Sorry. Attachment is here.
Index: share/man/man9/kauth.9
===================================================================
RCS file: /cvsroot/src/share/man/man9/kauth.9,v
retrieving revision 1.91
diff -u -r1.91 kauth.9
--- share/man/man9/kauth.9 28 Apr 2011 12:22:35 -0000 1.91
+++ share/man/man9/kauth.9 23 Jul 2011 11:06:41 -0000
@@ -1087,6 +1087,19 @@
are both
.Ft struct proc *
of the parent and child processes, respectively.
+.It Dv KAUTH_CRED_CHROOT
+The credentials are being initialized during
+.Xr chroot 2
+or
+.Xr fchroot 2
+syscalls.
+.Pp
+.Ar cred
+are the credentials of the proc context doing the chroot, and
+.Ar arg0
+is a
+.Ft struct cwdinfo *
+of the process.
.It Dv KAUTH_CRED_FREE
The credentials in
.Ar cred
Index: sys/kern/kern_auth.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_auth.c,v
retrieving revision 1.65
diff -u -r1.65 kern_auth.c
--- sys/kern/kern_auth.c 31 Dec 2009 02:20:36 -0000 1.65
+++ sys/kern/kern_auth.c 23 Jul 2011 11:06:52 -0000
@@ -286,6 +286,12 @@
child);
}
+void
+kauth_proc_chroot(kauth_cred_t cred, struct cwdinfo *cwdi)
+{
+ kauth_cred_hook(cred, KAUTH_CRED_CHROOT, cwdi, NULL);
+}
+
uid_t
kauth_cred_getuid(kauth_cred_t cred)
{
Index: sys/kern/vfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.431
diff -u -r1.431 vfs_syscalls.c
--- sys/kern/vfs_syscalls.c 3 Jul 2011 15:25:09 -0000 1.431
+++ sys/kern/vfs_syscalls.c 23 Jul 2011 11:06:53 -0000
@@ -1035,6 +1035,10 @@
void
change_root(struct cwdinfo *cwdi, struct vnode *vp, struct lwp *l)
{
+ struct proc *p = l->l_proc;
+ kauth_cred_t ncred;
+
+ ncred = kauth_cred_alloc();
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
if (cwdi->cwdi_rdir != NULL)
@@ -1056,6 +1060,15 @@
cwdi->cwdi_cdir = vp;
}
rw_exit(&cwdi->cwdi_lock);
+
+ /* Get a write lock on the process credential. */
+ proc_crmod_enter();
+
+ kauth_cred_clone(p->p_cred, ncred);
+ kauth_proc_chroot(ncred, p->p_cwdi);
+
+ /* Broadcast our credentials to the process and other LWPs. */
+ proc_crmod_leave(ncred, p->p_cred, true);
}
/*
Index: sys/sys/kauth.h
===================================================================
RCS file: /cvsroot/src/sys/sys/kauth.h,v
retrieving revision 1.64
diff -u -r1.64 kauth.h
--- sys/sys/kauth.h 24 Dec 2009 19:02:07 -0000 1.64
+++ sys/sys/kauth.h 23 Jul 2011 11:06:54 -0000
@@ -41,6 +41,7 @@
struct proc;
struct tty;
struct vnode;
+struct cwdinfo;
/* Types. */
typedef struct kauth_scope *kauth_scope_t;
@@ -282,7 +283,8 @@
KAUTH_CRED_INIT=1,
KAUTH_CRED_FORK,
KAUTH_CRED_COPY,
- KAUTH_CRED_FREE
+ KAUTH_CRED_FREE,
+ KAUTH_CRED_CHROOT
};
/*
@@ -418,6 +420,7 @@
kauth_cred_t kauth_cred_get(void);
void kauth_proc_fork(struct proc *, struct proc *);
+void kauth_proc_chroot(kauth_cred_t cred, struct cwdinfo *cwdi);
void secmodel_register(void);
void secmodel_deregister(void);
> I'd like to apply the attached patch.
> It implements two things:
> - chroot(2)-ed process is given new kauth_cred_t with reference count
> equal to 1.
> - New id KAUTH_CRED_CHROOT is added to kauth(9) credentials scope
> which is used when chroot(2) or fchroot(2) is called.
> This two things allows to implement things like securechroot(9) secmodel
> described here
> http://mail-index.netbsd.org/tech-kern/2011/07/09/msg010903.html
> After commiting this patch I'll move the rest of securechroot(9)
> to pkgsrc until it is ready to be integrated into the kernel.
> Objections?
--
Best regards, Aleksey Cheusov.
