Author: rwatson
Date: Thu Mar 30 22:26:15 2017
New Revision: 316308
URL: https://svnweb.freebsd.org/changeset/base/316308
Log:
Audit arguments to System V IPC system calls implementing sempahores,
message queues, and shared memory.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
Modified:
head/sys/kern/sysv_msg.c
head/sys/kern/sysv_sem.c
head/sys/kern/sysv_shm.c
head/sys/security/audit/audit.h
Modified: head/sys/kern/sysv_msg.c
==============================================================================
--- head/sys/kern/sysv_msg.c Thu Mar 30 22:00:58 2017 (r316307)
+++ head/sys/kern/sysv_msg.c Thu Mar 30 22:26:15 2017 (r316308)
@@ -18,6 +18,7 @@
*/
/*-
* Copyright (c) 2003-2005 McAfee, Inc.
+ * Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by McAfee
@@ -25,6 +26,11 @@
* contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
* program.
*
+ * Portions of this software were developed by BAE Systems, the University of
+ * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
+ * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
+ * Computing (TC) research program.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -508,6 +514,8 @@ kern_msgctl(td, msqid, cmd, msqbuf)
if (rpr == NULL)
return (ENOSYS);
+ AUDIT_ARG_SVIPC_CMD(cmd);
+ AUDIT_ARG_SVIPC_ID(msqid);
msqix = IPCID_TO_IX(msqid);
if (msqix < 0 || msqix >= msginfo.msgmni) {
@@ -579,6 +587,7 @@ kern_msgctl(td, msqid, cmd, msqbuf)
break;
case IPC_SET:
+ AUDIT_ARG_SVIPC_PERM(&msqbuf->msg_perm);
if ((error = ipcperm(td, &msqkptr->u.msg_perm, IPC_M)))
goto done2;
if (msqbuf->msg_qbytes > msqkptr->u.msg_qbytes) {
@@ -667,6 +676,8 @@ sys_msgget(td, uap)
error = EEXIST;
goto done2;
}
+ AUDIT_ARG_SVIPC_ID(IXSEQ_TO_IPCID(msqid,
+ msqkptr->u.msg_perm));
if ((error = ipcperm(td, &msqkptr->u.msg_perm,
msgflg & 0700))) {
DPRINTF(("requester doesn't have 0%o access\n",
@@ -735,6 +746,7 @@ sys_msgget(td, uap)
#ifdef MAC
mac_sysvmsq_create(cred, msqkptr);
#endif
+ AUDIT_ARG_SVIPC_PERM(&msqkptr->u.msg_perm);
} else {
DPRINTF(("didn't find it and wasn't asked to create it\n"));
error = ENOENT;
@@ -780,6 +792,7 @@ kern_msgsnd(td, msqid, msgp, msgsz, msgf
return (ENOSYS);
mtx_lock(&msq_mtx);
+ AUDIT_ARG_SVIPC_ID(msqid);
msqix = IPCID_TO_IX(msqid);
if (msqix < 0 || msqix >= msginfo.msgmni) {
@@ -790,6 +803,7 @@ kern_msgsnd(td, msqid, msgp, msgsz, msgf
}
msqkptr = &msqids[msqix];
+ AUDIT_ARG_SVIPC_PERM(&msqkptr->u.msg_perm);
if (msqkptr->u.msg_qbytes == 0) {
DPRINTF(("no such message queue id\n"));
error = EINVAL;
@@ -1152,6 +1166,7 @@ kern_msgrcv(td, msqid, msgp, msgsz, msgt
if (rpr == NULL)
return (ENOSYS);
+ AUDIT_ARG_SVIPC_ID(msqid);
msqix = IPCID_TO_IX(msqid);
if (msqix < 0 || msqix >= msginfo.msgmni) {
@@ -1162,6 +1177,7 @@ kern_msgrcv(td, msqid, msgp, msgsz, msgt
msqkptr = &msqids[msqix];
mtx_lock(&msq_mtx);
+ AUDIT_ARG_SVIPC_PERM(&msqkptr->u.msg_perm);
if (msqkptr->u.msg_qbytes == 0) {
DPRINTF(("no such message queue id\n"));
error = EINVAL;
Modified: head/sys/kern/sysv_sem.c
==============================================================================
--- head/sys/kern/sysv_sem.c Thu Mar 30 22:00:58 2017 (r316307)
+++ head/sys/kern/sysv_sem.c Thu Mar 30 22:26:15 2017 (r316308)
@@ -7,6 +7,7 @@
*/
/*-
* Copyright (c) 2003-2005 McAfee, Inc.
+ * Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by McAfee
@@ -14,6 +15,11 @@
* contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
* program.
*
+ * Portions of this software were developed by BAE Systems, the University of
+ * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
+ * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
+ * Computing (TC) research program.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -691,6 +697,9 @@ kern_semctl(struct thread *td, int semid
DPRINTF(("call to semctl(%d, %d, %d, 0x%p)\n",
semid, semnum, cmd, arg));
+ AUDIT_ARG_SVIPC_CMD(cmd);
+ AUDIT_ARG_SVIPC_ID(semid);
+
rpr = sem_find_prison(td->td_ucred);
if (sem == NULL)
return (ENOSYS);
@@ -758,6 +767,7 @@ kern_semctl(struct thread *td, int semid
break;
case IPC_SET:
+ AUDIT_ARG_SVIPC_PERM(&arg->buf->sem_perm);
if ((error = semvalid(semid, rpr, semakptr)) != 0)
goto done2;
if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_M)))
@@ -948,6 +958,8 @@ sys_semget(struct thread *td, struct sem
DPRINTF(("semget(0x%x, %d, 0%o)\n", key, nsems, semflg));
+ AUDIT_ARG_VALUE(semflg);
+
if (sem_find_prison(cred) == NULL)
return (ENOSYS);
@@ -961,6 +973,7 @@ sys_semget(struct thread *td, struct sem
break;
}
if (semid < seminfo.semmni) {
+ AUDIT_ARG_SVIPC_ID(semid);
DPRINTF(("found public key\n"));
if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) {
DPRINTF(("not exclusive\n"));
@@ -1090,6 +1103,8 @@ sys_semop(struct thread *td, struct semo
#endif
DPRINTF(("call to semop(%d, %p, %u)\n", semid, sops, nsops));
+ AUDIT_ARG_SVIPC_ID(semid);
+
rpr = sem_find_prison(td->td_ucred);
if (sem == NULL)
return (ENOSYS);
Modified: head/sys/kern/sysv_shm.c
==============================================================================
--- head/sys/kern/sysv_shm.c Thu Mar 30 22:00:58 2017 (r316307)
+++ head/sys/kern/sysv_shm.c Thu Mar 30 22:26:15 2017 (r316308)
@@ -30,6 +30,7 @@
*/
/*-
* Copyright (c) 2003-2005 McAfee, Inc.
+ * Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by McAfee
@@ -37,6 +38,11 @@
* contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
* program.
*
+ * Portions of this software were developed by BAE Systems, the University of
+ * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
+ * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
+ * Computing (TC) research program.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -324,8 +330,10 @@ kern_shmdt_locked(struct thread *td, con
{
struct proc *p = td->td_proc;
struct shmmap_state *shmmap_s;
-#ifdef MAC
+#if defined(AUDIT) || defined(MAC)
struct shmid_kernel *shmsegptr;
+#endif
+#ifdef MAC
int error;
#endif
int i;
@@ -336,6 +344,7 @@ kern_shmdt_locked(struct thread *td, con
shmmap_s = p->p_vmspace->vm_shm;
if (shmmap_s == NULL)
return (EINVAL);
+ AUDIT_ARG_SVIPC_ID(shmmap_s->shmid);
for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) {
if (shmmap_s->shmid != -1 &&
shmmap_s->va == (vm_offset_t)shmaddr) {
@@ -344,8 +353,10 @@ kern_shmdt_locked(struct thread *td, con
}
if (i == shminfo.shmseg)
return (EINVAL);
-#ifdef MAC
+#if (defined(AUDIT) && defined(KDTRACE_HOOKS)) || defined(MAC)
shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)];
+#endif
+#ifdef MAC
error = mac_sysvshm_check_shmdt(td->td_ucred, shmsegptr);
if (error != 0)
return (error);
@@ -382,6 +393,9 @@ kern_shmat_locked(struct thread *td, int
vm_size_t size;
int error, i, rv;
+ AUDIT_ARG_SVIPC_ID(shmid);
+ AUDIT_ARG_VALUE(shmflg);
+
SYSVSHM_ASSERT_LOCKED();
rpr = shm_find_prison(td->td_ucred);
if (rpr == NULL)
@@ -493,6 +507,9 @@ kern_shmctl_locked(struct thread *td, in
if (rpr == NULL)
return (ENOSYS);
+ AUDIT_ARG_SVIPC_ID(shmid);
+ AUDIT_ARG_SVIPC_CMD(cmd);
+
switch (cmd) {
/*
* It is possible that kern_shmctl is being called from the Linux ABI
@@ -550,6 +567,7 @@ kern_shmctl_locked(struct thread *td, in
break;
case IPC_SET:
shmidp = (struct shmid_ds *)buf;
+ AUDIT_ARG_SVIPC_PERM(&shmidp->shm_perm);
error = ipcperm(td, &shmseg->u.shm_perm, IPC_M);
if (error != 0)
return (error);
Modified: head/sys/security/audit/audit.h
==============================================================================
--- head/sys/security/audit/audit.h Thu Mar 30 22:00:58 2017
(r316307)
+++ head/sys/security/audit/audit.h Thu Mar 30 22:26:15 2017
(r316308)
@@ -239,6 +239,11 @@ void audit_thread_free(struct thread *t
audit_arg_pid((pid)); \
} while (0)
+#define AUDIT_ARG_POSIX_IPC_PERM(uid, gid, mode) do {
\
+ if (AUDITING_TD(curthread)) \
+ audit_arg_posix_ipc_perm((uid), (gid), (mod)); \
+} while (0)
+
#define AUDIT_ARG_PROCESS(p) do {
\
if (AUDITING_TD(curthread)) \
audit_arg_process((p)); \
@@ -289,6 +294,26 @@ void audit_thread_free(struct thread *t
audit_arg_suid((suid)); \
} while (0)
+#define AUDIT_ARG_SVIPC_CMD(cmd) do {
\
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_cmd((cmd)); \
+} while (0)
+
+#define AUDIT_ARG_SVIPC_PERM(perm) do {
\
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_perm((perm)); \
+} while (0)
+
+#define AUDIT_ARG_SVIPC_ID(id) do {
\
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_id((id)); \
+} while (0)
+
+#define AUDIT_ARG_SVIPC_ADDR(addr) do {
\
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_addr((addr)); \
+} while (0)
+
#define AUDIT_ARG_SVIPC_WHICH(which) do {
\
if (AUDITING_TD(curthread)) \
audit_arg_svipc_which((which)); \
@@ -375,6 +400,7 @@ void audit_thread_free(struct thread *t
#define AUDIT_ARG_MODE(mode)
#define AUDIT_ARG_OWNER(uid, gid)
#define AUDIT_ARG_PID(pid)
+#define AUDIT_ARG_POSIX_IPC_PERM(uid, gid, mode)
#define AUDIT_ARG_PROCESS(p)
#define AUDIT_ARG_RGID(rgid)
#define AUDIT_ARG_RIGHTS(rights)
@@ -385,6 +411,10 @@ void audit_thread_free(struct thread *t
#define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol)
#define AUDIT_ARG_SOCKADDR(td, dirfd, sa)
#define AUDIT_ARG_SUID(suid)
+#define AUDIT_ARG_SVIPC_CMD(cmd)
+#define AUDIT_ARG_SVIPC_PERM(perm)
+#define AUDIT_ARG_SVIPC_ID(id)
+#define AUDIT_ARG_SVIPC_ADDR(addr)
#define AUDIT_ARG_SVIPC_WHICH(which)
#define AUDIT_ARG_TEXT(text)
#define AUDIT_ARG_UID(uid)
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
