suser.c Log Message: Remove includes we don't need. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/sys/secmodel/suser/secmodel_suser.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/suser/secmodel_suser.c diff -u src/sys/secmodel/suser/secmodel_suser.c:1.10 src/sys/secmodel/suser/secmodel_suser.c:1.11 --- src/sys/secmodel/suser/secmodel_suser.c:1.10 Fri Oct 2 23:16:21 2009 +++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 2 23:18:12 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_suser.c,v 1.10 2009/10/02 23:16:21 elad Exp $ */ +/* $NetBSD: secmodel_suser.c,v 1.11 2009/10/02 23:18:12 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -38,22 +38,18 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.10 2009/10/02 23:16:21 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.11 2009/10/02 23:18:12 elad Exp $); #include sys/types.h #include sys/param.h #include sys/kauth.h -#include sys/acct.h #include sys/mutex.h -#include sys/ktrace.h #include sys/mount.h -#include sys/pset.h #include sys/socketvar.h #include sys/sysctl.h #include sys/tty.h #include net/route.h -#include sys/ptrace.h #include sys/vnode.h #include sys/proc.h #include sys/uidinfo.h
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Fri Oct 2 23:24:15 UTC 2009
Modified Files:
src/sys/kern: kern_sig.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Put signal delivery policy back in the subsystem.
To generate a diff of this commit:
cvs rdiff -u -r1.298 -r1.299 src/sys/kern/kern_sig.c
cvs rdiff -u -r1.11 -r1.12 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_sig.c
diff -u src/sys/kern/kern_sig.c:1.298 src/sys/kern/kern_sig.c:1.299
--- src/sys/kern/kern_sig.c:1.298 Sun May 24 21:41:26 2009
+++ src/sys/kern/kern_sig.c Fri Oct 2 23:24:15 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_sig.c,v 1.298 2009/05/24 21:41:26 ad Exp $ */
+/* $NetBSD: kern_sig.c,v 1.299 2009/10/02 23:24:15 elad Exp $ */
/*-
* Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -66,7 +66,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_sig.c,v 1.298 2009/05/24 21:41:26 ad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_sig.c,v 1.299 2009/10/02 23:24:15 elad Exp $);
#include opt_ptrace.h
#include opt_compat_sunos.h
@@ -140,6 +140,29 @@
static const char lognocoredump[] =
pid %d (%s), uid %d: exited on signal %d (core not dumped, err = %d)\n;
+static kauth_listener_t signal_listener;
+
+static int
+signal_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct proc *p;
+ int result, signum;
+
+ result = KAUTH_RESULT_DEFER;
+ p = arg0;
+ signum = (int)(unsigned long)arg1;
+
+ if (action != KAUTH_PROCESS_SIGNAL)
+ return result;
+
+ if (kauth_cred_uidmatch(cred, p-p_cred) ||
+ (signum == SIGCONT (curproc-p_session == p-p_session)))
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
/*
* signal_init:
*
@@ -165,6 +188,9 @@
callout_init(proc_stop_ch, CALLOUT_MPSAFE);
callout_setfunc(proc_stop_ch, proc_stop_callout, NULL);
+
+ signal_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ signal_listener_cb, NULL);
}
/*
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.11 src/sys/secmodel/suser/secmodel_suser.c:1.12
--- src/sys/secmodel/suser/secmodel_suser.c:1.11 Fri Oct 2 23:18:12 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 2 23:24:15 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.11 2009/10/02 23:18:12 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.12 2009/10/02 23:24:15 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.11 2009/10/02 23:18:12 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.12 2009/10/02 23:24:15 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -513,16 +513,11 @@
p = arg0;
switch (action) {
- case KAUTH_PROCESS_SIGNAL: {
- int signum;
-
- signum = (int)(unsigned long)arg1;
-
- if (isroot || kauth_cred_uidmatch(cred, p-p_cred) ||
- (signum == SIGCONT (curproc-p_session == p-p_session)))
+ case KAUTH_PROCESS_SIGNAL:
+ if (isroot)
result = KAUTH_RESULT_ALLOW;
+
break;
- }
case KAUTH_PROCESS_CANSEE: {
unsigned long req;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Fri Oct 2 23:50:16 UTC 2009
Modified Files:
src/sys/kern: uipc_socket.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Move some of the socket policy back to the subsystem.
Remove include we don't need in the secmodel code.
To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 src/sys/kern/uipc_socket.c
cvs rdiff -u -r1.12 -r1.13 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_socket.c
diff -u src/sys/kern/uipc_socket.c:1.190 src/sys/kern/uipc_socket.c:1.191
--- src/sys/kern/uipc_socket.c:1.190 Fri Sep 11 22:06:29 2009
+++ src/sys/kern/uipc_socket.c Fri Oct 2 23:50:16 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_socket.c,v 1.190 2009/09/11 22:06:29 dyoung Exp $ */
+/* $NetBSD: uipc_socket.c,v 1.191 2009/10/02 23:50:16 elad Exp $ */
/*-
* Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.190 2009/09/11 22:06:29 dyoung Exp $);
+__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.191 2009/10/02 23:50:16 elad Exp $);
#include opt_compat_netbsd.h
#include opt_sock_counters.h
@@ -151,6 +151,8 @@
static int socurkva;
static kcondvar_t socurkva_cv;
+static kauth_listener_t socket_listener;
+
#define SOCK_LOAN_CHUNK 65536
static size_t sodopendfree(void);
@@ -428,6 +430,53 @@
return m;
}
+static int
+socket_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+ enum kauth_network_req req;
+
+ result = KAUTH_RESULT_DEFER;
+ req = (enum kauth_network_req)arg0;
+
+ if (action != KAUTH_NETWORK_SOCKET)
+ return result;
+
+ switch (req) {
+ case KAUTH_REQ_NETWORK_SOCKET_DROP: {
+ /* Normal users can only drop their own connections. */
+ struct socket *so = (struct socket *)arg1;
+ uid_t sockuid = so-so_uidinfo-ui_uid;
+
+ if (sockuid == kauth_cred_getuid(cred) ||
+ sockuid == kauth_cred_geteuid(cred))
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+ }
+
+ case KAUTH_REQ_NETWORK_SOCKET_OPEN:
+ /* We allow raw routing/bluetooth sockets to anyone. */
+ if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_BLUETOOTH)
+ result = KAUTH_RESULT_ALLOW;
+ else {
+ /* Privileged, let secmodel handle this. */
+ if ((u_long)arg2 == SOCK_RAW)
+break;
+ }
+
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
void
soinit(void)
{
@@ -445,6 +494,9 @@
callback_register(vm_map_to_kernel(kernel_map)-vmk_reclaim_callback,
sokva_reclaimerentry, NULL, sokva_reclaim_callback);
+
+ socket_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
+ socket_listener_cb, NULL);
}
/*
@@ -499,6 +551,7 @@
so-so_snd.sb_mowner = prp-pr_domain-dom_mowner;
so-so_mowner = prp-pr_domain-dom_mowner;
#endif
+ /* so-so_cred = kauth_cred_dup(l-l_cred); */
uid = kauth_cred_geteuid(l-l_cred);
so-so_uidinfo = uid_find(uid);
so-so_egid = kauth_cred_getegid(l-l_cred);
@@ -641,6 +694,7 @@
/* Remove acccept filter if one is present. */
if (so-so_accf != NULL)
(void)accept_filt_clear(so);
+ /* kauth_cred_free(so-so_cred); */
sounlock(so);
if (refs == 0) /* XXX */
soput(so);
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.12 src/sys/secmodel/suser/secmodel_suser.c:1.13
--- src/sys/secmodel/suser/secmodel_suser.c:1.12 Fri Oct 2 23:24:15 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 2 23:50:16 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.12 2009/10/02 23:24:15 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.13 2009/10/02 23:50:16 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.12 2009/10/02 23:24:15 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.13 2009/10/02 23:50:16 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -49,7 +49,6 @@
#include sys/socketvar.h
#include sys/sysctl.h
#include sys/tty.h
-#include net/route.h
#include sys/vnode.h
#include sys/proc.h
#include sys/uidinfo.h
@@ -864,55 +863,29 @@
case KAUTH_NETWORK_SOCKET:
switch (req) {
case KAUTH_REQ_NETWORK_SOCKET_DROP:
- /*
- * The superuser can drop any connection. Normal users
- * can only drop their own connections.
- */
- if (isroot)
-result = KAUTH_RESULT_ALLOW;
- else {
-struct socket *so = (struct socket *)arg1;
-uid_t sockuid = so-so_uidinfo-ui_uid;
-
-if (sockuid == kauth_cred_getuid(cred) ||
-sockuid == kauth_cred_geteuid(cred))
- result = KAUTH_RESULT_ALLOW;
- }
-
-
- break;
-
case KAUTH_REQ_NETWORK_SOCKET_OPEN:
- if ((u_long)arg1 == PF_ROUTE || (u_long
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Fri Oct 2 23:58:54 UTC 2009
Modified Files:
src/sys/kern: tty.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Put the tty opening policy back in the subsystem.
Remove include we don't need from the secmodel code.
To generate a diff of this commit:
cvs rdiff -u -r1.232 -r1.233 src/sys/kern/tty.c
cvs rdiff -u -r1.13 -r1.14 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/tty.c
diff -u src/sys/kern/tty.c:1.232 src/sys/kern/tty.c:1.233
--- src/sys/kern/tty.c:1.232 Sat Aug 1 23:07:05 2009
+++ src/sys/kern/tty.c Fri Oct 2 23:58:53 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: tty.c,v 1.232 2009/08/01 23:07:05 christos Exp $ */
+/* $NetBSD: tty.c,v 1.233 2009/10/02 23:58:53 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: tty.c,v 1.232 2009/08/01 23:07:05 christos Exp $);
+__KERNEL_RCSID(0, $NetBSD: tty.c,v 1.233 2009/10/02 23:58:53 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -206,6 +206,8 @@
uint64_t tk_nout;
uint64_t tk_rawcc;
+static kauth_listener_t tty_listener;
+
SYSCTL_SETUP(sysctl_kern_tkstat_setup, sysctl kern.tkstat subtree setup)
{
@@ -2717,6 +2719,36 @@
va_end(ap);
}
+static int
+tty_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct tty *tty;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+
+ if (action != KAUTH_DEVICE_TTY_OPEN)
+ return result;
+
+ tty = arg0;
+
+ /* If it's not opened, we allow. */
+ if ((tty-t_state TS_ISOPEN) == 0)
+ result = KAUTH_RESULT_ALLOW;
+ else {
+ /*
+ * If it's opened, we can only allow if it's not exclusively
+ * opened; otherwise, that's a privileged operation and we
+ * let the secmodel handle it.
+ */
+ if ((tty-t_state TS_XCLUDE) == 0)
+ result = KAUTH_RESULT_ALLOW;
+ }
+
+ return result;
+}
+
/*
* Initialize the tty subsystem.
*/
@@ -2728,6 +2760,9 @@
rw_init(ttcompat_lock);
tty_sigsih = softint_establish(SOFTINT_CLOCK, ttysigintr, NULL);
KASSERT(tty_sigsih != NULL);
+
+ tty_listener = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
+ tty_listener_cb, NULL);
}
/*
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.13 src/sys/secmodel/suser/secmodel_suser.c:1.14
--- src/sys/secmodel/suser/secmodel_suser.c:1.13 Fri Oct 2 23:50:16 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Fri Oct 2 23:58:53 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.13 2009/10/02 23:50:16 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.13 2009/10/02 23:50:16 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -48,7 +48,6 @@
#include sys/mount.h
#include sys/socketvar.h
#include sys/sysctl.h
-#include sys/tty.h
#include sys/vnode.h
#include sys/proc.h
#include sys/uidinfo.h
@@ -955,7 +954,6 @@
secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
- struct tty *tty;
bool isroot;
int result;
@@ -1001,14 +999,7 @@
break;
case KAUTH_DEVICE_TTY_OPEN:
- tty = arg0;
-
- if (!(tty-t_state TS_ISOPEN))
- result = KAUTH_RESULT_ALLOW;
- else if (tty-t_state TS_XCLUDE) {
- if (isroot)
-result = KAUTH_RESULT_ALLOW;
- } else
+ if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Oct 3 00:06:37 UTC 2009
Modified Files:
src/sys/kern: kern_module.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Put module loading policy back in the subsystem.
Revisit: consider moving kauth_init() above module_init() in main().
To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/sys/kern/kern_module.c
cvs rdiff -u -r1.14 -r1.15 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_module.c
diff -u src/sys/kern/kern_module.c:1.50 src/sys/kern/kern_module.c:1.51
--- src/sys/kern/kern_module.c:1.50 Fri Oct 2 18:50:14 2009
+++ src/sys/kern/kern_module.c Sat Oct 3 00:06:37 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_module.c,v 1.50 2009/10/02 18:50:14 elad Exp $ */
+/* $NetBSD: kern_module.c,v 1.51 2009/10/03 00:06:37 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_module.c,v 1.50 2009/10/02 18:50:14 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_module.c,v 1.51 2009/10/03 00:06:37 elad Exp $);
#ifdef _KERNEL_OPT
#include opt_ddb.h
@@ -78,6 +78,8 @@
static kmutex_t module_thread_lock;
static int module_thread_ticks;
+static kauth_listener_t module_listener;
+
/* Ensure that the kernel's link set isn't empty. */
static modinfo_t module_dummy;
__link_set_add_rodata(modules, module_dummy);
@@ -163,6 +165,23 @@
#endif
}
+static int
+module_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+
+ if (action != KAUTH_SYSTEM_MODULE)
+ return result;
+
+ if ((uintptr_t)arg2 != 0) /* autoload */
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
/*
* module_init2:
*
@@ -177,6 +196,9 @@
NULL, NULL, modunload);
if (error != 0)
panic(module_init: %d, error);
+
+ module_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+ module_listener_cb, NULL);
}
SYSCTL_SETUP(sysctl_module_setup, sysctl module setup)
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.14 src/sys/secmodel/suser/secmodel_suser.c:1.15
--- src/sys/secmodel/suser/secmodel_suser.c:1.14 Fri Oct 2 23:58:53 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 00:06:37 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -480,8 +480,7 @@
case KAUTH_SYSTEM_MODULE:
if (isroot)
result = KAUTH_RESULT_ALLOW;
- if ((uintptr_t)arg2 != 0) /* autoload */
- result = KAUTH_RESULT_ALLOW;
+
break;
default:
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Oct 3 00:14:07 UTC 2009
Modified Files:
src/sys/kern: kern_event.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Move kevent policy back to the subsystem.
To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 src/sys/kern/kern_event.c
cvs rdiff -u -r1.15 -r1.16 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_event.c
diff -u src/sys/kern/kern_event.c:1.65 src/sys/kern/kern_event.c:1.66
--- src/sys/kern/kern_event.c:1.65 Sun May 24 21:41:26 2009
+++ src/sys/kern/kern_event.c Sat Oct 3 00:14:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_event.c,v 1.65 2009/05/24 21:41:26 ad Exp $ */
+/* $NetBSD: kern_event.c,v 1.66 2009/10/03 00:14:07 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -58,7 +58,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_event.c,v 1.65 2009/05/24 21:41:26 ad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_event.c,v 1.66 2009/10/03 00:14:07 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -173,6 +173,30 @@
static krwlock_t kqueue_filter_lock; /* lock on filter lists */
static kmutex_t kqueue_misc_lock; /* miscellaneous */
+static kauth_listener_t kqueue_listener;
+
+static int
+kqueue_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct proc *p;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+ p = arg0;
+
+ if (action != KAUTH_PROCESS_KEVENT_FILTER)
+ return result;
+
+ if ((kauth_cred_getuid(p-p_cred) != kauth_cred_getuid(cred) ||
+ ISSET(p-p_flag, PK_SUGID)))
+ return result;
+
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
/*
* Initialize the kqueue subsystem.
*/
@@ -182,6 +206,9 @@
rw_init(kqueue_filter_lock);
mutex_init(kqueue_misc_lock, MUTEX_DEFAULT, IPL_NONE);
+
+ kqueue_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ kqueue_listener_cb, NULL);
}
/*
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.15 src/sys/secmodel/suser/secmodel_suser.c:1.16
--- src/sys/secmodel/suser/secmodel_suser.c:1.15 Sat Oct 3 00:06:37 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 00:14:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.16 2009/10/03 00:14:07 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.16 2009/10/03 00:14:07 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -591,12 +591,7 @@
}
case KAUTH_PROCESS_KEVENT_FILTER:
- if ((kauth_cred_getuid(p-p_cred) !=
- kauth_cred_getuid(cred) ||
- ISSET(p-p_flag, PK_SUGID))
- !isroot)
- break;
- else
+ if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
CVS commit: src/sys
/sys/secmodel/suser/secmodel_suser.c:1.16 Sat Oct 3 00:14:07 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 00:37:01 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.16 2009/10/03 00:14:07 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.16 2009/10/03 00:14:07 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -738,25 +738,6 @@
}
break;
- case KAUTH_NETWORK_FIREWALL:
- switch (req) {
- case KAUTH_REQ_NETWORK_FIREWALL_FW:
- case KAUTH_REQ_NETWORK_FIREWALL_NAT:
- /*
- * Decisions are root-agnostic.
- *
- * Both requests are issued from the context of a
- * device with permission bits acting as access
- * control.
- */
- result = KAUTH_RESULT_ALLOW;
- break;
-
- default:
- break;
- }
- break;
-
case KAUTH_NETWORK_FORWSRCRT:
if (isroot)
result = KAUTH_RESULT_ALLOW;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Oct 3 01:30:25 UTC 2009
Modified Files:
src/sys/kern: kern_synch.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Move sched policy back to the subsystem.
To generate a diff of this commit:
cvs rdiff -u -r1.267 -r1.268 src/sys/kern/kern_synch.c
cvs rdiff -u -r1.17 -r1.18 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_synch.c
diff -u src/sys/kern/kern_synch.c:1.267 src/sys/kern/kern_synch.c:1.268
--- src/sys/kern/kern_synch.c:1.267 Sun Jul 19 10:11:55 2009
+++ src/sys/kern/kern_synch.c Sat Oct 3 01:30:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $ */
+/* $NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $ */
/*-
* Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009
@@ -69,7 +69,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $);
#include opt_kstack.h
#include opt_perfctrs.h
@@ -97,6 +97,7 @@
#include sys/lwpctl.h
#include sys/atomic.h
#include sys/simplelock.h
+#include sys/kauth.h
#include uvm/uvm_extern.h
@@ -127,6 +128,8 @@
unsigned sched_pstats_ticks;
kcondvar_t lbolt; /* once a second sleep address */
+kauth_listener_t sched_listener;
+
/* Preemption event counters */
static struct evcnt kpreempt_ev_crit;
static struct evcnt kpreempt_ev_klock;
@@ -142,6 +145,55 @@
*/
int safepri;
+static int
+sched_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct proc *p;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+ p = arg0;
+
+ switch (action) {
+ case KAUTH_PROCESS_SCHEDULER_GETPARAM:
+ if (kauth_cred_uidmatch(cred, p-p_cred))
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
+ case KAUTH_PROCESS_SCHEDULER_SETPARAM:
+ if (kauth_cred_uidmatch(cred, p-p_cred)) {
+ struct lwp *l;
+ int policy;
+ pri_t priority;
+
+ l = arg1;
+ policy = (int)(unsigned long)arg2;
+ priority = (pri_t)(unsigned long)arg3;
+
+ if ((policy == l-l_class ||
+ (policy != SCHED_FIFO policy != SCHED_RR))
+ priority = l-l_priority)
+result = KAUTH_RESULT_ALLOW;
+ }
+
+ break;
+
+ case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
+ case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
+ /* Privileged; we let the secmodel handle this. */
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
void
sched_init(void)
{
@@ -158,6 +210,9 @@
kpreempt, immediate);
sched_pstats(NULL);
+
+ sched_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ sched_listener_cb, NULL);
}
/*
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.17 src/sys/secmodel/suser/secmodel_suser.c:1.18
--- src/sys/secmodel/suser/secmodel_suser.c:1.17 Sat Oct 3 00:37:01 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 01:30:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -623,36 +623,7 @@
}
case KAUTH_PROCESS_SCHEDULER_GETPARAM:
- if (isroot || kauth_cred_uidmatch(cred, p-p_cred))
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
case KAUTH_PROCESS_SCHEDULER_SETPARAM:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
- else if (kauth_cred_uidmatch(cred, p-p_cred)) {
- struct lwp *l;
- int policy;
- pri_t priority;
-
- l = arg1;
- policy = (int)(unsigned long)arg2;
- priority = (pri_t)(unsigned long)arg3;
-
- if ((policy == l-l_class ||
- (policy != SCHED_FIFO policy != SCHED_RR))
- priority = l-l_priority)
-result = KAUTH_RESULT_ALLOW;
- }
-
- break;
-
- case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
if (isroot)
result = KAUTH_RESULT_ALLOW;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Oct 3 01:41:39 UTC 2009
Modified Files:
src/sys/kern: uipc_socket.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Finish moving socket policy to the subsystem.
To generate a diff of this commit:
cvs rdiff -u -r1.191 -r1.192 src/sys/kern/uipc_socket.c
cvs rdiff -u -r1.18 -r1.19 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_socket.c
diff -u src/sys/kern/uipc_socket.c:1.191 src/sys/kern/uipc_socket.c:1.192
--- src/sys/kern/uipc_socket.c:1.191 Fri Oct 2 23:50:16 2009
+++ src/sys/kern/uipc_socket.c Sat Oct 3 01:41:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_socket.c,v 1.191 2009/10/02 23:50:16 elad Exp $ */
+/* $NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $ */
/*-
* Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.191 2009/10/02 23:50:16 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $);
#include opt_compat_netbsd.h
#include opt_sock_counters.h
@@ -470,6 +470,11 @@
break;
+ case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
default:
break;
}
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.18 src/sys/secmodel/suser/secmodel_suser.c:1.19
--- src/sys/secmodel/suser/secmodel_suser.c:1.18 Sat Oct 3 01:30:25 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 01:41:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -822,14 +822,14 @@
}
if (secmodel_bsd44_curtain) {
+struct socket *so;
uid_t so_uid;
-so_uid =
-((struct socket *)arg1)-so_uidinfo-ui_uid;
-if (kauth_cred_geteuid(cred) == so_uid)
- result = KAUTH_RESULT_ALLOW;
- } else
-result = KAUTH_RESULT_ALLOW;
+so = (struct socket *)arg1;
+so_uid = so-so_uidinfo-ui_uid;
+if (kauth_cred_geteuid(cred) != so_uid)
+ result = KAUTH_RESULT_DENY;
+ }
break;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Oct 3 01:46:39 UTC 2009
Modified Files:
src/sys/net: if.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Move default network interface policy back to the subsystem.
To generate a diff of this commit:
cvs rdiff -u -r1.238 -r1.239 src/sys/net/if.c
cvs rdiff -u -r1.19 -r1.20 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if.c
diff -u src/sys/net/if.c:1.238 src/sys/net/if.c:1.239
--- src/sys/net/if.c:1.238 Sat Sep 19 11:02:07 2009
+++ src/sys/net/if.c Sat Oct 3 01:46:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if.c,v 1.238 2009/09/19 11:02:07 skrll Exp $ */
+/* $NetBSD: if.c,v 1.239 2009/10/03 01:46:39 elad Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: if.c,v 1.238 2009/09/19 11:02:07 skrll Exp $);
+__KERNEL_RCSID(0, $NetBSD: if.c,v 1.239 2009/10/03 01:46:39 elad Exp $);
#include opt_inet.h
@@ -166,6 +166,8 @@
struct pfil_head if_pfil; /* packet filtering hook for interfaces */
#endif
+static kauth_listener_t if_listener;
+
static void if_detach_queues(struct ifnet *, struct ifqueue *);
static void sysctl_sndq_setup(struct sysctllog **, const char *,
struct ifaltq *);
@@ -173,6 +175,26 @@
static void sysctl_net_ifq_setup(struct sysctllog **, int, const char *,
int, const char *, int, struct ifqueue *);
+static int
+if_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+ enum kauth_network_req req;
+
+ result = KAUTH_RESULT_DEFER;
+ req = (enum kauth_network_req)arg1;
+
+ if (action != KAUTH_NETWORK_INTERFACE)
+ return result;
+
+ if ((req == KAUTH_REQ_NETWORK_INTERFACE_GET) ||
+ (req == KAUTH_REQ_NETWORK_INTERFACE_SET))
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
/*
* Network interface utility routines.
*
@@ -195,6 +217,9 @@
callout_init(if_slowtimo_ch, 0);
if_slowtimo(NULL);
+
+ if_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
+ if_listener_cb, NULL);
}
/*
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.19 src/sys/secmodel/suser/secmodel_suser.c:1.20
--- src/sys/secmodel/suser/secmodel_suser.c:1.19 Sat Oct 3 01:41:39 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 01:46:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -717,11 +717,6 @@
case KAUTH_NETWORK_INTERFACE:
switch (req) {
- case KAUTH_REQ_NETWORK_INTERFACE_GET:
- case KAUTH_REQ_NETWORK_INTERFACE_SET:
- result = KAUTH_RESULT_ALLOW;
- break;
-
case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
if (isroot)
CVS commit: src/sys/secmodel/suser
Module Name:src
Committed By: elad
Date: Sat Oct 3 01:52:14 UTC 2009
Modified Files:
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
secmodel_bsd44_curtain - secmodel_suser_curtain (static).
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.20 src/sys/secmodel/suser/secmodel_suser.c:1.21
--- src/sys/secmodel/suser/secmodel_suser.c:1.20 Sat Oct 3 01:46:39 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 01:52:14 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.21 2009/10/03 01:52:14 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.21 2009/10/03 01:52:14 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -59,7 +59,7 @@
MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
-static int secmodel_bsd44_curtain;
+static int secmodel_suser_curtain;
/* static */ int dovfsusermount;
static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
@@ -101,7 +101,7 @@
CTLTYPE_INT, curtain,
SYSCTL_DESCR(Curtain information about objects to \
users not owning them.),
- NULL, 0, secmodel_bsd44_curtain, 0,
+ NULL, 0, secmodel_suser_curtain, 0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, rnode, NULL,
@@ -124,7 +124,7 @@
CTLTYPE_INT, curtain,
SYSCTL_DESCR(Curtain information about objects to \
users not owning them.),
- NULL, 0, secmodel_bsd44_curtain, 0,
+ NULL, 0, secmodel_suser_curtain, 0,
CTL_CREATE, CTL_EOL);
/* Compatibility: vfs.generic.usermount */
@@ -153,7 +153,7 @@
void
secmodel_suser_init(void)
{
- secmodel_bsd44_curtain = 0;
+ secmodel_suser_curtain = 0;
dovfsusermount = 0;
}
@@ -241,7 +241,7 @@
break;
case KAUTH_GENERIC_CANSEE:
- if (!secmodel_bsd44_curtain)
+ if (!secmodel_suser_curtain)
result = KAUTH_RESULT_ALLOW;
else if (isroot || kauth_cred_uidmatch(cred, arg0))
result = KAUTH_RESULT_ALLOW;
@@ -525,7 +525,7 @@
case KAUTH_REQ_PROCESS_CANSEE_ARGS:
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
- if (!secmodel_bsd44_curtain)
+ if (!secmodel_suser_curtain)
result = KAUTH_RESULT_ALLOW;
else if (isroot || kauth_cred_uidmatch(cred, p-p_cred))
result = KAUTH_RESULT_ALLOW;
@@ -816,7 +816,7 @@
break;
}
- if (secmodel_bsd44_curtain) {
+ if (secmodel_suser_curtain) {
struct socket *so;
uid_t so_uid;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Oct 3 02:01:12 UTC 2009
Modified Files:
src/sys/dev: clockctl.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Move clockctl policy exception back to the subsystem.
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/sys/dev/clockctl.c
cvs rdiff -u -r1.21 -r1.22 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/clockctl.c
diff -u src/sys/dev/clockctl.c:1.27 src/sys/dev/clockctl.c:1.28
--- src/sys/dev/clockctl.c:1.27 Sun Feb 22 13:06:59 2009
+++ src/sys/dev/clockctl.c Sat Oct 3 02:01:12 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: clockctl.c,v 1.27 2009/02/22 13:06:59 nakayama Exp $ */
+/* $NetBSD: clockctl.c,v 1.28 2009/10/03 02:01:12 elad Exp $ */
/*-
* Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: clockctl.c,v 1.27 2009/02/22 13:06:59 nakayama Exp $);
+__KERNEL_RCSID(0, $NetBSD: clockctl.c,v 1.28 2009/10/03 02:01:12 elad Exp $);
#include opt_ntp.h
#include opt_compat_netbsd.h
@@ -47,6 +47,7 @@
#ifdef NTP
#include sys/timex.h
#endif /* NTP */
+#include sys/kauth.h
#include sys/clockctl.h
#ifdef COMPAT_50
@@ -64,12 +65,39 @@
nostop, notty, nopoll, nommap, nokqfilter, D_OTHER,
};
+static kauth_listener_t clockctl_listener;
+
+static int
+clockctl_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+ enum kauth_system_req req;
+ bool device_context;
+
+ result = KAUTH_RESULT_DEFER;
+ req = (enum kauth_system_req)arg0;
+
+ if ((action != KAUTH_SYSTEM_TIME) ||
+ (req != KAUTH_REQ_SYSTEM_TIME_SYSTEM))
+ return result;
+
+ device_context = (bool)arg3;
+
+ /* Device is controlled by permissions, so allow. */
+ if (device_context)
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
/*ARGSUSED*/
void
clockctlattach(int num)
{
- /* Nothing to set up before open is called */
- return;
+
+ clockctl_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+ clockctl_listener_cb, NULL);
}
int
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.21 src/sys/secmodel/suser/secmodel_suser.c:1.22
--- src/sys/secmodel/suser/secmodel_suser.c:1.21 Sat Oct 3 01:52:14 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 02:01:12 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.21 2009/10/03 01:52:14 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.22 2009/10/03 02:01:12 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.21 2009/10/03 01:52:14 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.22 2009/10/03 02:01:12 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -410,19 +410,7 @@
case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
- if (isroot)
-result = KAUTH_RESULT_ALLOW;
- break;
-
- case KAUTH_REQ_SYSTEM_TIME_SYSTEM: {
- bool device_context = (bool)arg3;
-
- if (device_context || isroot)
-result = KAUTH_RESULT_ALLOW;
-
- break;
- }
-
+ case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
if (isroot)
result = KAUTH_RESULT_ALLOW;
CVS commit: src/sys/secmodel/suser
Module Name:src
Committed By: elad
Date: Sat Oct 3 02:06:11 UTC 2009
Modified Files:
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Make this file a little bit smaller by collapsing cases.
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.22 src/sys/secmodel/suser/secmodel_suser.c:1.23
--- src/sys/secmodel/suser/secmodel_suser.c:1.22 Sat Oct 3 02:01:12 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 02:06:11 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.22 2009/10/03 02:01:12 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.23 2009/10/03 02:06:11 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.22 2009/10/03 02:01:12 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.23 2009/10/03 02:06:11 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -444,6 +444,8 @@
case KAUTH_SYSTEM_CHROOT:
case KAUTH_SYSTEM_FILEHANDLE:
case KAUTH_SYSTEM_MKNOD:
+ case KAUTH_SYSTEM_SETIDCORE:
+ case KAUTH_SYSTEM_MODULE:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
@@ -459,18 +461,6 @@
break;
- case KAUTH_SYSTEM_SETIDCORE:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
- case KAUTH_SYSTEM_MODULE:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
default:
break;
}
@@ -499,6 +489,15 @@
switch (action) {
case KAUTH_PROCESS_SIGNAL:
+ case KAUTH_PROCESS_KTRACE:
+ case KAUTH_PROCESS_PROCFS:
+ case KAUTH_PROCESS_PTRACE:
+ case KAUTH_PROCESS_SCHEDULER_GETPARAM:
+ case KAUTH_PROCESS_SCHEDULER_SETPARAM:
+ case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
+ case KAUTH_PROCESS_SETID:
+ case KAUTH_PROCESS_KEVENT_FILTER:
+ case KAUTH_PROCESS_NICE:
if (isroot)
result = KAUTH_RESULT_ALLOW;
@@ -538,24 +537,6 @@
break;
}
- case KAUTH_PROCESS_KTRACE:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
- case KAUTH_PROCESS_PROCFS:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
- case KAUTH_PROCESS_PTRACE:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
case KAUTH_PROCESS_CORENAME:
if (isroot || proc_uidmatch(cred, p-p_cred) == 0)
result = KAUTH_RESULT_ALLOW;
@@ -578,18 +559,6 @@
break;
}
- case KAUTH_PROCESS_KEVENT_FILTER:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
- case KAUTH_PROCESS_NICE:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
case KAUTH_PROCESS_RLIMIT: {
enum kauth_process_req req;
@@ -610,19 +579,6 @@
break;
}
- case KAUTH_PROCESS_SCHEDULER_GETPARAM:
- case KAUTH_PROCESS_SCHEDULER_SETPARAM:
- case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
- case KAUTH_PROCESS_SETID:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
- break;
-
case KAUTH_PROCESS_STOPFLAG:
if (isroot || proc_uidmatch(cred, p-p_cred) == 0) {
result = KAUTH_RESULT_ALLOW;
@@ -698,6 +654,7 @@
break;
case KAUTH_NETWORK_FORWSRCRT:
+ case KAUTH_NETWORK_ROUTE:
if (isroot)
result = KAUTH_RESULT_ALLOW;
@@ -782,12 +739,6 @@
}
break;
- case KAUTH_NETWORK_ROUTE:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
case KAUTH_NETWORK_SOCKET:
switch (req) {
case KAUTH_REQ_NETWORK_SOCKET_DROP:
@@ -893,6 +844,12 @@
case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
case KAUTH_DEVICE_BLUETOOTH_SEND:
case KAUTH_DEVICE_BLUETOOTH_RECV:
+ case KAUTH_DEVICE_TTY_OPEN:
+ case KAUTH_DEVICE_TTY_PRIVSET:
+ case KAUTH_DEVICE_TTY_STI:
+ case KAUTH_DEVICE_RND_ADDDATA:
+ case KAUTH_DEVICE_RND_GETPRIV:
+ case KAUTH_DEVICE_RND_SETPRIV:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
@@ -927,31 +884,6 @@
result = KAUTH_RESULT_ALLOW;
break;
- case KAUTH_DEVICE_TTY_OPEN:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
- case KAUTH_DEVICE_TTY_PRIVSET:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
- case KAUTH_DEVICE_TTY_STI:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
- case KAUTH_DEVICE_RND_ADDDATA:
- case KAUTH_DEVICE_RND_GETPRIV:
- case KAUTH_DEVICE_RND_SETPRIV:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
- break;
-
case KAUTH_DEVICE_GPIO_PINSET:
/*
* root can access gpio pins, secmodel_securlevel can veto
CVS commit: src/sys/net
Module Name:src Committed By: elad Date: Sat Oct 3 02:22:22 UTC 2009 Modified Files: src/sys/net: route.c Log Message: We only care about KAUTH_NETWORK_ROUTE. To generate a diff of this commit: cvs rdiff -u -r1.119 -r1.120 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.119 src/sys/net/route.c:1.120 --- src/sys/net/route.c:1.119 Fri Oct 2 23:16:21 2009 +++ src/sys/net/route.c Sat Oct 3 02:22:22 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: route.c,v 1.119 2009/10/02 23:16:21 elad Exp $ */ +/* $NetBSD: route.c,v 1.120 2009/10/03 02:22:22 elad Exp $ */ /*- * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc. @@ -93,7 +93,7 @@ #include opt_route.h #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: route.c,v 1.119 2009/10/02 23:16:21 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: route.c,v 1.120 2009/10/03 02:22:22 elad Exp $); #include sys/param.h #include sys/sysctl.h @@ -273,6 +273,9 @@ result = KAUTH_RESULT_DEFER; rtm = arg1; + if (action != KAUTH_NETWORK_ROUTE) + return result; + if (rtm-rtm_type == RTM_GET) result = KAUTH_RESULT_ALLOW;
CVS commit: src/sys/secmodel/suser
Module Name:src Committed By: elad Date: Sat Oct 3 03:02:55 UTC 2009 Modified Files: src/sys/secmodel/suser: secmodel_suser.c Log Message: One less include. To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/sys/secmodel/suser/secmodel_suser.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/suser/secmodel_suser.c diff -u src/sys/secmodel/suser/secmodel_suser.c:1.23 src/sys/secmodel/suser/secmodel_suser.c:1.24 --- src/sys/secmodel/suser/secmodel_suser.c:1.23 Sat Oct 3 02:06:11 2009 +++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 03:02:55 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_suser.c,v 1.23 2009/10/03 02:06:11 elad Exp $ */ +/* $NetBSD: secmodel_suser.c,v 1.24 2009/10/03 03:02:55 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -38,7 +38,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.23 2009/10/03 02:06:11 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.24 2009/10/03 03:02:55 elad Exp $); #include sys/types.h #include sys/param.h @@ -53,8 +53,6 @@ #include sys/uidinfo.h #include sys/module.h -#include miscfs/procfs/procfs.h - #include secmodel/suser/suser.h MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Oct 3 03:38:31 UTC 2009
Modified Files:
src/sys/kern: kern_proc.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Move policies for KAUTH_PROCESS_{CANSEE,CORENAME,STOPFLAG,FORK} back to
the subsystem.
Note: Consider killing the signal listener and sticking
KAUTH_PROCESS_SIGNAL here as well.
To generate a diff of this commit:
cvs rdiff -u -r1.152 -r1.153 src/sys/kern/kern_proc.c
cvs rdiff -u -r1.24 -r1.25 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_proc.c
diff -u src/sys/kern/kern_proc.c:1.152 src/sys/kern/kern_proc.c:1.153
--- src/sys/kern/kern_proc.c:1.152 Sat May 23 18:28:06 2009
+++ src/sys/kern/kern_proc.c Sat Oct 3 03:38:31 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_proc.c,v 1.152 2009/05/23 18:28:06 ad Exp $ */
+/* $NetBSD: kern_proc.c,v 1.153 2009/10/03 03:38:31 elad Exp $ */
/*-
* Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: kern_proc.c,v 1.152 2009/05/23 18:28:06 ad Exp $);
+__KERNEL_RCSID(0, $NetBSD: kern_proc.c,v 1.153 2009/10/03 03:38:31 elad Exp $);
#include opt_kstack.h
#include opt_maxuprc.h
@@ -235,6 +235,80 @@
static pool_cache_t proc_cache;
+static kauth_listener_t proc_listener;
+
+static int
+proc_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct proc *p;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+ p = arg0;
+
+ switch (action) {
+ case KAUTH_PROCESS_CANSEE: {
+ enum kauth_process_req req;
+
+ req = (enum kauth_process_req)arg1;
+
+ switch (req) {
+ case KAUTH_REQ_PROCESS_CANSEE_ARGS:
+ case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
+ case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ case KAUTH_REQ_PROCESS_CANSEE_ENV:
+ if (kauth_cred_getuid(cred) !=
+ kauth_cred_getuid(p-p_cred) ||
+ kauth_cred_getuid(cred) !=
+ kauth_cred_getsvuid(p-p_cred))
+break;
+
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ default:
+ break;
+ }
+
+ break;
+ }
+
+ case KAUTH_PROCESS_FORK: {
+ int lnprocs = (int)(unsigned long)arg2;
+
+ /*
+ * Don't allow a nonprivileged user to use the last few
+ * processes. The variable lnprocs is the current number of
+ * processes, maxproc is the limit.
+ */
+ if (__predict_false((lnprocs = maxproc - 5)))
+ break;
+
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+ }
+
+ case KAUTH_PROCESS_CORENAME:
+ case KAUTH_PROCESS_STOPFLAG:
+ if (proc_uidmatch(cred, p-p_cred) == 0)
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
/*
* Initialize global process hashing structures.
*/
@@ -272,6 +346,9 @@
proc_cache = pool_cache_init(sizeof(struct proc), 0, 0, 0,
procpl, NULL, IPL_NONE, NULL, NULL, NULL);
+
+ proc_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ proc_listener_cb, NULL);
}
/*
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.24 src/sys/secmodel/suser/secmodel_suser.c:1.25
--- src/sys/secmodel/suser/secmodel_suser.c:1.24 Sat Oct 3 03:02:55 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 03:38:31 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.24 2009/10/03 03:02:55 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.25 2009/10/03 03:38:31 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.24 2009/10/03 03:02:55 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.25 2009/10/03 03:38:31 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -496,6 +496,9 @@
case KAUTH_PROCESS_SETID:
case KAUTH_PROCESS_KEVENT_FILTER:
case KAUTH_PROCESS_NICE:
+ case KAUTH_PROCESS_FORK:
+ case KAUTH_PROCESS_CORENAME:
+ case KAUTH_PROCESS_STOPFLAG:
if (isroot)
result = KAUTH_RESULT_ALLOW;
@@ -510,20 +513,20 @@
case KAUTH_REQ_PROCESS_CANSEE_ARGS:
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
- if (!secmodel_suser_curtain)
-result = KAUTH_RESULT_ALLOW;
- else if (isroot || kauth_cred_uidmatch(cred, p-p_cred))
+ if (isroot) {
result = KAUTH_RESULT_ALLOW;
+break;
+ }
+
+ if (secmodel_suser_curtain) {
+if (kauth_cred_uidmatch(cred, p-p_cred) != 0)
+ result = KAUTH_RESULT_DENY;
+ }
+
break;
case KAUTH_REQ_PROCESS_CANSEE_ENV:
- if (!isroot
- (kauth_cred_getuid(cred) !=
- kauth_cred_getuid(p-p_cred) ||
- kauth_cred_getuid(cred) !=
- kauth_cred_getsvuid(p-p_cred)))
-break;
- else
+ if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
@@ -535,28 +538,6 @@
break
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Sat Oct 3 03:59:39 UTC 2009
Modified Files:
src/sys/kern: uipc_socket.c
src/sys/secmodel/suser: secmodel_suser.c
Log Message:
Move KAUTH_NETWORK_BIND::KAUTH_REQ_NETWORK_BIND_PORT policy back to the
subsystem (or close to it).
Note: Revisit KAUTH_REQ_NETWORK_BIND_PRIVPORT.
To generate a diff of this commit:
cvs rdiff -u -r1.192 -r1.193 src/sys/kern/uipc_socket.c
cvs rdiff -u -r1.25 -r1.26 src/sys/secmodel/suser/secmodel_suser.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_socket.c
diff -u src/sys/kern/uipc_socket.c:1.192 src/sys/kern/uipc_socket.c:1.193
--- src/sys/kern/uipc_socket.c:1.192 Sat Oct 3 01:41:39 2009
+++ src/sys/kern/uipc_socket.c Sat Oct 3 03:59:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $ */
+/* $NetBSD: uipc_socket.c,v 1.193 2009/10/03 03:59:39 elad Exp $ */
/*-
* Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: uipc_socket.c,v 1.193 2009/10/03 03:59:39 elad Exp $);
#include opt_compat_netbsd.h
#include opt_sock_counters.h
@@ -440,10 +440,15 @@
result = KAUTH_RESULT_DEFER;
req = (enum kauth_network_req)arg0;
- if (action != KAUTH_NETWORK_SOCKET)
+ if ((action != KAUTH_NETWORK_SOCKET)
+ (action != KAUTH_NETWORK_BIND))
return result;
switch (req) {
+ case KAUTH_REQ_NETWORK_BIND_PORT:
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
case KAUTH_REQ_NETWORK_SOCKET_DROP: {
/* Normal users can only drop their own connections. */
struct socket *so = (struct socket *)arg1;
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.25 src/sys/secmodel/suser/secmodel_suser.c:1.26
--- src/sys/secmodel/suser/secmodel_suser.c:1.25 Sat Oct 3 03:38:31 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Oct 3 03:59:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.25 2009/10/03 03:38:31 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.26 2009/10/03 03:59:39 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.25 2009/10/03 03:38:31 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_suser.c,v 1.26 2009/10/03 03:59:39 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -611,10 +611,6 @@
case KAUTH_NETWORK_BIND:
switch (req) {
- case KAUTH_REQ_NETWORK_BIND_PORT:
- result = KAUTH_RESULT_ALLOW;
- break;
-
case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
if (isroot)
result = KAUTH_RESULT_ALLOW;
CVS commit: src/sbin/sysctl
Module Name:src Committed By: elad Date: Wed Sep 30 04:30:50 UTC 2009 Modified Files: src/sbin/sysctl: sysctl.8 sysctl.c Log Message: Remove stale references to the read only at securelevel [12] flags in the documentation and code comments. To generate a diff of this commit: cvs rdiff -u -r1.160 -r1.161 src/sbin/sysctl/sysctl.8 cvs rdiff -u -r1.129 -r1.130 src/sbin/sysctl/sysctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/sysctl/sysctl.8 diff -u src/sbin/sysctl/sysctl.8:1.160 src/sbin/sysctl/sysctl.8:1.161 --- src/sbin/sysctl/sysctl.8:1.160 Wed Apr 1 15:55:27 2009 +++ src/sbin/sysctl/sysctl.8 Wed Sep 30 04:30:50 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: sysctl.8,v 1.160 2009/04/01 15:55:27 christos Exp $ +.\ $NetBSD: sysctl.8,v 1.161 2009/09/30 04:30:50 elad Exp $ .\ .\ Copyright (c) 2004 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -54,7 +54,7 @@ .\ .\ @(#)sysctl.8 8.1 (Berkeley) 6/6/93 .\ -.Dd April 1, 2009 +.Dd September 30, 2009 .Dt SYSCTL 8 .Os .Sh NAME @@ -376,16 +376,6 @@ .Dq Writable . The data instrumented by the given node is writable at any time. This is the default for nodes that can have children. -.It 1 -.Dq Read-only at securelevel 1 . -The data instrumented by this node is writable until the securelevel -reaches or passes securelevel 1. -Examples of this include some network tunables. -.It 2 -.Dq Read-only at securelevel 2 . -The data instrumented by this node is writable until the securelevel -reaches or passes securelevel 2. -An example of this is the per-process core filename setting. .El .Pp .It @@ -527,8 +517,7 @@ .Sh SEE ALSO .Xr sysctl 3 , .Xr ksyms 4 , -.Xr sysctl 7 , -.Xr secmodel_securelevel 9 +.Xr sysctl 7 .Sh HISTORY .Nm sysctl first appeared in Index: src/sbin/sysctl/sysctl.c diff -u src/sbin/sysctl/sysctl.c:1.129 src/sbin/sysctl/sysctl.c:1.130 --- src/sbin/sysctl/sysctl.c:1.129 Wed Apr 1 15:55:27 2009 +++ src/sbin/sysctl/sysctl.c Wed Sep 30 04:30:50 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: sysctl.c,v 1.129 2009/04/01 15:55:27 christos Exp $ */ +/* $NetBSD: sysctl.c,v 1.130 2009/09/30 04:30:50 elad Exp $ */ /*- * Copyright (c) 2003 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ #if 0 static char sccsid[] = @(#)sysctl.c 8.1 (Berkeley) 6/6/93; #else -__RCSID($NetBSD: sysctl.c,v 1.129 2009/04/01 15:55:27 christos Exp $); +__RCSID($NetBSD: sysctl.c,v 1.130 2009/09/30 04:30:50 elad Exp $); #endif #endif /* not lint */ @@ -912,10 +912,9 @@ [addr=0x,|symbol=...|value=...] size is optional for some types. type must be set before anything - else. nodes can have [r12whp], but nothing else applies. if no + else. nodes can have [rwhp], but nothing else applies. if no size or type is given, node is asserted. writeable is the default, - with [r12w] being read-only, writeable below securelevel 1, - writeable below securelevel 2, and unconditionally writeable + with [rw] being read-only and unconditionally writeable respectively. if you specify addr, it is assumed to be the name of a kernel symbol, if value, CTLFLAG_OWNDATA will be asserted for strings, CTLFLAG_IMMEDIATE for ints and u_quad_ts. you cannot
CVS commit: src/usr.bin/netstat
Module Name:src
Committed By: elad
Date: Sun Sep 13 19:04:29 UTC 2009
Modified Files:
src/usr.bin/netstat: if.c
Log Message:
Put some unsigned long long casts (as was in the original printing code).
Should fix build breakage noticed by pgoyette@ on current-users@:
http://mail-index.netbsd.org/current-users/2009/09/13/msg010554.html
(sorry, don't have an amd64 anymore!)
To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.65 src/usr.bin/netstat/if.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/netstat/if.c
diff -u src/usr.bin/netstat/if.c:1.64 src/usr.bin/netstat/if.c:1.65
--- src/usr.bin/netstat/if.c:1.64 Sun Sep 13 02:53:17 2009
+++ src/usr.bin/netstat/if.c Sun Sep 13 19:04:29 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if.c,v 1.64 2009/09/13 02:53:17 elad Exp $ */
+/* $NetBSD: if.c,v 1.65 2009/09/13 19:04:29 elad Exp $ */
/*
* Copyright (c) 1983, 1988, 1993
@@ -34,7 +34,7 @@
#if 0
static char sccsid[] = from: @(#)if.c 8.2 (Berkeley) 2/21/94;
#else
-__RCSID($NetBSD: if.c,v 1.64 2009/09/13 02:53:17 elad Exp $);
+__RCSID($NetBSD: if.c,v 1.65 2009/09/13 19:04:29 elad Exp $);
#endif
#endif /* not lint */
@@ -590,15 +590,15 @@
{
if (bflag)
printf(%10llu %8.8s %10llu %5.5s,
- cur-ift_ib - old-ift_ib, ,
- cur-ift_ob - old-ift_ob, );
+ (unsigned long long)(cur-ift_ib - old-ift_ib), ,
+ (unsigned long long)(cur-ift_ob - old-ift_ob), );
else
printf(%8llu %5llu %8llu %5llu %5llu,
- cur-ift_ip - old-ift_ip,
- cur-ift_ie - old-ift_ie,
- cur-ift_op - old-ift_op,
- cur-ift_oe - old-ift_oe,
- cur-ift_co - old-ift_co);
+ (unsigned long long)(cur-ift_ip - old-ift_ip),
+ (unsigned long long)(cur-ift_ie - old-ift_ie),
+ (unsigned long long)(cur-ift_op - old-ift_op),
+ (unsigned long long)(cur-ift_oe - old-ift_oe),
+ (unsigned long long)(cur-ift_co - old-ift_co));
if (dflag)
printf( %5llu,
/* XXX ifnet.if_snd.ifq_drops - ip-ift_dr); */
@@ -610,15 +610,15 @@
{
if (bflag)
printf( %10llu %8.8s %10llu %5.5s,
- cur-ift_ib - old-ift_ib, ,
- cur-ift_ob - old-ift_ob, );
+ (unsigned long long)(cur-ift_ib - old-ift_ib), ,
+ (unsigned long long)(cur-ift_ob - old-ift_ob), );
else
printf( %8llu %5llu %8llu %5llu %5llu,
- cur-ift_ip - old-ift_ip,
- cur-ift_ie - old-ift_ie,
- cur-ift_op - old-ift_op,
- cur-ift_oe - old-ift_oe,
- cur-ift_co - old-ift_co);
+ (unsigned long long)(cur-ift_ip - old-ift_ip),
+ (unsigned long long)(cur-ift_ie - old-ift_ie),
+ (unsigned long long)(cur-ift_op - old-ift_op),
+ (unsigned long long)(cur-ift_oe - old-ift_oe),
+ (unsigned long long)(cur-ift_co - old-ift_co));
if (dflag)
printf( %5llu, (unsigned long long)(cur-ift_dr - old-ift_dr));
CVS commit: src/usr.bin/netstat
Module Name:src
Committed By: elad
Date: Sun Sep 13 02:53:17 UTC 2009
Modified Files:
src/usr.bin/netstat: if.c main.c netstat.1 netstat.h show.c
Log Message:
Checkin work in progress to make netstat use sysctl rather than kvm(3).
This commit mostly adds code written by Claudio Jeker for OpenBSD to
support sysctl in the interface printing parts (-i, -I, -w). The port has
been ported to NetBSD with tiny adjustments -- of course all bugs etc.
are mine.
Also add and document a -X flag to force sysctl usage. The documentation
notes this flag may be removed at any time and its presence should not be
relied on.
Some misc. comments/#ifdef changes/code snippet moves as well.
Please note that no functionality should change as the routing and
interface printing code is still not fully supported.
Mailing list reference:
http://mail-index.netbsd.org/tech-userlevel/2009/09/09/msg002604.html
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/usr.bin/netstat/if.c
cvs rdiff -u -r1.71 -r1.72 src/usr.bin/netstat/main.c
cvs rdiff -u -r1.52 -r1.53 src/usr.bin/netstat/netstat.1
cvs rdiff -u -r1.37 -r1.38 src/usr.bin/netstat/netstat.h
cvs rdiff -u -r1.7 -r1.8 src/usr.bin/netstat/show.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/netstat/if.c
diff -u src/usr.bin/netstat/if.c:1.63 src/usr.bin/netstat/if.c:1.64
--- src/usr.bin/netstat/if.c:1.63 Sun Apr 12 16:08:37 2009
+++ src/usr.bin/netstat/if.c Sun Sep 13 02:53:17 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if.c,v 1.63 2009/04/12 16:08:37 lukem Exp $ */
+/* $NetBSD: if.c,v 1.64 2009/09/13 02:53:17 elad Exp $ */
/*
* Copyright (c) 1983, 1988, 1993
@@ -34,18 +34,21 @@
#if 0
static char sccsid[] = from: @(#)if.c 8.2 (Berkeley) 2/21/94;
#else
-__RCSID($NetBSD: if.c,v 1.63 2009/04/12 16:08:37 lukem Exp $);
+__RCSID($NetBSD: if.c,v 1.64 2009/09/13 02:53:17 elad Exp $);
#endif
#endif /* not lint */
+#include sys/param.h
#include sys/types.h
#include sys/protosw.h
#include sys/socket.h
#include sys/time.h
+#include sys/sysctl.h
#include net/if.h
#include net/if_dl.h
#include net/if_types.h
+#include net/route.h
#include netinet/in.h
#include netinet/in_var.h
#include netiso/iso.h
@@ -59,14 +62,40 @@
#include string.h
#include unistd.h
#include netdb.h
+#include err.h
#include netstat.h
-#define YES 1
-#define NO 0
+#define MAXIF 100
+
+struct iftot {
+ char ift_name[IFNAMSIZ]; /* interface name */
+ u_quad_t ift_ip; /* input packets */
+ u_quad_t ift_ib; /* input bytes */
+ u_quad_t ift_ie; /* input errors */
+ u_quad_t ift_op; /* output packets */
+ u_quad_t ift_ob; /* output bytes */
+ u_quad_t ift_oe; /* output errors */
+ u_quad_t ift_co; /* collisions */
+ int ift_dr; /* drops */
+};
+
+static void print_addr(struct sockaddr *, struct sockaddr **, struct if_data *);
+static void sidewaysintpr(u_int, u_long);
+
+static void iftot_banner(struct iftot *);
+static void iftot_print_sum(struct iftot *, struct iftot *);
+static void iftot_print(struct iftot *, struct iftot *);
-static void sidewaysintpr __P((u_int, u_long));
static void catchalarm __P((int));
+static void get_rtaddrs(int, struct sockaddr *, struct sockaddr **);
+static void fetchifs(void);
+
+static void intpr_sysctl(void);
+static void intpr_kvm(u_long, void (*)(const char *));
+
+struct iftot iftot[MAXIF], ip_cur, ip_old, sum_cur, sum_old;
+bool signalled; /* set if alarm goes off early */
/*
* Print a description of the network interfaces.
@@ -79,6 +108,142 @@
u_long ifnetaddr;
void (*pfunc)(const char *);
{
+
+ if (interval) {
+ sidewaysintpr((unsigned)interval, ifnetaddr);
+ return;
+ }
+
+ if (use_sysctl) {
+ intpr_sysctl();
+ } else {
+ intpr_kvm(ifnetaddr, pfunc);
+ }
+
+}
+
+static void
+intpr_header(void)
+{
+
+ if (!sflag !pflag) {
+ if (bflag) {
+ printf(%-5.5s %-5.5s %-13.13s %-17.17s
+ %10.10s %10.10s,
+ Name, Mtu, Network, Address,
+ Ibytes, Obytes);
+ } else {
+ printf(%-5.5s %-5.5s %-13.13s %-17.17s
+ %8.8s %5.5s %8.8s %5.5s %5.5s,
+ Name, Mtu, Network, Address, Ipkts, Ierrs,
+ Opkts, Oerrs, Colls);
+ }
+ if (tflag)
+ printf( %4.4s, Time);
+ if (dflag)
+ printf( %5.5s, Drops);
+ putchar('\n');
+ }
+}
+
+static void
+intpr_sysctl(void)
+{
+ struct if_msghdr *ifm;
+ int mib[6] = { CTL_NET, AF_ROUTE, 0, 0, NET_RT_IFLIST, 0 };
+ char *buf = NULL, *next, *lim, *cp;
+ struct rt_msghdr *rtm;
+ struct ifa_msghdr *ifam;
+ struct if_data *ifd = NULL;
+ struct sockaddr *sa, *rti_info[RTAX_MAX];
+ struct sockaddr_dl *sdl;
+ uint64_t total = 0;
+ size_t len;
+ char name[IFNAMSIZ + 1]; /* + 1 for `*' */
+
+ if (sysctl(mib, 6, NULL, len, NULL, 0) == -1)
+ err(1, sysctl);
+ if ((buf = malloc(len)) == NULL)
+ err(1, NULL);
+ if (sysctl(mib, 6, buf, len, NULL, 0) == -1)
+ err(1, sysctl);
+
+ intpr_header();
+
+ lim = buf + len;
+ for (next =
CVS commit: src/sys
+kauth_mode_to_action(mode_t mode)
+{
+ kauth_action_t action = 0;
+
+ if (mode VREAD)
+ action |= KAUTH_VNODE_READ_DATA;
+ if (mode VWRITE)
+ action |= KAUTH_VNODE_WRITE_DATA;
+ if (mode VEXEC)
+ action |= KAUTH_VNODE_EXECUTE;
+
+ return action;
+}
+
+int
+kauth_authorize_vnode(kauth_cred_t cred, kauth_action_t action,
+struct vnode *vp, struct vnode *dvp, int fs_decision)
+{
+ int error;
+
+ error = kauth_authorize_action_internal(kauth_builtin_scope_vnode, cred,
+ action, vp, dvp, NULL, NULL);
+
+ if (error == KAUTH_RESULT_DENY)
+ return (EACCES);
+
+ if (error == KAUTH_RESULT_ALLOW)
+ return (0);
+
+ /*
+ * If the file-system does not support decision-before-action, we can
+ * only short-circuit the operation (deny). If we're here, it means no
+ * listener denied it, so our only alternative is to supposedly-allow
+ * it and let the file-system have the last word.
+ */
+ if (fs_decision == KAUTH_VNODE_REMOTEFS)
+ return (0);
+
+ return (fs_decision);
+}
+
static int
kauth_cred_hook(kauth_cred_t cred, kauth_action_t action, void *arg0,
void *arg1)
Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.70 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.71
--- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.70 Mon Aug 10 20:22:06 2009
+++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c Thu Sep 3 04:45:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.70 2009/08/10 20:22:06 plunky Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.71 2009/09/03 04:45:28 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_bsd44_suser.c,v 1.70 2009/08/10 20:22:06 plunky Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_bsd44_suser.c,v 1.71 2009/09/03 04:45:28 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -65,7 +65,7 @@
extern int dovfsusermount;
static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
-l_device;
+l_device, l_vnode;
void
secmodel_bsd44_suser_start(void)
@@ -82,6 +82,8 @@
secmodel_bsd44_suser_machdep_cb, NULL);
l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
secmodel_bsd44_suser_device_cb, NULL);
+ l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
+ secmodel_bsd44_suser_vnode_cb, NULL);
}
#if defined(_LKM)
@@ -94,6 +96,7 @@
kauth_unlisten_scope(l_network);
kauth_unlisten_scope(l_machdep);
kauth_unlisten_scope(l_device);
+ kauth_unlisten_scope(l_vnode);
}
#endif /* _LKM */
@@ -1151,6 +1154,7 @@
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
+
case KAUTH_DEVICE_GPIO_PINSET:
/*
* root can access gpio pins, secmodel_securlevel can veto
@@ -1159,6 +1163,7 @@
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
+
default:
result = KAUTH_RESULT_DEFER;
break;
@@ -1166,3 +1171,20 @@
return (result);
}
+
+int
+secmodel_bsd44_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
+void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ bool isroot;
+ int result;
+
+ isroot = (kauth_cred_geteuid(cred) == 0);
+ result = KAUTH_RESULT_DEFER;
+
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+
+ return (result);
+}
+
Index: src/sys/secmodel/bsd44/suser.h
diff -u src/sys/secmodel/bsd44/suser.h:1.5 src/sys/secmodel/bsd44/suser.h:1.6
--- src/sys/secmodel/bsd44/suser.h:1.5 Sun May 3 21:25:44 2009
+++ src/sys/secmodel/bsd44/suser.h Thu Sep 3 04:45:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: suser.h,v 1.5 2009/05/03 21:25:44 elad Exp $ */
+/* $NetBSD: suser.h,v 1.6 2009/09/03 04:45:28 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -50,5 +50,7 @@
void *, void *, void *, void *);
int secmodel_bsd44_suser_device_cb(kauth_cred_t, kauth_action_t, void *,
void *, void *, void *, void *);
+int secmodel_bsd44_suser_vnode_cb(kauth_cred_t, kauth_action_t, void *,
+void *, void *, void *, void *);
#endif /* !_SECMODEL_BSD44_SUSER_H_ */
Index: src/sys/secmodel/securelevel/secmodel_securelevel.c
diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.12 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.13
--- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.12 Sat Jul 25 16:08:02 2009
+++ src/sys/secmodel/securelevel/secmodel_securelevel.c Thu Sep 3 04:45:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $ */
+/* $NetBSD: secmodel_securelevel.c,v 1.13 2009/09/03 04:45:28 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -35,7 +35,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.13 2009/09/03 04:45:28 elad Exp $);
#ifdef _KERNEL_OPT
#include opt_insecure.h
@@ -56,7 +56,8 @@
static int securelevel
CVS commit: src/lib/libc/sys
Module Name:src
Committed By: elad
Date: Tue Sep 1 22:01:48 UTC 2009
Modified Files:
src/lib/libc/sys: kqueue.2
Log Message:
Add useful example program from
http://mail-index.netbsd.org/tech-kern/2009/09/01/msg006020.html
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/lib/libc/sys/kqueue.2
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/sys/kqueue.2
diff -u src/lib/libc/sys/kqueue.2:1.22 src/lib/libc/sys/kqueue.2:1.23
--- src/lib/libc/sys/kqueue.2:1.22 Thu Mar 12 10:16:37 2009
+++ src/lib/libc/sys/kqueue.2 Tue Sep 1 22:01:48 2009
@@ -1,4 +1,4 @@
-.\ $NetBSD: kqueue.2,v 1.22 2009/03/12 10:16:37 wiz Exp $
+.\ $NetBSD: kqueue.2,v 1.23 2009/09/01 22:01:48 elad Exp $
.\
.\ Copyright (c) 2000 Jonathan Lemon
.\ All rights reserved.
@@ -32,7 +32,7 @@
.\
.\ $FreeBSD: src/lib/libc/sys/kqueue.2,v 1.22 2001/06/27 19:55:57 dd Exp $
.\
-.Dd February 4, 2003
+.Dd September 1, 2009
.Dt KQUEUE 2
.Os
.Sh NAME
@@ -478,6 +478,76 @@
If the time limit expires, then
.Fn kevent
returns 0.
+.Sh EXAMPLES
+The following example program monitors a file (provided to it as the first
+argument) and prints information about some common events it receives
+notifications for:
+.Bd -literal -offset indent
+#include sys/types.h
+#include sys/event.h
+#include sys/time.h
+#include stdio.h
+#include unistd.h
+#include stdlib.h
+#include fcntl.h
+#include err.h
+
+int
+main(int argc, char *argv[])
+{
+int fd, kq, nev;
+struct kevent ev, ch;
+static const struct timespec tout = { 1, 0 };
+
+if ((fd = open(argv[1], O_RDONLY)) == -1)
+err(1, Cannot open `%s', argv[1]);
+
+if ((kq = kqueue()) == -1)
+err(1, Cannot create kqueue);
+
+EV_SET(ch, fd, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_CLEAR,
+NOTE_DELETE|NOTE_WRITE|NOTE_EXTEND|NOTE_ATTRIB|NOTE_LINK|
+NOTE_RENAME|NOTE_REVOKE, 0, 0);
+for (;;) {
+nev = kevent(kq, ch, 1, ev, 1, tout);
+if (nev == -1)
+err(1, kevent);
+if (nev == 0)
+continue;
+if (ev.fflags NOTE_DELETE) {
+printf(deleted );
+ev.fflags = ~NOTE_DELETE;
+}
+if (ev.fflags NOTE_WRITE) {
+printf(written );
+ev.fflags = ~NOTE_WRITE;
+}
+if (ev.fflags NOTE_EXTEND) {
+printf(extended );
+ev.fflags = ~NOTE_EXTEND;
+}
+if (ev.fflags NOTE_ATTRIB) {
+printf(chmod/chown );
+ev.fflags = ~NOTE_ATTRIB;
+}
+if (ev.fflags NOTE_LINK) {
+printf(hardlinked );
+ev.fflags = ~NOTE_LINK;
+}
+if (ev.fflags NOTE_RENAME) {
+printf(renamed );
+ev.fflags = ~NOTE_RENAME;
+}
+if (ev.fflags NOTE_REVOKE) {
+printf(revoked );
+ev.fflags = ~NOTE_REVOKE;
+}
+printf(\\n);
+if (ev.fflags)
+warnx(unknown event 0x%x\\n, ev.fflags);
+}
+}
+.Ed
.Sh ERRORS
The
.Fn kqueue
CVS commit: src/sys/arch/i386/conf
Module Name:src Committed By: elad Date: Wed Aug 26 03:39:16 UTC 2009 Modified Files: src/sys/arch/i386/conf: ALL Log Message: Build NiLFS(2). To generate a diff of this commit: cvs rdiff -u -r1.204 -r1.205 src/sys/arch/i386/conf/ALL Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/i386/conf/ALL diff -u src/sys/arch/i386/conf/ALL:1.204 src/sys/arch/i386/conf/ALL:1.205 --- src/sys/arch/i386/conf/ALL:1.204 Sat Aug 15 09:43:58 2009 +++ src/sys/arch/i386/conf/ALL Wed Aug 26 03:39:16 2009 @@ -1,4 +1,4 @@ -# $NetBSD: ALL,v 1.204 2009/08/15 09:43:58 mbalmer Exp $ +# $NetBSD: ALL,v 1.205 2009/08/26 03:39:16 elad Exp $ # From NetBSD: GENERIC,v 1.787 2006/10/01 18:37:54 bouyer Exp # # ALL machine description file @@ -17,7 +17,7 @@ options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident ALL-$Revision: 1.204 $ +#ident ALL-$Revision: 1.205 $ maxusers 32 # estimated number of users @@ -180,6 +180,7 @@ file-system EFS # Silicon Graphics Extent File System file-system FILECORE # Acorn filecore file system file-system ADOSFS # AmigaDOS file system +file-system NILFS # experimental - NTT's NiLFS(2) # File system options options QUOTA # UFS quotas
CVS commit: src/sys/fs/nilfs
Module Name:src
Committed By: elad
Date: Wed Aug 26 03:40:48 UTC 2009
Modified Files:
src/sys/fs/nilfs: nilfs_vnops.c
Log Message:
Split nilfs_access() to nilfs_check_possible() and nilfs_check_permitted().
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/sys/fs/nilfs/nilfs_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/fs/nilfs/nilfs_vnops.c
diff -u src/sys/fs/nilfs/nilfs_vnops.c:1.1 src/sys/fs/nilfs/nilfs_vnops.c:1.2
--- src/sys/fs/nilfs/nilfs_vnops.c:1.1 Sat Jul 18 16:31:42 2009
+++ src/sys/fs/nilfs/nilfs_vnops.c Wed Aug 26 03:40:48 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: nilfs_vnops.c,v 1.1 2009/07/18 16:31:42 reinoud Exp $ */
+/* $NetBSD: nilfs_vnops.c,v 1.2 2009/08/26 03:40:48 elad Exp $ */
/*
* Copyright (c) 2008, 2009 Reinoud Zandijk
@@ -28,7 +28,7 @@
#include sys/cdefs.h
#ifndef lint
-__KERNEL_RCSID(0, $NetBSD: nilfs_vnops.c,v 1.1 2009/07/18 16:31:42 reinoud Exp $);
+__KERNEL_RCSID(0, $NetBSD: nilfs_vnops.c,v 1.2 2009/08/26 03:40:48 elad Exp $);
#endif /* not lint */
@@ -971,31 +971,13 @@
/* - */
-int
-nilfs_access(void *v)
+static int
+nilfs_check_possible(struct vnode *vp, struct vattr *vap, mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- struct proc *a_p;
- } */ *ap = v;
- struct vnode*vp = ap-a_vp;
- mode_t mode = ap-a_mode;
- kauth_cred_t cred = ap-a_cred;
- /* struct nilfs_node *nilfs_node = VTOI(vp); */
- struct vattr vap;
int flags;
- int error;
-
- DPRINTF(VFSCALL, (nilfs_access called\n));
-
- error = VOP_GETATTR(vp, vap, NULL);
- if (error)
- return error;
/* check if we are allowed to write */
- switch (vap.va_type) {
+ switch (vap-va_type) {
case VDIR:
case VLNK:
case VREG:
@@ -1026,12 +1008,51 @@
if ((mode VWRITE) (flags IMMUTABLE))
return EPERM;
+ return 0;
+}
+
+static int
+nilfs_check_permitted(struct vnode *vp, struct vattr *vap, mode_t mode,
+kauth_cred_t cred)
+{
+
/* ask the generic genfs_can_access to advice on security */
return genfs_can_access(vp-v_type,
- vap.va_mode, vap.va_uid, vap.va_gid,
+ vap-va_mode, vap-va_uid, vap-va_gid,
mode, cred);
}
+int
+nilfs_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ struct proc *a_p;
+ } */ *ap = v;
+ struct vnode*vp = ap-a_vp;
+ mode_t mode = ap-a_mode;
+ kauth_cred_t cred = ap-a_cred;
+ /* struct nilfs_node *nilfs_node = VTOI(vp); */
+ struct vattr vap;
+ int error;
+
+ DPRINTF(VFSCALL, (nilfs_access called\n));
+
+ error = VOP_GETATTR(vp, vap, NULL);
+ if (error)
+ return error;
+
+ error = nilfs_check_possible(vp, vap, mode);
+ if (error)
+ return error;
+
+ error = nilfs_check_permitted(vp, vap, mode, cred);
+
+ return error;
+}
+
/* - */
int
CVS commit: src/usr.sbin/veriexecgen
Module Name:src
Committed By: elad
Date: Fri Aug 21 04:09:41 UTC 2009
Modified Files:
src/usr.sbin/veriexecgen: veriexecgen.c
Log Message:
PR/41911: Jukka Ruohonen: A bug in veriexecgen
Do as suggested and add the missing 'T' to getopt() and update usage.
Thanks for the PR!
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/usr.sbin/veriexecgen/veriexecgen.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/veriexecgen/veriexecgen.c
diff -u src/usr.sbin/veriexecgen/veriexecgen.c:1.16 src/usr.sbin/veriexecgen/veriexecgen.c:1.17
--- src/usr.sbin/veriexecgen/veriexecgen.c:1.16 Tue Apr 29 06:53:04 2008
+++ src/usr.sbin/veriexecgen/veriexecgen.c Fri Aug 21 04:09:41 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: veriexecgen.c,v 1.16 2008/04/29 06:53:04 martin Exp $ */
+/* $NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $ */
/*-
* Copyright (c) 2006 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
#ifndef lint
#ifdef __RCSID
-__RCSID($NetBSD: veriexecgen.c,v 1.16 2008/04/29 06:53:04 martin Exp $);
+__RCSID($NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $);
#endif
#endif /* not lint */
@@ -129,7 +129,7 @@
usage(void)
{
(void)fprintf(stderr,
- usage: %s [-AaDrSvW] [-d dir] [-o fingerprintdb] [-p prefix]\n
+ usage: %s [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix]\n
\t\t[-t algorithm]\n
\t%s [-h]\n, getprogname(), getprogname());
}
@@ -389,7 +389,7 @@
/* error out if we have a dangling symlink or other fs problem */
v.exit_on_error = 1;
- while ((ch = getopt(argc, argv, AaDd:ho:p:rSt:vW)) != -1) {
+ while ((ch = getopt(argc, argv, AaDd:ho:p:rSTt:vW)) != -1) {
switch (ch) {
case 'A':
v.append_output = 1;
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Fri Jul 3 21:17:42 UTC 2009
Modified Files:
src/sys/fs/adosfs: advnops.c
src/sys/fs/cd9660: cd9660_vnops.c
src/sys/fs/efs: efs_vnops.c
src/sys/fs/filecorefs: filecore_vnops.c
src/sys/fs/hfs: hfs_vnops.c
src/sys/fs/msdosfs: msdosfs_vnops.c
src/sys/fs/ntfs: ntfs_vnops.c
src/sys/fs/ptyfs: ptyfs_vnops.c
src/sys/fs/smbfs: smbfs_vnops.c
src/sys/fs/sysvbfs: sysvbfs_vnops.c
src/sys/fs/tmpfs: tmpfs_vnops.c
src/sys/fs/udf: udf_vnops.c
src/sys/miscfs/kernfs: kernfs_vnops.c
src/sys/miscfs/procfs: procfs_vnops.c
src/sys/ufs/ext2fs: ext2fs_vnops.c
src/sys/ufs/ufs: ufs_vnops.c
Log Message:
Where possible, extract the file-system's access() routine to two internal
functions: the first checking if the operation is possible (regardless of
permissions), the second checking file-system permissions, ACLs, etc.
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/06/21/msg005311.html
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/fs/adosfs/advnops.c
cvs rdiff -u -r1.37 -r1.38 src/sys/fs/cd9660/cd9660_vnops.c
cvs rdiff -u -r1.18 -r1.19 src/sys/fs/efs/efs_vnops.c
cvs rdiff -u -r1.31 -r1.32 src/sys/fs/filecorefs/filecore_vnops.c
cvs rdiff -u -r1.14 -r1.15 src/sys/fs/hfs/hfs_vnops.c
cvs rdiff -u -r1.60 -r1.61 src/sys/fs/msdosfs/msdosfs_vnops.c
cvs rdiff -u -r1.44 -r1.45 src/sys/fs/ntfs/ntfs_vnops.c
cvs rdiff -u -r1.31 -r1.32 src/sys/fs/ptyfs/ptyfs_vnops.c
cvs rdiff -u -r1.70 -r1.71 src/sys/fs/smbfs/smbfs_vnops.c
cvs rdiff -u -r1.22 -r1.23 src/sys/fs/sysvbfs/sysvbfs_vnops.c
cvs rdiff -u -r1.60 -r1.61 src/sys/fs/tmpfs/tmpfs_vnops.c
cvs rdiff -u -r1.47 -r1.48 src/sys/fs/udf/udf_vnops.c
cvs rdiff -u -r1.137 -r1.138 src/sys/miscfs/kernfs/kernfs_vnops.c
cvs rdiff -u -r1.175 -r1.176 src/sys/miscfs/procfs/procfs_vnops.c
cvs rdiff -u -r1.87 -r1.88 src/sys/ufs/ext2fs/ext2fs_vnops.c
cvs rdiff -u -r1.178 -r1.179 src/sys/ufs/ufs/ufs_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/fs/adosfs/advnops.c
diff -u src/sys/fs/adosfs/advnops.c:1.34 src/sys/fs/adosfs/advnops.c:1.35
--- src/sys/fs/adosfs/advnops.c:1.34 Tue Jun 23 19:36:38 2009
+++ src/sys/fs/adosfs/advnops.c Fri Jul 3 21:17:40 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: advnops.c,v 1.34 2009/06/23 19:36:38 elad Exp $ */
+/* $NetBSD: advnops.c,v 1.35 2009/07/03 21:17:40 elad Exp $ */
/*
* Copyright (c) 1994 Christian E. Hopps
@@ -32,7 +32,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: advnops.c,v 1.34 2009/06/23 19:36:38 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: advnops.c,v 1.35 2009/07/03 21:17:40 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -747,6 +747,38 @@
return(error);
}
+static int
+adosfs_check_possible(struct vnode *vp, struct anode *ap, mode_t mode)
+{
+
+ /*
+ * Disallow write attempts unless the file is a socket,
+ * fifo, or a block or character device resident on the
+ * file system.
+ */
+ if (mode VWRITE) {
+ switch (vp-v_type) {
+ case VDIR:
+ case VLNK:
+ case VREG:
+ return (EROFS);
+ default:
+ break;
+ }
+ }
+
+ return 0;
+}
+
+static int
+adosfs_check_permitted(struct vnode *vp, struct anode *ap, mode_t mode,
+kauth_cred_t cred)
+{
+
+ return genfs_can_access(vp-v_type,
+ adunixprot(ap-adprot) ap-amp-mask, ap-uid, ap-gid, mode,
+ cred);
+}
int
adosfs_access(void *v)
@@ -771,24 +803,13 @@
panic(adosfs_access: not locked);
}
#endif
- /*
- * Disallow write attempts unless the file is a socket,
- * fifo, or a block or character device resident on the
- * file system.
- */
- if (sp-a_mode VWRITE) {
- switch (vp-v_type) {
- case VDIR:
- case VLNK:
- case VREG:
- return (EROFS);
- default:
- break;
- }
- }
- error = genfs_can_access(sp-a_vp-v_type,
- adunixprot(ap-adprot) ap-amp-mask, ap-uid, ap-gid,
- sp-a_mode, sp-a_cred);
+
+ error = adosfs_check_possible(vp, ap, sp-a_mode);
+ if (error)
+ return error;
+
+ error = adosfs_check_permitted(vp, ap, sp-a_mode, sp-a_cred);
+
#ifdef ADOSFS_DIAGNOSTIC
printf( %d), error);
#endif
Index: src/sys/fs/cd9660/cd9660_vnops.c
diff -u src/sys/fs/cd9660/cd9660_vnops.c:1.37 src/sys/fs/cd9660/cd9660_vnops.c:1.38
--- src/sys/fs/cd9660/cd9660_vnops.c:1.37 Tue Jun 23 19:36:39 2009
+++ src/sys/fs/cd9660/cd9660_vnops.c Fri Jul 3 21:17:40 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: cd9660_vnops.c,v 1.37 2009/06/23 19:36:39 elad Exp $ */
+/* $NetBSD: cd9660_vnops.c,v 1.38 2009/07/03 21:17:40 elad Exp $ */
/*-
* Copyright (c) 1994
@@ -37,7 +37,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: cd9660_vnops.c,v 1.37 2009/06/23 19:36:39 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: cd9660_vnops.c,v 1.38 2009/07/03 21:17:40 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -84,28 +84,16 @@
int
CVS commit: src/sys/kern
Module Name:src
Committed By: elad
Date: Fri Jul 3 21:32:09 UTC 2009
Modified Files:
src/sys/kern: sys_mqueue.c
Log Message:
Message queues also use genfs_can_access() to control access. Since the
latter might lose its KAUTH_GENERIC_ISSUSER check soon, add an internal
function, mqueue_access(), and call genfs_can_access() from it instead
so we don't pollute the main code path once we need to add a special
kauth(9) check for message queues.
No functional change, error codes preserved.
Related mailing list thread:
http://mail-index.netbsd.org/tech-kern/2009/06/21/msg005311.html
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/sys/kern/sys_mqueue.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/sys_mqueue.c
diff -u src/sys/kern/sys_mqueue.c:1.19 src/sys/kern/sys_mqueue.c:1.20
--- src/sys/kern/sys_mqueue.c:1.19 Tue Jun 23 19:36:38 2009
+++ src/sys/kern/sys_mqueue.c Fri Jul 3 21:32:09 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_mqueue.c,v 1.19 2009/06/23 19:36:38 elad Exp $ */
+/* $NetBSD: sys_mqueue.c,v 1.20 2009/07/03 21:32:09 elad Exp $ */
/*
* Copyright (c) 2007, 2008 Mindaugas Rasiukevicius rmind at NetBSD org
@@ -42,7 +42,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.19 2009/06/23 19:36:38 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: sys_mqueue.c,v 1.20 2009/07/03 21:32:09 elad Exp $);
#include sys/param.h
#include sys/types.h
@@ -295,6 +295,17 @@
return 0;
}
+static int
+mqueue_access(struct mqueue *mq, mode_t mode, kauth_cred_t cred)
+{
+ if (genfs_can_access(VNON, mq-mq_mode, mq-mq_euid,
+ mq-mq_egid, mode, cred)) {
+ return EACCES;
+ }
+
+ return 0;
+}
+
/*
* General mqueue system calls.
*/
@@ -430,8 +441,7 @@
if (fp-f_flag FWRITE) {
acc_mode |= VWRITE;
}
- if (genfs_can_access(VNON, mq-mq_mode, mq-mq_euid,
- mq-mq_egid, acc_mode, l-l_cred)) {
+ if (mqueue_access(mq, acc_mode, l-l_cred) != 0) {
error = EACCES;
goto exit;
}
CVS commit: src/sys
Module Name:src Committed By: elad Date: Tue Jun 23 19:36:40 UTC 2009 Modified Files: src/sys/fs/adosfs: advnops.c src/sys/fs/cd9660: cd9660_vnops.c src/sys/fs/efs: efs_vnops.c src/sys/fs/filecorefs: filecore_vnops.c src/sys/fs/hfs: hfs_vnops.c src/sys/fs/msdosfs: msdosfs_vnops.c src/sys/fs/ntfs: ntfs_vnops.c src/sys/fs/ptyfs: ptyfs_vnops.c src/sys/fs/smbfs: smbfs_vnops.c src/sys/fs/sysvbfs: sysvbfs_vnops.c src/sys/fs/tmpfs: tmpfs_vnops.c src/sys/fs/udf: udf_vnops.c src/sys/kern: sys_mqueue.c vfs_subr.c src/sys/miscfs/genfs: genfs.h genfs_vnops.c src/sys/miscfs/kernfs: kernfs_vnops.c src/sys/miscfs/procfs: procfs_vnops.c src/sys/nfs: nfs_vnops.c src/sys/ufs/ext2fs: ext2fs_vnops.c src/sys/ufs/ufs: ufs_vnops.c Log Message: Move the implementation of vaccess() to genfs_can_access(), in line with the other routines of the same spirit. Adjust file-system code to use it. Keep vaccess() for KPI compatibility and to keep element of least surprise. A diagnostic message warning that vaccess() is deprecated will be printed when it's used (obviously, only in DIAGNOSTIC kernels). No objections on tech-kern@: http://mail-index.netbsd.org/tech-kern/2009/06/21/msg005310.html To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/sys/fs/adosfs/advnops.c cvs rdiff -u -r1.36 -r1.37 src/sys/fs/cd9660/cd9660_vnops.c cvs rdiff -u -r1.17 -r1.18 src/sys/fs/efs/efs_vnops.c cvs rdiff -u -r1.30 -r1.31 src/sys/fs/filecorefs/filecore_vnops.c cvs rdiff -u -r1.13 -r1.14 src/sys/fs/hfs/hfs_vnops.c cvs rdiff -u -r1.59 -r1.60 src/sys/fs/msdosfs/msdosfs_vnops.c cvs rdiff -u -r1.43 -r1.44 src/sys/fs/ntfs/ntfs_vnops.c cvs rdiff -u -r1.30 -r1.31 src/sys/fs/ptyfs/ptyfs_vnops.c cvs rdiff -u -r1.68 -r1.69 src/sys/fs/smbfs/smbfs_vnops.c cvs rdiff -u -r1.21 -r1.22 src/sys/fs/sysvbfs/sysvbfs_vnops.c cvs rdiff -u -r1.59 -r1.60 src/sys/fs/tmpfs/tmpfs_vnops.c cvs rdiff -u -r1.43 -r1.44 src/sys/fs/udf/udf_vnops.c cvs rdiff -u -r1.18 -r1.19 src/sys/kern/sys_mqueue.c cvs rdiff -u -r1.379 -r1.380 src/sys/kern/vfs_subr.c cvs rdiff -u -r1.26 -r1.27 src/sys/miscfs/genfs/genfs.h cvs rdiff -u -r1.171 -r1.172 src/sys/miscfs/genfs/genfs_vnops.c cvs rdiff -u -r1.136 -r1.137 src/sys/miscfs/kernfs/kernfs_vnops.c cvs rdiff -u -r1.174 -r1.175 src/sys/miscfs/procfs/procfs_vnops.c cvs rdiff -u -r1.278 -r1.279 src/sys/nfs/nfs_vnops.c cvs rdiff -u -r1.86 -r1.87 src/sys/ufs/ext2fs/ext2fs_vnops.c cvs rdiff -u -r1.177 -r1.178 src/sys/ufs/ufs/ufs_vnops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/fs/adosfs/advnops.c diff -u src/sys/fs/adosfs/advnops.c:1.33 src/sys/fs/adosfs/advnops.c:1.34 --- src/sys/fs/adosfs/advnops.c:1.33 Sat Mar 14 21:04:23 2009 +++ src/sys/fs/adosfs/advnops.c Tue Jun 23 19:36:38 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: advnops.c,v 1.33 2009/03/14 21:04:23 dsl Exp $ */ +/* $NetBSD: advnops.c,v 1.34 2009/06/23 19:36:38 elad Exp $ */ /* * Copyright (c) 1994 Christian E. Hopps @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: advnops.c,v 1.33 2009/03/14 21:04:23 dsl Exp $); +__KERNEL_RCSID(0, $NetBSD: advnops.c,v 1.34 2009/06/23 19:36:38 elad Exp $); #include sys/param.h #include sys/systm.h @@ -786,8 +786,9 @@ break; } } - error = vaccess(sp-a_vp-v_type, adunixprot(ap-adprot) ap-amp-mask, - ap-uid, ap-gid, sp-a_mode, sp-a_cred); + error = genfs_can_access(sp-a_vp-v_type, + adunixprot(ap-adprot) ap-amp-mask, ap-uid, ap-gid, + sp-a_mode, sp-a_cred); #ifdef ADOSFS_DIAGNOSTIC printf( %d), error); #endif Index: src/sys/fs/cd9660/cd9660_vnops.c diff -u src/sys/fs/cd9660/cd9660_vnops.c:1.36 src/sys/fs/cd9660/cd9660_vnops.c:1.37 --- src/sys/fs/cd9660/cd9660_vnops.c:1.36 Wed Dec 17 20:51:35 2008 +++ src/sys/fs/cd9660/cd9660_vnops.c Tue Jun 23 19:36:39 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: cd9660_vnops.c,v 1.36 2008/12/17 20:51:35 cegger Exp $ */ +/* $NetBSD: cd9660_vnops.c,v 1.37 2009/06/23 19:36:39 elad Exp $ */ /*- * Copyright (c) 1994 @@ -37,7 +37,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: cd9660_vnops.c,v 1.36 2008/12/17 20:51:35 cegger Exp $); +__KERNEL_RCSID(0, $NetBSD: cd9660_vnops.c,v 1.37 2009/06/23 19:36:39 elad Exp $); #include sys/param.h #include sys/systm.h @@ -116,7 +116,7 @@ } } - return (vaccess(vp-v_type, ip-inode.iso_mode ALLPERMS, + return (genfs_can_access(vp-v_type, ip-inode.iso_mode ALLPERMS, ip-inode.iso_uid, ip-inode.iso_gid, ap-a_mode, ap-a_cred)); } Index: src/sys/fs/efs/efs_vnops.c diff -u src/sys/fs/efs/efs_vnops.c:1.17 src/sys/fs/efs/efs_vnops.c:1.18 --- src/sys/fs/efs/efs_vnops.c:1.17 Mon Dec 1 14:34:50 2008 +++ src/sys/fs/efs/efs_vnops.c Tue Jun 23 19:36:40 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: efs_vnops.c,v 1.17 2008/12/01 14:34:50 pooka Exp $ */
CVS commit: src/sys/kern
Module Name:src
Committed By: elad
Date: Tue Jun 23 23:04:11 UTC 2009
Modified Files:
src/sys/kern: vfs_subr.c
Log Message:
Wow... too much Python.
Fix DIAGNOSTIC build breakage: print - printf.
Pointed out by Kurt Schreiner on current-users@:
http://mail-index.netbsd.org/current-users/2009/06/23/msg009815.html
To generate a diff of this commit:
cvs rdiff -u -r1.380 -r1.381 src/sys/kern/vfs_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/vfs_subr.c
diff -u src/sys/kern/vfs_subr.c:1.380 src/sys/kern/vfs_subr.c:1.381
--- src/sys/kern/vfs_subr.c:1.380 Tue Jun 23 19:36:38 2009
+++ src/sys/kern/vfs_subr.c Tue Jun 23 23:04:11 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_subr.c,v 1.380 2009/06/23 19:36:38 elad Exp $ */
+/* $NetBSD: vfs_subr.c,v 1.381 2009/06/23 23:04:11 elad Exp $ */
/*-
* Copyright (c) 1997, 1998, 2004, 2005, 2007, 2008 The NetBSD Foundation, Inc.
@@ -91,7 +91,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: vfs_subr.c,v 1.380 2009/06/23 19:36:38 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: vfs_subr.c,v 1.381 2009/06/23 23:04:11 elad Exp $);
#include opt_ddb.h
#include opt_compat_netbsd.h
@@ -2595,7 +2595,7 @@
{
#ifdef DIAGNOSTIC
- print(vaccess: deprecated interface used.\n);
+ printf(vaccess: deprecated interface used.\n);
#endif /* DIAGNOSTIC */
return genfs_can_access(type, file_mode, uid, gid, acc_mode, cred);
CVS commit: src/sys/kern
Module Name:src Committed By: elad Date: Tue May 26 06:57:38 UTC 2009 Modified Files: src/sys/kern: kern_resource.c Log Message: PR/41489: Stathis Kamperis: etpriority(2) returns EACCES instead of EPERM Per discussion on the PR's audit trail, put back original checks for now. To generate a diff of this commit: cvs rdiff -u -r1.151 -r1.152 src/sys/kern/kern_resource.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/kern_resource.c diff -u src/sys/kern/kern_resource.c:1.151 src/sys/kern/kern_resource.c:1.152 --- src/sys/kern/kern_resource.c:1.151 Sun Mar 29 01:02:50 2009 +++ src/sys/kern/kern_resource.c Tue May 26 06:57:38 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_resource.c,v 1.151 2009/03/29 01:02:50 mrg Exp $ */ +/* $NetBSD: kern_resource.c,v 1.152 2009/05/26 06:57:38 elad Exp $ */ /*- * Copyright (c) 1982, 1986, 1991, 1993 @@ -37,7 +37,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: kern_resource.c,v 1.151 2009/03/29 01:02:50 mrg Exp $); +__KERNEL_RCSID(0, $NetBSD: kern_resource.c,v 1.152 2009/05/26 06:57:38 elad Exp $); #include sys/param.h #include sys/systm.h @@ -229,6 +229,11 @@ KASSERT(mutex_owned(chgp-p_lock)); + if (kauth_cred_geteuid(cred) kauth_cred_getuid(cred) + kauth_cred_geteuid(cred) != kauth_cred_geteuid(chgp-p_cred) + kauth_cred_getuid(cred) != kauth_cred_geteuid(chgp-p_cred)) + return (EPERM); + if (n PRIO_MAX) n = PRIO_MAX; if (n PRIO_MIN)
CVS commit: src/sys/netinet
Module Name:src Committed By: elad Date: Tue May 12 21:48:42 UTC 2009 Modified Files: src/sys/netinet: ip_carp.c Log Message: Fix inverted permissions check. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/sys/netinet/ip_carp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_carp.c diff -u src/sys/netinet/ip_carp.c:1.34 src/sys/netinet/ip_carp.c:1.35 --- src/sys/netinet/ip_carp.c:1.34 Sat Apr 18 14:58:05 2009 +++ src/sys/netinet/ip_carp.c Tue May 12 21:48:42 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_carp.c,v 1.34 2009/04/18 14:58:05 tsutsui Exp $ */ +/* $NetBSD: ip_carp.c,v 1.35 2009/05/12 21:48:42 elad Exp $ */ /* $OpenBSD: ip_carp.c,v 1.113 2005/11/04 08:11:54 mcbride Exp $ */ /* @@ -28,7 +28,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: ip_carp.c,v 1.34 2009/04/18 14:58:05 tsutsui Exp $); +__KERNEL_RCSID(0, $NetBSD: ip_carp.c,v 1.35 2009/05/12 21:48:42 elad Exp $); /* * TODO: @@ -1998,10 +1998,10 @@ carpr.carpr_advbase = sc-sc_advbase; carpr.carpr_advskew = sc-sc_advskew; - if ((l == NULL) || (error = kauth_authorize_network(l-l_cred, + if ((l != NULL) || (error = kauth_authorize_network(l-l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, - NULL)) != 0) + NULL)) == 0) memcpy(carpr.carpr_key, sc-sc_key, sizeof(carpr.carpr_key)); error = copyout(carpr, ifr-ifr_data, sizeof(carpr));
CVS commit: src/sys/netinet
Module Name:src Committed By: elad Date: Tue May 12 22:01:20 UTC 2009 Modified Files: src/sys/netinet: ip_carp.c Log Message: Fix previous, || - . Pointed out by cube@, thanks! To generate a diff of this commit: cvs rdiff -u -r1.35 -r1.36 src/sys/netinet/ip_carp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_carp.c diff -u src/sys/netinet/ip_carp.c:1.35 src/sys/netinet/ip_carp.c:1.36 --- src/sys/netinet/ip_carp.c:1.35 Tue May 12 21:48:42 2009 +++ src/sys/netinet/ip_carp.c Tue May 12 22:01:20 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_carp.c,v 1.35 2009/05/12 21:48:42 elad Exp $ */ +/* $NetBSD: ip_carp.c,v 1.36 2009/05/12 22:01:20 elad Exp $ */ /* $OpenBSD: ip_carp.c,v 1.113 2005/11/04 08:11:54 mcbride Exp $ */ /* @@ -28,7 +28,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: ip_carp.c,v 1.35 2009/05/12 21:48:42 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: ip_carp.c,v 1.36 2009/05/12 22:01:20 elad Exp $); /* * TODO: @@ -1998,7 +1998,7 @@ carpr.carpr_advbase = sc-sc_advbase; carpr.carpr_advskew = sc-sc_advskew; - if ((l != NULL) || (error = kauth_authorize_network(l-l_cred, + if ((l != NULL) (error = kauth_authorize_network(l-l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, NULL)) == 0)
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Tue May 12 22:22:46 UTC 2009
Modified Files:
src/sys/netinet: in_pcb.c
src/sys/netinet6: in6_pcb.c in6_src.c
Log Message:
Implicit EPERM - explicit EACCES.
Requested by ad@ and y...@.
To generate a diff of this commit:
cvs rdiff -u -r1.136 -r1.137 src/sys/netinet/in_pcb.c
cvs rdiff -u -r1.108 -r1.109 src/sys/netinet6/in6_pcb.c
cvs rdiff -u -r1.47 -r1.48 src/sys/netinet6/in6_src.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/in_pcb.c
diff -u src/sys/netinet/in_pcb.c:1.136 src/sys/netinet/in_pcb.c:1.137
--- src/sys/netinet/in_pcb.c:1.136 Sat May 9 20:54:52 2009
+++ src/sys/netinet/in_pcb.c Tue May 12 22:22:46 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: in_pcb.c,v 1.136 2009/05/09 20:54:52 elad Exp $ */
+/* $NetBSD: in_pcb.c,v 1.137 2009/05/12 22:22:46 elad Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: in_pcb.c,v 1.136 2009/05/09 20:54:52 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: in_pcb.c,v 1.137 2009/05/12 22:22:46 elad Exp $);
#include opt_inet.h
#include opt_ipsec.h
@@ -257,7 +257,7 @@
error = kauth_authorize_network(cred, KAUTH_NETWORK_BIND, req, so, sin,
NULL);
if (error)
- return (error);
+ return (EACCES);
if (mymin mymax) { /* sanity check */
u_int16_t swp;
@@ -366,7 +366,7 @@
error = kauth_authorize_network(cred, KAUTH_NETWORK_BIND, req,
so, sin, NULL);
if (error)
- return (error);
+ return (EACCES);
#ifdef INET6
memset(mapped, 0, sizeof(mapped));
Index: src/sys/netinet6/in6_pcb.c
diff -u src/sys/netinet6/in6_pcb.c:1.108 src/sys/netinet6/in6_pcb.c:1.109
--- src/sys/netinet6/in6_pcb.c:1.108 Sat May 2 18:58:03 2009
+++ src/sys/netinet6/in6_pcb.c Tue May 12 22:22:46 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_pcb.c,v 1.108 2009/05/02 18:58:03 elad Exp $ */
+/* $NetBSD: in6_pcb.c,v 1.109 2009/05/12 22:22:46 elad Exp $ */
/* $KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: in6_pcb.c,v 1.108 2009/05/02 18:58:03 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: in6_pcb.c,v 1.109 2009/05/12 22:22:46 elad Exp $);
#include opt_inet.h
#include opt_ipsec.h
@@ -283,7 +283,7 @@
error = kauth_authorize_network(l-l_cred, KAUTH_NETWORK_BIND,
req, so, sin6, NULL);
if (error)
- return (error);
+ return (EACCES);
}
if (IN6_IS_ADDR_MULTICAST(sin6-sin6_addr)) {
Index: src/sys/netinet6/in6_src.c
diff -u src/sys/netinet6/in6_src.c:1.47 src/sys/netinet6/in6_src.c:1.48
--- src/sys/netinet6/in6_src.c:1.47 Thu Apr 30 20:26:09 2009
+++ src/sys/netinet6/in6_src.c Tue May 12 22:22:46 2009
@@ -65,7 +65,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: in6_src.c,v 1.47 2009/04/30 20:26:09 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: in6_src.c,v 1.48 2009/05/12 22:22:46 elad Exp $);
#include opt_inet.h
@@ -854,7 +854,7 @@
error = kauth_authorize_network(l-l_cred, KAUTH_NETWORK_BIND, req, so,
sin6, NULL);
if (error)
- return (error);
+ return (EACCES);
if (minport maxport) { /* sanity check */
u_int16_t swp;
CVS commit: src/sys/net
Module Name:src
Committed By: elad
Date: Tue May 12 23:03:25 UTC 2009
Modified Files:
src/sys/net: if_bridge.c
Log Message:
Move kauth(9) call before going into splnet().
Mailing list reference:
http://mail-index.netbsd.org/tech-net/2009/05/08/msg001286.html
To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 src/sys/net/if_bridge.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_bridge.c
diff -u src/sys/net/if_bridge.c:1.68 src/sys/net/if_bridge.c:1.69
--- src/sys/net/if_bridge.c:1.68 Sat Apr 4 15:53:49 2009
+++ src/sys/net/if_bridge.c Tue May 12 23:03:24 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if_bridge.c,v 1.68 2009/04/04 15:53:49 bouyer Exp $ */
+/* $NetBSD: if_bridge.c,v 1.69 2009/05/12 23:03:24 elad Exp $ */
/*
* Copyright 2001 Wasabi Systems, Inc.
@@ -80,7 +80,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: if_bridge.c,v 1.68 2009/04/04 15:53:49 bouyer Exp $);
+__KERNEL_RCSID(0, $NetBSD: if_bridge.c,v 1.69 2009/05/12 23:03:24 elad Exp $);
#include opt_bridge_ipf.h
#include opt_inet.h
@@ -445,11 +445,10 @@
struct ifbrparam ifbrparam;
} args;
struct ifdrv *ifd = (struct ifdrv *) data;
- const struct bridge_control *bc;
+ const struct bridge_control *bc = NULL; /* XXXGCC */
int s, error = 0;
- s = splnet();
-
+ /* Authorize command before calling splnet(). */
switch (cmd) {
case SIOCGDRVSPEC:
case SIOCSDRVSPEC:
@@ -457,8 +456,26 @@
error = EINVAL;
break;
}
+
bc = bridge_control_table[ifd-ifd_cmd];
+ /* We only care about BC_F_SUSER at this point. */
+ if ((bc-bc_flags BC_F_SUSER) == 0)
+ break;
+
+ error = kauth_authorize_generic(l-l_cred,
+ KAUTH_GENERIC_ISSUSER, NULL);
+ if (error)
+ return (error);
+
+ break;
+ }
+
+ s = splnet();
+
+ switch (cmd) {
+ case SIOCGDRVSPEC:
+ case SIOCSDRVSPEC:
if (cmd == SIOCGDRVSPEC
(bc-bc_flags BC_F_COPYOUT) == 0) {
error = EINVAL;
@@ -470,12 +487,7 @@
break;
}
- if (bc-bc_flags BC_F_SUSER) {
- error = kauth_authorize_generic(l-l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
- if (error)
-break;
- }
+ /* BC_F_SUSER is checked above, before splnet(). */
if (ifd-ifd_len != bc-bc_argsize ||
ifd-ifd_len sizeof(args)) {
CVS commit: src/etc
Module Name:src Committed By: elad Date: Sun May 10 14:19:28 UTC 2009 Modified Files: src/etc: MAKEDEV.tmpl Log Message: verified executable - Veriexec. To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 src/etc/MAKEDEV.tmpl Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/etc/MAKEDEV.tmpl diff -u src/etc/MAKEDEV.tmpl:1.120 src/etc/MAKEDEV.tmpl:1.121 --- src/etc/MAKEDEV.tmpl:1.120 Thu Mar 12 00:19:36 2009 +++ src/etc/MAKEDEV.tmpl Sun May 10 14:19:28 2009 @@ -1,5 +1,5 @@ #!/bin/sh - -# $NetBSD: MAKEDEV.tmpl,v 1.120 2009/03/12 00:19:36 jmcneill Exp $ +# $NetBSD: MAKEDEV.tmpl,v 1.121 2009/05/10 14:19:28 elad Exp $ # # Copyright (c) 2003,2007,2008 The NetBSD Foundation, Inc. # All rights reserved. @@ -277,7 +277,7 @@ # twa 3ware Apache control interface # twe 3ware Escalade control interface # uk* unknown SCSI device -# veriexec verified executable fingerprint loader +# veriexec Veriexec fingerprint loader # video* video capture devices # view* generic interface to graphic displays (Amiga) # vmegen* generic VME access
CVS commit: src/share/man/man9
Module Name:src Committed By: elad Date: Sun May 10 14:33:54 UTC 2009 Modified Files: src/share/man/man9: file.9 Log Message: Stub documentation for FILE_LOCK(), FILE_UNLOCK(). To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/share/man/man9/file.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man9/file.9 diff -u src/share/man/man9/file.9:1.11 src/share/man/man9/file.9:1.12 --- src/share/man/man9/file.9:1.11 Wed Apr 30 13:10:58 2008 +++ src/share/man/man9/file.9 Sun May 10 14:33:54 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: file.9,v 1.11 2008/04/30 13:10:58 martin Exp $ +.\ $NetBSD: file.9,v 1.12 2009/05/10 14:33:54 elad Exp $ .\ .\ Copyright (c) 2002, 2005, 2006 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd October 4, 2006 +.Dd May 10, 2009 .Dt FILE 9 .Os .Sh NAME @@ -37,7 +37,9 @@ .Nm FILE_IS_USABLE , .Nm FILE_USE , .Nm FILE_UNUSE , -.Nm FILE_SET_MATURE +.Nm FILE_SET_MATURE , +.Nm FILE_LOCK , +.Nm FILE_UNLOCK .Nd operations on file entries .Sh SYNOPSIS .In sys/file.h @@ -53,6 +55,10 @@ .Fn FILE_UNUSE struct file *fp struct lwp *l .Ft void .Fn FILE_SET_MATURE struct file *fp +.Ft void +.Fn FILE_LOCK struct file *fp +.Ft void +.Fn FILE_UNLOCK struct file *fp .Sh DESCRIPTION The file descriptor table of a process references a file entry for each file used by the kernel. @@ -241,6 +247,12 @@ Mark the file entry as being fully constructed (mature) by clearing the FIF_LARVAL flag in .Em f_iflags . +.It Fn FILE_LOCK fp +Locks the file entry +.Ar fp . +.It Fn FILE_UNLOCK fp +Unlocks the file entry +.Ar fp . .El .Sh CODE REFERENCES This section describes places within the
CVS commit: src/sys/netipsec
Module Name:src
Committed By: elad
Date: Sun May 10 02:13:07 UTC 2009
Modified Files:
src/sys/netipsec: ipsec.c ipsec.h ipsec6.h
Log Message:
Adapt FAST_IPSEC to recent KPI changes.
Pointed out by dyoung@ on tech-kern@, thanks!
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.23 -r1.24 src/sys/netipsec/ipsec.h
cvs rdiff -u -r1.11 -r1.12 src/sys/netipsec/ipsec6.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.43 src/sys/netipsec/ipsec.c:1.44
--- src/sys/netipsec/ipsec.c:1.43 Sat Apr 18 14:58:06 2009
+++ src/sys/netipsec/ipsec.c Sun May 10 02:13:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.43 2009/04/18 14:58:06 tsutsui Exp $ */
+/* $NetBSD: ipsec.c,v 1.44 2009/05/10 02:13:07 elad Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ipsec.c,v 1.43 2009/04/18 14:58:06 tsutsui Exp $);
+__KERNEL_RCSID(0, $NetBSD: ipsec.c,v 1.44 2009/05/10 02:13:07 elad Exp $);
/*
* IPsec controller part.
@@ -58,6 +58,7 @@
#include sys/syslog.h
#include sys/sysctl.h
#include sys/proc.h
+#include sys/kauth.h
#include net/if.h
#include net/route.h
@@ -241,7 +242,8 @@
#endif
static void ipsec_delpcbpolicy (struct inpcbpolicy *);
static struct secpolicy *ipsec_deepcopy_policy (struct secpolicy *);
-static int ipsec_set_policy (struct secpolicy **,int , void *, size_t , int );
+static int ipsec_set_policy (struct secpolicy **,int , void *, size_t ,
+kauth_cred_t );
static int ipsec_get_policy (struct secpolicy *, struct mbuf **);
static void vshiftl (unsigned char *, int, int);
static size_t ipsec_hdrsiz (struct secpolicy *);
@@ -1284,7 +1286,7 @@
int optname,
void *request,
size_t len,
- int priv
+ kauth_cred_t cred
)
{
struct sadb_x_policy *xpl;
@@ -1309,8 +1311,12 @@
return EINVAL;
/* check privileged socket */
- if (priv == 0 xpl-sadb_x_policy_type == IPSEC_POLICY_BYPASS)
- return EACCES;
+ if (xpl-sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
+ error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+ NULL);
+ if (error)
+ return (error);
+ }
/* allocation new SP entry */
if ((newsp = key_msg2sp(xpl, len, error)) == NULL)
@@ -1352,7 +1358,7 @@
int
ipsec4_set_policy(struct inpcb *inp, int optname ,void *request,
- size_t len, int priv)
+ size_t len, kauth_cred_t cred)
{
struct sadb_x_policy *xpl;
struct secpolicy **pcb_sp;
@@ -1381,7 +1387,7 @@
return EINVAL;
}
- return ipsec_set_policy(pcb_sp, optname, request, len, priv);
+ return ipsec_set_policy(pcb_sp, optname, request, len, cred);
}
int
@@ -1440,7 +1446,7 @@
#ifdef INET6
int
ipsec6_set_policy(struct in6pcb *in6p, int optname, void *request,
- size_t len, int priv)
+ size_t len, kauth_cred_t cred)
{
struct sadb_x_policy *xpl;
struct secpolicy **pcb_sp;
@@ -1466,7 +1472,7 @@
return EINVAL;
}
- return ipsec_set_policy(pcb_sp, optname, request, len, priv);
+ return ipsec_set_policy(pcb_sp, optname, request, len, cred);
}
int
Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.23 src/sys/netipsec/ipsec.h:1.24
--- src/sys/netipsec/ipsec.h:1.23 Wed Nov 12 12:36:28 2008
+++ src/sys/netipsec/ipsec.h Sun May 10 02:13:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.23 2008/11/12 12:36:28 ad Exp $ */
+/* $NetBSD: ipsec.h,v 1.24 2009/05/10 02:13:07 elad Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -286,7 +286,7 @@
u_int ipsec_get_reqlevel (struct ipsecrequest *);
int ipsec_in_reject (struct secpolicy *, struct mbuf *);
-int ipsec4_set_policy (struct inpcb *, int, void *, size_t, int);
+int ipsec4_set_policy (struct inpcb *, int, void *, size_t, kauth_cred_t);
int ipsec4_get_policy (struct inpcb *, void *, size_t, struct mbuf **);
int ipsec4_delete_pcbpolicy (struct inpcb *);
int ipsec4_in_reject (struct mbuf *, struct inpcb *);
Index: src/sys/netipsec/ipsec6.h
diff -u src/sys/netipsec/ipsec6.h:1.11 src/sys/netipsec/ipsec6.h:1.12
--- src/sys/netipsec/ipsec6.h:1.11 Sun Apr 27 12:58:48 2008
+++ src/sys/netipsec/ipsec6.h Sun May 10 02:13:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec6.h,v 1.11 2008/04/27 12:58:48 degroote Exp $ */
+/* $NetBSD: ipsec6.h,v 1.12 2009/05/10 02:13:07 elad Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec6.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $ */
@@ -62,7 +62,7 @@
#define key_freesp(_x) KEY_FREESP(_x)
int ipsec6_delete_pcbpolicy (struct in6pcb *);
-int ipsec6_set_policy (struct in6pcb
CVS commit: src/share/man/man9
Module Name:src Committed By: elad Date: Thu May 7 11:23:02 UTC 2009 Modified Files: src/share/man/man9: kauth.9 Log Message: .Sy - .Ss for a subsection header. Pointed out by wiz@, thanks! To generate a diff of this commit: cvs rdiff -u -r1.79 -r1.80 src/share/man/man9/kauth.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man9/kauth.9 diff -u src/share/man/man9/kauth.9:1.79 src/share/man/man9/kauth.9:1.80 --- src/share/man/man9/kauth.9:1.79 Tue May 5 21:03:28 2009 +++ src/share/man/man9/kauth.9 Thu May 7 11:23:01 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: kauth.9,v 1.79 2009/05/05 21:03:28 elad Exp $ +.\ $NetBSD: kauth.9,v 1.80 2009/05/07 11:23:01 elad Exp $ .\ .\ Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org .\ All rights reserved. @@ -861,7 +861,7 @@ to the listener, is device-specific data that may be associated with the request. .Pp -.Sy Bluetooth Devices +.Ss Bluetooth Devices .Pp Authorizing actions relevant to bluetooth devices is done using the standard authorization wrapper, with the following actions: @@ -884,7 +884,7 @@ describing the command. .El .Pp -.Sy Kernel random device +.Ss Kernel random device Authorization actions relevant to the kernel random device, .Xr rnd 4 , is done using the standard authorization wrapper, with the following actions:
CVS commit: src
Module Name:src
Committed By: elad
Date: Thu May 7 19:26:09 UTC 2009
Modified Files:
src/share/man/man9: kauth.9
src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
src/sys/sys: kauth.h
src/sys/ufs/ext2fs: ext2fs_alloc.c
src/sys/ufs/ffs: ffs_alloc.c
src/sys/ufs/ufs: ufs_quota.c ufs_vfsops.c
Log Message:
Introduce several actions/requests for authorizing file-system related
operations, specifically quota and block allocation from reserved space.
Modify ufs_quotactl() to accomodate passing mp earlier by vfs_busy()ing
it a little bit higher.
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/04/26/msg004936.html
Note that the umapfs request mentioned in this thread was NOT added as
there is still on-going discussion regarding the proper implementation.
To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.83 src/share/man/man9/kauth.9
cvs rdiff -u -r1.65 -r1.66 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
cvs rdiff -u -r1.57 -r1.58 src/sys/sys/kauth.h
cvs rdiff -u -r1.38 -r1.39 src/sys/ufs/ext2fs/ext2fs_alloc.c
cvs rdiff -u -r1.123 -r1.124 src/sys/ufs/ffs/ffs_alloc.c
cvs rdiff -u -r1.61 -r1.62 src/sys/ufs/ufs/ufs_quota.c
cvs rdiff -u -r1.39 -r1.40 src/sys/ufs/ufs/ufs_vfsops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man9/kauth.9
diff -u src/share/man/man9/kauth.9:1.82 src/share/man/man9/kauth.9:1.83
--- src/share/man/man9/kauth.9:1.82 Thu May 7 18:01:56 2009
+++ src/share/man/man9/kauth.9 Thu May 7 19:26:08 2009
@@ -1,4 +1,4 @@
-.\ $NetBSD: kauth.9,v 1.82 2009/05/07 18:01:56 elad Exp $
+.\ $NetBSD: kauth.9,v 1.83 2009/05/07 19:26:08 elad Exp $
.\
.\ Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org
.\ All rights reserved.
@@ -203,6 +203,37 @@
.El
.It Dv KAUTH_SYSTEM_FILEHANDLE
Check if filehandle operations allowed.
+.It Dv KAUTH_SYSTEM_FS_QUOTA
+Check if file-system quota operations are allowed.
+.Pp
+.Ar arg1
+is a
+.Ft struct mount *
+describing the file-system mount in question.
+.Ar req
+can be one of the following:
+.Bl -tag -width compact
+.It Dv KAUTH_REQ_SYSTEM_FS_QUOTA_GET
+Check if retrieving quota information is allowed.
+.Pp
+.Ar arg2
+is a
+.Ft uid_t
+with the user-id of the user whose quota information is to be retrieved.
+.It Dv KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF
+Check if turning quota on/off is allowed.
+.It Dv KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE
+Check if managing the quota by setting the quota/quota use is allowed.
+.Pp
+.Ar arg2
+is a
+.Ft uid_t
+with the user-id of the user whose quota/quota use is to be set.
+.It Dv KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT
+Check if bypassing the quota (not enforcing it) is allwoed.
+.El
+.It Dv KAUTH_SYSTEM_FS_RESERVEDSPACE
+Check if using the file-system reserved space is allowed.
.It Dv KAUTH_SYSTEM_MODULE
Check if a module request is allowed.
.Pp
Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.65 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.66
--- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.65 Thu May 7 18:01:56 2009
+++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c Thu May 7 19:26:09 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.65 2009/05/07 18:01:56 elad Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.66 2009/05/07 19:26:09 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat e...@netbsd.org
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: secmodel_bsd44_suser.c,v 1.65 2009/05/07 18:01:56 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: secmodel_bsd44_suser.c,v 1.66 2009/05/07 19:26:09 elad Exp $);
#include sys/types.h
#include sys/param.h
@@ -172,6 +172,27 @@
break;
+ case KAUTH_SYSTEM_FS_QUOTA:
+ switch (req) {
+ case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
+ case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
+ case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
+ case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
+ if (isroot)
+result = KAUTH_RESULT_ALLOW;
+ break;
+
+ default:
+ break;
+ }
+
+ break;
+
+ case KAUTH_SYSTEM_FS_RESERVEDSPACE:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
case KAUTH_SYSTEM_MOUNT:
switch (req) {
case KAUTH_REQ_SYSTEM_MOUNT_GET:
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.57 src/sys/sys/kauth.h:1.58
--- src/sys/sys/kauth.h:1.57 Thu May 7 18:01:56 2009
+++ src/sys/sys/kauth.h Thu May 7 19:26:08 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.57 2009/05/07 18:01:56 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.58 2009/05/07 19:26:08 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org
@@ -94,7 +94,9 @@
KAUTH_SYSTEM_SWAPCTL,
KAUTH_SYSTEM_SYSCTL,
KAUTH_SYSTEM_TIME,
- KAUTH_SYSTEM_MODULE
+ KAUTH_SYSTEM_MODULE,
+ KAUTH_SYSTEM_FS_RESERVEDSPACE,
+ KAUTH_SYSTEM_FS_QUOTA,
};
/*
@@ -122,7 +124,11 @@
KAUTH_REQ_SYSTEM_TIME_NTPADJTIME
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Thu May 7 19:30:31 UTC 2009
Modified Files:
src/sys/fs/msdosfs: msdosfs_vnops.c
src/sys/fs/ptyfs: ptyfs_vnops.c
src/sys/fs/smbfs: smbfs_vnops.c
src/sys/fs/tmpfs: tmpfs_subr.c
src/sys/fs/udf: udf_vnops.c
src/sys/miscfs/genfs: genfs.h genfs_vnops.c
src/sys/ufs/ext2fs: ext2fs_vnops.c
src/sys/ufs/ufs: ufs_vnops.c
Log Message:
Extract the open-coded authorization logic for chtimes() from various
file-systems and put it in a single function, genfs_can_chtimes().
This also makes UDF follow the same policy as all other file-systems.
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/04/27/msg004951.html
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 src/sys/fs/msdosfs/msdosfs_vnops.c
cvs rdiff -u -r1.29 -r1.30 src/sys/fs/ptyfs/ptyfs_vnops.c
cvs rdiff -u -r1.66 -r1.67 src/sys/fs/smbfs/smbfs_vnops.c
cvs rdiff -u -r1.52 -r1.53 src/sys/fs/tmpfs/tmpfs_subr.c
cvs rdiff -u -r1.40 -r1.41 src/sys/fs/udf/udf_vnops.c
cvs rdiff -u -r1.25 -r1.26 src/sys/miscfs/genfs/genfs.h
cvs rdiff -u -r1.170 -r1.171 src/sys/miscfs/genfs/genfs_vnops.c
cvs rdiff -u -r1.85 -r1.86 src/sys/ufs/ext2fs/ext2fs_vnops.c
cvs rdiff -u -r1.175 -r1.176 src/sys/ufs/ufs/ufs_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/fs/msdosfs/msdosfs_vnops.c
diff -u src/sys/fs/msdosfs/msdosfs_vnops.c:1.58 src/sys/fs/msdosfs/msdosfs_vnops.c:1.59
--- src/sys/fs/msdosfs/msdosfs_vnops.c:1.58 Sat Mar 14 21:04:23 2009
+++ src/sys/fs/msdosfs/msdosfs_vnops.c Thu May 7 19:30:31 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: msdosfs_vnops.c,v 1.58 2009/03/14 21:04:23 dsl Exp $ */
+/* $NetBSD: msdosfs_vnops.c,v 1.59 2009/05/07 19:30:31 elad Exp $ */
/*-
* Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank.
@@ -48,7 +48,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: msdosfs_vnops.c,v 1.58 2009/03/14 21:04:23 dsl Exp $);
+__KERNEL_RCSID(0, $NetBSD: msdosfs_vnops.c,v 1.59 2009/05/07 19:30:31 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -377,11 +377,9 @@
if (vap-va_atime.tv_sec != VNOVAL || vap-va_mtime.tv_sec != VNOVAL) {
if (vp-v_mount-mnt_flag MNT_RDONLY)
return (EROFS);
- if (kauth_cred_geteuid(cred) != pmp-pm_uid
- (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
- NULL))
- ((vap-va_vaflags VA_UTIMES_NULL) == 0 ||
- (error = VOP_ACCESS(ap-a_vp, VWRITE, cred
+ error = genfs_can_chtimes(ap-a_vp, vap-va_vaflags,
+ pmp-pm_uid, cred);
+ if (error)
return (error);
if ((pmp-pm_flags MSDOSFSMNT_NOWIN95) == 0
vap-va_atime.tv_sec != VNOVAL)
Index: src/sys/fs/ptyfs/ptyfs_vnops.c
diff -u src/sys/fs/ptyfs/ptyfs_vnops.c:1.29 src/sys/fs/ptyfs/ptyfs_vnops.c:1.30
--- src/sys/fs/ptyfs/ptyfs_vnops.c:1.29 Wed Apr 22 22:57:09 2009
+++ src/sys/fs/ptyfs/ptyfs_vnops.c Thu May 7 19:30:29 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ptyfs_vnops.c,v 1.29 2009/04/22 22:57:09 elad Exp $ */
+/* $NetBSD: ptyfs_vnops.c,v 1.30 2009/05/07 19:30:29 elad Exp $ */
/*
* Copyright (c) 1993, 1995
@@ -76,7 +76,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ptyfs_vnops.c,v 1.29 2009/04/22 22:57:09 elad Exp $);
+__KERNEL_RCSID(0, $NetBSD: ptyfs_vnops.c,v 1.30 2009/05/07 19:30:29 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -419,11 +419,9 @@
return EROFS;
if ((ptyfs-ptyfs_flags SF_SNAPSHOT) != 0)
return EPERM;
- if (kauth_cred_geteuid(cred) != ptyfs-ptyfs_uid
- (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
- NULL))
- ((vap-va_vaflags VA_UTIMES_NULL) == 0 ||
- (error = VOP_ACCESS(vp, VWRITE, cred)) != 0))
+ error = genfs_can_chtimes(vp, vap-va_vaflags, ptyfs-ptyfs_uid,
+ cred);
+ if (error)
return (error);
if (vap-va_atime.tv_sec != VNOVAL)
if (!(vp-v_mount-mnt_flag MNT_NOATIME))
Index: src/sys/fs/smbfs/smbfs_vnops.c
diff -u src/sys/fs/smbfs/smbfs_vnops.c:1.66 src/sys/fs/smbfs/smbfs_vnops.c:1.67
--- src/sys/fs/smbfs/smbfs_vnops.c:1.66 Sat Mar 14 21:04:24 2009
+++ src/sys/fs/smbfs/smbfs_vnops.c Thu May 7 19:30:30 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: smbfs_vnops.c,v 1.66 2009/03/14 21:04:24 dsl Exp $ */
+/* $NetBSD: smbfs_vnops.c,v 1.67 2009/05/07 19:30:30 elad Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -64,7 +64,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: smbfs_vnops.c,v 1.66 2009/03/14 21:04:24 dsl Exp $);
+__KERNEL_RCSID(0, $NetBSD: smbfs_vnops.c,v 1.67 2009/05/07 19:30:30 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -436,13 +436,10 @@
if (vap-va_atime.tv_sec != VNOVAL)
atime = vap-va_atime;
if (mtime != atime) {
-if (kauth_cred_geteuid(ap-a_cred) !=
- VTOSMBFS(vp)-sm_args.uid
-(error = kauth_authorize_generic(ap-a_cred,
- KAUTH_GENERIC_ISSUSER,
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Wed May 6 18:41:54 UTC 2009
Modified Files:
src/sys/arch/macppc/dev: ofb.c
src/sys/dev/pci: chipsfb.c genfb_pci.c machfb.c r128fb.c radeonfb.c
voodoofb.c
Log Message:
Replace curlwp-l_cred with kauth_cred_get().
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/05/05/msg005038.html
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/sys/arch/macppc/dev/ofb.c
cvs rdiff -u -r1.17 -r1.18 src/sys/dev/pci/chipsfb.c
cvs rdiff -u -r1.18 -r1.19 src/sys/dev/pci/genfb_pci.c \
src/sys/dev/pci/voodoofb.c
cvs rdiff -u -r1.56 -r1.57 src/sys/dev/pci/machfb.c
cvs rdiff -u -r1.7 -r1.8 src/sys/dev/pci/r128fb.c
cvs rdiff -u -r1.31 -r1.32 src/sys/dev/pci/radeonfb.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/macppc/dev/ofb.c
diff -u src/sys/arch/macppc/dev/ofb.c:1.63 src/sys/arch/macppc/dev/ofb.c:1.64
--- src/sys/arch/macppc/dev/ofb.c:1.63 Mon Nov 26 19:58:29 2007
+++ src/sys/arch/macppc/dev/ofb.c Wed May 6 18:41:54 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ofb.c,v 1.63 2007/11/26 19:58:29 garbled Exp $ */
+/* $NetBSD: ofb.c,v 1.64 2009/05/06 18:41:54 elad Exp $ */
/*
* Copyright (c) 1995, 1996 Carnegie-Mellon University.
@@ -28,7 +28,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ofb.c,v 1.63 2007/11/26 19:58:29 garbled Exp $);
+__KERNEL_RCSID(0, $NetBSD: ofb.c,v 1.64 2009/05/06 18:41:54 elad Exp $);
#include sys/param.h
#include sys/buf.h
@@ -319,7 +319,6 @@
struct ofb_softc *sc = vd-cookie;
struct rasops_info *ri;
u_int32_t *ap = sc-sc_addrs;
- struct lwp *me;
int i;
if (vd-active == NULL) {
@@ -338,13 +337,10 @@
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- me = curlwp;
- if (me != NULL) {
- if (kauth_authorize_generic(me-l_cred, KAUTH_GENERIC_ISSUSER,
- NULL) != 0) {
- printf(%s: mmap() rejected.\n, sc-sc_dev.dv_xname);
- return -1;
- }
+ if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
+ NULL) != 0) {
+ printf(%s: mmap() rejected.\n, sc-sc_dev.dv_xname);
+ return -1;
}
/* let them mmap() 0xa - 0xb if it's not covered above */
Index: src/sys/dev/pci/chipsfb.c
diff -u src/sys/dev/pci/chipsfb.c:1.17 src/sys/dev/pci/chipsfb.c:1.18
--- src/sys/dev/pci/chipsfb.c:1.17 Wed May 6 10:34:32 2009
+++ src/sys/dev/pci/chipsfb.c Wed May 6 18:41:54 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: chipsfb.c,v 1.17 2009/05/06 10:34:32 cegger Exp $ */
+/* $NetBSD: chipsfb.c,v 1.18 2009/05/06 18:41:54 elad Exp $ */
/*
* Copyright (c) 2006 Michael Lorenz
@@ -31,7 +31,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: chipsfb.c,v 1.17 2009/05/06 10:34:32 cegger Exp $);
+__KERNEL_RCSID(0, $NetBSD: chipsfb.c,v 1.18 2009/05/06 18:41:54 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -865,7 +865,6 @@
{
struct vcons_data *vd = v;
struct chipsfb_softc *sc = vd-cookie;
- struct lwp *me;
paddr_t pa;
/* 'regular' framebuffer mmap()ing */
@@ -879,13 +878,10 @@
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- me = curlwp;
- if (me != NULL) {
- if (kauth_authorize_generic(me-l_cred, KAUTH_GENERIC_ISSUSER,
- NULL) != 0) {
- aprint_normal_dev(sc-sc_dev, mmap() rejected.\n);
- return -1;
- }
+ if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
+ NULL) != 0) {
+ aprint_normal_dev(sc-sc_dev, mmap() rejected.\n);
+ return -1;
}
if ((offset = sc-sc_fb) (offset (sc-sc_fb + sc-sc_fbsize))) {
Index: src/sys/dev/pci/genfb_pci.c
diff -u src/sys/dev/pci/genfb_pci.c:1.18 src/sys/dev/pci/genfb_pci.c:1.19
--- src/sys/dev/pci/genfb_pci.c:1.18 Wed May 6 10:34:32 2009
+++ src/sys/dev/pci/genfb_pci.c Wed May 6 18:41:54 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: genfb_pci.c,v 1.18 2009/05/06 10:34:32 cegger Exp $ */
+/* $NetBSD: genfb_pci.c,v 1.19 2009/05/06 18:41:54 elad Exp $ */
/*-
* Copyright (c) 2007 Michael Lorenz
@@ -27,7 +27,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: genfb_pci.c,v 1.18 2009/05/06 10:34:32 cegger Exp $);
+__KERNEL_RCSID(0, $NetBSD: genfb_pci.c,v 1.19 2009/05/06 18:41:54 elad Exp $);
#include sys/param.h
#include sys/systm.h
@@ -222,7 +222,6 @@
{
struct pci_genfb_softc *sc = v;
struct range *r;
- struct lwp *me;
int i;
if (offset == 0)
@@ -247,13 +246,10 @@
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- me = curlwp;
- if (me != NULL) {
- if (kauth_authorize_generic(me-l_cred, KAUTH_GENERIC_ISSUSER,
- NULL) != 0) {
- aprint_normal_dev(sc-sc_gen.sc_dev, mmap() rejected.\n);
- return -1;
- }
+ if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
+ NULL) != 0) {
+ aprint_normal_dev(sc-sc_gen.sc_dev, mmap() rejected.\n);
+ return
CVS commit: src/sys/secmodel/securelevel
Module Name:src Committed By: elad Date: Wed May 6 21:10:22 UTC 2009 Modified Files: src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: Sprinkle some switch defaults. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/securelevel/secmodel_securelevel.c diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.10 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.11 --- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.10 Sun Jan 11 02:45:55 2009 +++ src/sys/secmodel/securelevel/secmodel_securelevel.c Wed May 6 21:10:22 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_securelevel.c,v 1.10 2009/01/11 02:45:55 christos Exp $ */ +/* $NetBSD: secmodel_securelevel.c,v 1.11 2009/05/06 21:10:22 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -35,7 +35,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.10 2009/01/11 02:45:55 christos Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.11 2009/05/06 21:10:22 elad Exp $); #ifdef _KERNEL_OPT #include opt_insecure.h @@ -258,6 +258,9 @@ break; } break; + + default: + break; } return (result); @@ -314,6 +317,9 @@ if (securelevel 1) result = KAUTH_RESULT_DENY; break; + + default: + break; } return (result); @@ -355,6 +361,9 @@ if (securelevel 0) result = KAUTH_RESULT_DENY; break; + + default: + break; } return (result); @@ -387,6 +396,9 @@ if (securelevel 0) result = KAUTH_RESULT_DENY; break; + + default: + break; } return (result); @@ -435,6 +447,9 @@ if (securelevel 0) result = KAUTH_RESULT_DENY; break; + + default: +break; } break; @@ -496,6 +511,9 @@ result = KAUTH_RESULT_DENY; break; + + default: + break; } break; @@ -515,6 +533,9 @@ } break; + + default: + break; } return (result);
CVS commit: src/sys
Module Name:src
Committed By: elad
Date: Wed May 6 21:41:59 UTC 2009
Modified Files:
src/sys/netinet: ip_output.c
src/sys/netinet6: ip6_output.c ip6_var.h ipsec.c ipsec.h raw_ip6.c
udp6_output.c
Log Message:
Remove some usage of priv and privileged variables and instead pass
around credentials. Also push down kauth(9) calls closer to where the
operation is done.
Mailing list reference:
http://mail-index.netbsd.org/tech-net/2009/04/30/msg001270.html
To generate a diff of this commit:
cvs rdiff -u -r1.201 -r1.202 src/sys/netinet/ip_output.c
cvs rdiff -u -r1.137 -r1.138 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.52 -r1.53 src/sys/netinet6/ip6_var.h
cvs rdiff -u -r1.140 -r1.141 src/sys/netinet6/ipsec.c
cvs rdiff -u -r1.50 -r1.51 src/sys/netinet6/ipsec.h
cvs rdiff -u -r1.103 -r1.104 src/sys/netinet6/raw_ip6.c
cvs rdiff -u -r1.38 -r1.39 src/sys/netinet6/udp6_output.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/ip_output.c
diff -u src/sys/netinet/ip_output.c:1.201 src/sys/netinet/ip_output.c:1.202
--- src/sys/netinet/ip_output.c:1.201 Wed Mar 18 16:00:22 2009
+++ src/sys/netinet/ip_output.c Wed May 6 21:41:59 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.201 2009/03/18 16:00:22 cegger Exp $ */
+/* $NetBSD: ip_output.c,v 1.202 2009/05/06 21:41:59 elad Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ip_output.c,v 1.201 2009/03/18 16:00:22 cegger Exp $);
+__KERNEL_RCSID(0, $NetBSD: ip_output.c,v 1.202 2009/05/06 21:41:59 elad Exp $);
#include opt_pfil_hooks.h
#include opt_inet.h
@@ -1296,20 +1296,8 @@
#if defined(IPSEC) || defined(FAST_IPSEC)
case IP_IPSEC_POLICY:
{
- int priv = 0;
-
-#ifdef __NetBSD__
- if (l == 0 || kauth_authorize_generic(l-l_cred,
- KAUTH_GENERIC_ISSUSER, NULL))
-priv = 0;
- else
-priv = 1;
-#else
- priv = (in6p-in6p_socket-so_state SS_PRIV);
-#endif
-
error = ipsec4_set_policy(inp, sopt-sopt_name,
- sopt-sopt_data, sopt-sopt_size, priv);
+ sopt-sopt_data, sopt-sopt_size, l-l_cred);
break;
}
#endif /*IPSEC*/
Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.137 src/sys/netinet6/ip6_output.c:1.138
--- src/sys/netinet6/ip6_output.c:1.137 Sat Apr 18 12:40:52 2009
+++ src/sys/netinet6/ip6_output.c Wed May 6 21:41:59 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.137 2009/04/18 12:40:52 drochner Exp $ */
+/* $NetBSD: ip6_output.c,v 1.138 2009/05/06 21:41:59 elad Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ip6_output.c,v 1.137 2009/04/18 12:40:52 drochner Exp $);
+__KERNEL_RCSID(0, $NetBSD: ip6_output.c,v 1.138 2009/05/06 21:41:59 elad Exp $);
#include opt_inet.h
#include opt_inet6.h
@@ -128,9 +128,9 @@
};
static int ip6_pcbopt(int, u_char *, int, struct ip6_pktopts **,
- int, int);
+ kauth_cred_t, int);
static int ip6_getpcbopt(struct ip6_pktopts *, int, struct sockopt *);
-static int ip6_setpktopt(int, u_char *, int, struct ip6_pktopts *, int,
+static int ip6_setpktopt(int, u_char *, int, struct ip6_pktopts *, kauth_cred_t,
int, int, int);
static int ip6_setmoptions(const struct sockopt *, struct ip6_moptions **);
static int ip6_getmoptions(struct sockopt *, struct ip6_moptions *);
@@ -1466,11 +1466,10 @@
int
ip6_ctloutput(int op, struct socket *so, struct sockopt *sopt)
{
- int privileged, optdatalen, uproto;
+ int optdatalen, uproto;
void *optdata;
struct in6pcb *in6p = sotoin6pcb(so);
int error, optval;
- struct lwp *l = curlwp; /* XXX */
int level, optname;
KASSERT(sopt != NULL);
@@ -1479,8 +1478,6 @@
optname = sopt-sopt_name;
error = optval = 0;
- privileged = (l == 0 || kauth_authorize_generic(l-l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) ? 0 : 1;
uproto = (int)so-so_proto-pr_protocol;
if (level != IPPROTO_IPV6) {
@@ -1511,10 +1508,10 @@
case IPV6_RECVHOPOPTS:
case IPV6_RECVDSTOPTS:
case IPV6_RECVRTHDRDSTOPTS:
- if (!privileged) {
-error = EPERM;
+ error = kauth_authorize_generic(kauth_cred_get(),
+ KAUTH_GENERIC_ISSUSER, NULL);
+ if (error)
break;
- }
/* FALLTHROUGH */
case IPV6_UNICAST_HOPS:
case IPV6_HOPLIMIT:
@@ -1586,7 +1583,7 @@
(u_char *)optval,
sizeof(optval),
optp,
- privileged, uproto);
+ kauth_cred_get(), uproto);
break;
}
@@ -1705,7 +1702,7 @@
(u_char *)tclass,
sizeof(tclass),
optp,
- privileged, uproto);
+ kauth_cred_get(), uproto);
break;
}
@@ -1722,7 +1719,7 @@
(u_char *)optval,
sizeof(optval),
optp,
- privileged, uproto);
+ kauth_cred_get(), uproto);
break;
CVS commit: src/sys/net
Module Name:src Committed By: elad Date: Wed May 6 22:17:41 UTC 2009 Modified Files: src/sys/net: net_osdep.h Log Message: Provide privilege checking code snippets for all significant NetBSD versions: 2 (suser, proc), 2 3 (suser, lwp), = 4 (kauth, lwp). No functional change as it's all inside a big comment. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/sys/net/net_osdep.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/net/net_osdep.h diff -u src/sys/net/net_osdep.h:1.17 src/sys/net/net_osdep.h:1.18 --- src/sys/net/net_osdep.h:1.17 Sun Mar 4 06:03:17 2007 +++ src/sys/net/net_osdep.h Wed May 6 22:17:41 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: net_osdep.h,v 1.17 2007/03/04 06:03:17 christos Exp $ */ +/* $NetBSD: net_osdep.h,v 1.18 2009/05/06 22:17:41 elad Exp $ */ /* $KAME: net_osdep.h,v 1.51 2001/07/06 06:21:43 itojun Exp $ */ /* @@ -79,12 +79,21 @@ * of BSDI (the change is not merged - yet). * * - privileged process - * NetBSD + * NetBSD 2, 3 + * struct lwp *l; + * if (l-l_proc + * !suser(l-l_proc-p_ucred, l-l_proc-p_acflag)) + * privileged + * NetBSD = 4 + * below is the generic authorization call, please see kauth(9) + * for more specific alternatives (for proper integration with + * secmodels) + * * struct lwp *l; * if (l != NULL kauth_authorize_generic(l-l_cred, * KAUTH_GENERIC_ISSUSER, NULL) == 0) * privileged; - * FreeBSD 3 + * NetBSD 2, FreeBSD 3 * struct proc *p; * if (p !suser(p-p_ucred, p-p_acflag)) * privileged;
CVS commit: src
Module Name:src Committed By: elad Date: Tue May 5 21:03:29 UTC 2009 Modified Files: src/share/man/man9: kauth.9 src/sys/dev: rnd.c src/sys/secmodel/bsd44: secmodel_bsd44_suser.c src/sys/sys: kauth.h Log Message: Add device scope actions for rnd(4) and use them. Mailing list reference: http://mail-index.netbsd.org/tech-kern/2009/04/27/msg004953.html To generate a diff of this commit: cvs rdiff -u -r1.78 -r1.79 src/share/man/man9/kauth.9 cvs rdiff -u -r1.71 -r1.72 src/sys/dev/rnd.c cvs rdiff -u -r1.63 -r1.64 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c cvs rdiff -u -r1.55 -r1.56 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man9/kauth.9 diff -u src/share/man/man9/kauth.9:1.78 src/share/man/man9/kauth.9:1.79 --- src/share/man/man9/kauth.9:1.78 Sun May 3 19:25:39 2009 +++ src/share/man/man9/kauth.9 Tue May 5 21:03:28 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: kauth.9,v 1.78 2009/05/03 19:25:39 wiz Exp $ +.\ $NetBSD: kauth.9,v 1.79 2009/05/05 21:03:28 elad Exp $ .\ .\ Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org .\ All rights reserved. @@ -25,7 +25,7 @@ .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\ -.Dd May 3, 2009 +.Dd May 5, 2009 .Dt KAUTH 9 .Os .Sh NAME @@ -883,6 +883,20 @@ .Ft u_long describing the command. .El +.Pp +.Sy Kernel random device +Authorization actions relevant to the kernel random device, +.Xr rnd 4 , +is done using the standard authorization wrapper, with the following actions: +.Pp +.Bl -tag -width compact +.It KAUTH_DEVICE_RND_ADDDATA +Check if adding data to the entropy pool is allowed. +.It KAUTH_DEVICE_RND_GETPRIV +Check if privileged settings and information can be retrieved. +.It KAUTH_DEVICE_RND_SETPRIV +Check if privileged settings can be changed. +.El .Ss Credentials Scope The credentials scope, .Dq org.netbsd.kauth.cred , Index: src/sys/dev/rnd.c diff -u src/sys/dev/rnd.c:1.71 src/sys/dev/rnd.c:1.72 --- src/sys/dev/rnd.c:1.71 Sat Aug 16 13:07:30 2008 +++ src/sys/dev/rnd.c Tue May 5 21:03:29 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: rnd.c,v 1.71 2008/08/16 13:07:30 dan Exp $ */ +/* $NetBSD: rnd.c,v 1.72 2009/05/05 21:03:29 elad Exp $ */ /*- * Copyright (c) 1997 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: rnd.c,v 1.71 2008/08/16 13:07:30 dan Exp $); +__KERNEL_RCSID(0, $NetBSD: rnd.c,v 1.72 2009/05/05 21:03:29 elad Exp $); #include sys/param.h #include sys/ioctl.h @@ -496,16 +496,30 @@ case FIOASYNC: case RNDGETENTCNT: break; + case RNDGETPOOLSTAT: case RNDGETSRCNUM: case RNDGETSRCNAME: + ret = kauth_authorize_device(l-l_cred, + KAUTH_DEVICE_RND_GETPRIV, NULL, NULL, NULL, NULL); + if (ret) + return (ret); + break; + case RNDCTL: + ret = kauth_authorize_device(l-l_cred, + KAUTH_DEVICE_RND_SETPRIV, NULL, NULL, NULL, NULL); + if (ret) + return (ret); + break; + case RNDADDDATA: - ret = kauth_authorize_generic(l-l_cred, KAUTH_GENERIC_ISSUSER, - NULL); + ret = kauth_authorize_device(l-l_cred, + KAUTH_DEVICE_RND_ADDDATA, NULL, NULL, NULL, NULL); if (ret) return (ret); break; + default: return (EINVAL); } Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.63 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.64 --- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.63 Sun May 3 17:21:13 2009 +++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c Tue May 5 21:03:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_bsd44_suser.c,v 1.63 2009/05/03 17:21:13 elad Exp $ */ +/* $NetBSD: secmodel_bsd44_suser.c,v 1.64 2009/05/05 21:03:28 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -38,7 +38,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_bsd44_suser.c,v 1.63 2009/05/03 17:21:13 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_bsd44_suser.c,v 1.64 2009/05/05 21:03:28 elad Exp $); #include sys/types.h #include sys/param.h @@ -1051,6 +1051,13 @@ break; + case KAUTH_DEVICE_RND_ADDDATA: + case KAUTH_DEVICE_RND_GETPRIV: + case KAUTH_DEVICE_RND_SETPRIV: + if (isroot) + result = KAUTH_RESULT_ALLOW; + break; + default: result = KAUTH_RESULT_DEFER; break; Index: src/sys/sys/kauth.h diff -u src/sys/sys/kauth.h:1.55 src/sys/sys/kauth.h:1.56 --- src/sys/sys/kauth.h:1.55 Sun May 3 17:21:12 2009 +++ src/sys/sys/kauth.h Tue May 5 21:03:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kauth.h,v 1.55 2009/05/03 17:21:12 elad Exp $ */ +/* $NetBSD: kauth.h,v 1.56 2009/05/05 21:03:28 elad Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org @@ -239,6 +239,9 @@ KAUTH_DEVICE_RAWIO_SPEC, KAUTH_DEVICE_RAWIO_PASSTHRU
CVS commit: src
Module Name:src Committed By: elad Date: Sun May 3 17:21:13 UTC 2009 Modified Files: src/share/man/man9: kauth.9 src/sys/netbt: hci_ioctl.c src/sys/secmodel/bsd44: secmodel_bsd44_suser.c src/sys/sys: kauth.h Log Message: Add a bluetooth action to the device scope and use it in netbt as a replacement for KAUTH_GENERIC_ISSUSER. Mailing list reference: http://mail-index.netbsd.org/tech-kern/2009/04/25/msg004905.html Bluetooth-specific authorization wrapper might come later. To generate a diff of this commit: cvs rdiff -u -r1.76 -r1.77 src/share/man/man9/kauth.9 cvs rdiff -u -r1.7 -r1.8 src/sys/netbt/hci_ioctl.c cvs rdiff -u -r1.62 -r1.63 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c cvs rdiff -u -r1.54 -r1.55 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man9/kauth.9 diff -u src/share/man/man9/kauth.9:1.76 src/share/man/man9/kauth.9:1.77 --- src/share/man/man9/kauth.9:1.76 Mon Apr 20 19:37:08 2009 +++ src/share/man/man9/kauth.9 Sun May 3 17:21:12 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: kauth.9,v 1.76 2009/04/20 19:37:08 elad Exp $ +.\ $NetBSD: kauth.9,v 1.77 2009/05/03 17:21:12 elad Exp $ .\ .\ Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org .\ All rights reserved. @@ -25,7 +25,7 @@ .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\ -.Dd April 20, 2009 +.Dd May 3, 2009 .Dt KAUTH 9 .Os .Sh NAME @@ -752,7 +752,8 @@ The device scope, .Dq org.netbsd.kauth.device , manages authorization requests related to devices on the system. -Devices can be, for example, terminals, tape drives, and any other hardware. +Devices can be, for example, terminals, tape drives, bluetooth accessories, and +any other hardware. Network devices specifically are handled by the .Em network scope. @@ -859,6 +860,30 @@ .Ar arg2 to the listener, is device-specific data that may be associated with the request. +.Pp +.Sy Bluetooth Devices +.Pp +Authorizing actions relevant to bluetooth devices is done using the standard +authorization wrapper, with the following actions: +.Pp +.Bl -tag -width compact +.It KAUTH_DEVICE_BLUETOOTH_SETPRIV +Check if privileged settings can be changed. +.Pp +.Ar arg0 +is a +.Ft struct hci_unit * +describing the HCI unit, +.Ar arg1 +is a +.Ft struct btreq * +describing the request, and +.Ar arg2 +is a +.Ft u_long +describing the command. +.El +.Pp .Ss Credentials Scope The credentials scope, .Dq org.netbsd.kauth.cred , Index: src/sys/netbt/hci_ioctl.c diff -u src/sys/netbt/hci_ioctl.c:1.7 src/sys/netbt/hci_ioctl.c:1.8 --- src/sys/netbt/hci_ioctl.c:1.7 Wed Nov 28 20:16:12 2007 +++ src/sys/netbt/hci_ioctl.c Sun May 3 17:21:12 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: hci_ioctl.c,v 1.7 2007/11/28 20:16:12 plunky Exp $ */ +/* $NetBSD: hci_ioctl.c,v 1.8 2009/05/03 17:21:12 elad Exp $ */ /*- * Copyright (c) 2005 Iain Hibbert. @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: hci_ioctl.c,v 1.7 2007/11/28 20:16:12 plunky Exp $); +__KERNEL_RCSID(0, $NetBSD: hci_ioctl.c,v 1.8 2009/05/03 17:21:12 elad Exp $); #include sys/param.h #include sys/domain.h @@ -222,8 +222,9 @@ break; case SIOCSBTFLAGS: /* set unit flags (privileged) */ - err = kauth_authorize_generic(l-l_cred, - KAUTH_GENERIC_ISSUSER, NULL); + err = kauth_authorize_device(l-l_cred, + KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd), + btr, NULL); if (err) break; @@ -248,8 +249,9 @@ break; case SIOCSBTPOLICY: /* set unit link policy (privileged) */ - err = kauth_authorize_generic(l-l_cred, - KAUTH_GENERIC_ISSUSER, NULL); + err = kauth_authorize_device(l-l_cred, + KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd), + btr, NULL); if (err) break; @@ -259,8 +261,9 @@ break; case SIOCSBTPTYPE: /* set unit packet types (privileged) */ - err = kauth_authorize_generic(l-l_cred, - KAUTH_GENERIC_ISSUSER, NULL); + err = kauth_authorize_device(l-l_cred, + KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd), + btr, NULL); if (err) break; @@ -274,8 +277,9 @@ break; case SIOCZBTSTATS: /* get reset unit statistics */ - err = kauth_authorize_generic(l-l_cred, - KAUTH_GENERIC_ISSUSER, NULL); + err = kauth_authorize_device(l-l_cred, + KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd), + btr, NULL); if (err) break; @@ -289,8 +293,9 @@ * sent to USB bluetooth controllers that are not an * integer number of frame sizes, the USB bus locks up. */ - err = kauth_authorize_generic(l-l_cred, - KAUTH_GENERIC_ISSUSER, NULL); + err = kauth_authorize_device(l-l_cred, + KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd), + btr, NULL); if (err) break; Index: src/sys/secmodel/bsd44
