| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: verified_exec.c,v 1.63 2007/12/11 12:16:14 lukem Exp $ */ | | 1 | /* $NetBSD: verified_exec.c,v 1.63.22.1 2008/12/18 00:56:27 snj Exp $ */ |
2 | | | 2 | |
3 | /*- | | 3 | /*- |
4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | | 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> |
5 | * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> | | 5 | * Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org> |
6 | * All rights reserved. | | 6 | * All rights reserved. |
7 | * | | 7 | * |
8 | * Redistribution and use in source and binary forms, with or without | | 8 | * Redistribution and use in source and binary forms, with or without |
9 | * modification, are permitted provided that the following conditions | | 9 | * modification, are permitted provided that the following conditions |
10 | * are met: | | 10 | * are met: |
11 | * 1. Redistributions of source code must retain the above copyright | | 11 | * 1. Redistributions of source code must retain the above copyright |
12 | * notice, this list of conditions and the following disclaimer. | | 12 | * notice, this list of conditions and the following disclaimer. |
13 | * 2. Redistributions in binary form must reproduce the above copyright | | 13 | * 2. Redistributions in binary form must reproduce the above copyright |
14 | * notice, this list of conditions and the following disclaimer in the | | 14 | * notice, this list of conditions and the following disclaimer in the |
| @@ -19,27 +19,27 @@ | | | @@ -19,27 +19,27 @@ |
19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR | | 19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR |
20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | | 20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | | 21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
22 | * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, | | 22 | * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | | 23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
24 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | | 24 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | | 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | | 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | | 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | 28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 | */ | | 29 | */ |
30 | | | 30 | |
31 | #include <sys/cdefs.h> | | 31 | #include <sys/cdefs.h> |
32 | __KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.63 2007/12/11 12:16:14 lukem Exp $"); | | 32 | __KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.63.22.1 2008/12/18 00:56:27 snj Exp $"); |
33 | | | 33 | |
34 | #include <sys/param.h> | | 34 | #include <sys/param.h> |
35 | #include <sys/errno.h> | | 35 | #include <sys/errno.h> |
36 | #include <sys/conf.h> | | 36 | #include <sys/conf.h> |
37 | #include <sys/vnode.h> | | 37 | #include <sys/vnode.h> |
38 | #include <sys/fcntl.h> | | 38 | #include <sys/fcntl.h> |
39 | #include <sys/namei.h> | | 39 | #include <sys/namei.h> |
40 | #include <sys/verified_exec.h> | | 40 | #include <sys/verified_exec.h> |
41 | #include <sys/kauth.h> | | 41 | #include <sys/kauth.h> |
42 | #include <sys/syslog.h> | | 42 | #include <sys/syslog.h> |
43 | #include <sys/proc.h> | | 43 | #include <sys/proc.h> |
44 | | | 44 | |
45 | #ifdef __FreeBSD__ | | 45 | #ifdef __FreeBSD__ |
| @@ -118,89 +118,101 @@ veriexecopen(dev_t dev, int flags, int f | | | @@ -118,89 +118,101 @@ veriexecopen(dev_t dev, int flags, int f |
118 | | | 118 | |
119 | static int | | 119 | static int |
120 | veriexecclose(dev_t dev, int flags, int fmt, struct lwp *l) | | 120 | veriexecclose(dev_t dev, int flags, int fmt, struct lwp *l) |
121 | { | | 121 | { |
122 | if (veriexec_dev_usage > 0) | | 122 | if (veriexec_dev_usage > 0) |
123 | veriexec_dev_usage--; | | 123 | veriexec_dev_usage--; |
124 | return (0); | | 124 | return (0); |
125 | } | | 125 | } |
126 | | | 126 | |
127 | static int | | 127 | static int |
128 | veriexec_delete(prop_dictionary_t dict, struct lwp *l) | | 128 | veriexec_delete(prop_dictionary_t dict, struct lwp *l) |
129 | { | | 129 | { |
130 | struct nameidata nid; | | 130 | struct nameidata nid; |
| | | 131 | const char *file; |
131 | int error; | | 132 | int error; |
132 | | | 133 | |
133 | NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE, | | 134 | if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file)) |
134 | prop_string_cstring_nocopy(prop_dictionary_get(dict, "file"))); | | 135 | return (EINVAL); |
| | | 136 | |
| | | 137 | NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE, file); |
135 | error = namei(&nid); | | 138 | error = namei(&nid); |
136 | if (error) | | 139 | if (error) |
137 | return (error); | | 140 | return (error); |
138 | | | 141 | |
139 | /* XXX this should be done differently... */ | | 142 | /* XXX this should be done differently... */ |
140 | if (nid.ni_vp->v_type == VREG) | | 143 | if (nid.ni_vp->v_type == VREG) |
141 | error = veriexec_file_delete(l, nid.ni_vp); | | 144 | error = veriexec_file_delete(l, nid.ni_vp); |
142 | else if (nid.ni_vp->v_type == VDIR) | | 145 | else if (nid.ni_vp->v_type == VDIR) |
143 | error = veriexec_table_delete(l, nid.ni_vp->v_mount); | | 146 | error = veriexec_table_delete(l, nid.ni_vp->v_mount); |
144 | | | 147 | |
145 | vrele(nid.ni_vp); | | 148 | vrele(nid.ni_vp); |
146 | | | 149 | |
147 | return (error); | | 150 | return (error); |
148 | } | | 151 | } |
149 | | | 152 | |
150 | static int | | 153 | static int |
151 | veriexec_query(prop_dictionary_t dict, prop_dictionary_t rdict, struct lwp *l) | | 154 | veriexec_query(prop_dictionary_t dict, prop_dictionary_t rdict, struct lwp *l) |
152 | { | | 155 | { |
153 | struct nameidata nid; | | 156 | struct nameidata nid; |
| | | 157 | const char *file; |
154 | int error; | | 158 | int error; |
155 | | | 159 | |
156 | NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE, | | 160 | if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file)) |
157 | prop_string_cstring_nocopy(prop_dictionary_get(dict, "file"))); | | 161 | return (EINVAL); |
| | | 162 | |
| | | 163 | NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE, file); |
158 | error = namei(&nid); | | 164 | error = namei(&nid); |
159 | if (error) | | 165 | if (error) |
160 | return (error); | | 166 | return (error); |
161 | | | 167 | |
162 | error = veriexec_convert(nid.ni_vp, rdict); | | 168 | error = veriexec_convert(nid.ni_vp, rdict); |
163 | | | 169 | |
164 | vrele(nid.ni_vp); | | 170 | vrele(nid.ni_vp); |
165 | | | 171 | |
166 | return (error); | | 172 | return (error); |
167 | } | | 173 | } |
168 | | | 174 | |
169 | int | | 175 | int |
170 | veriexecioctl(dev_t dev, u_long cmd, void *data, int flags, struct lwp *l) | | 176 | veriexecioctl(dev_t dev, u_long cmd, void *data, int flags, struct lwp *l) |
171 | { | | 177 | { |
172 | extern int veriexec_strict; | | 178 | extern int veriexec_strict; |
173 | struct plistref *plistref; | | 179 | struct plistref *plistref; |
174 | prop_dictionary_t dict; | | 180 | prop_dictionary_t dict; |
175 | int error = 0; | | 181 | int error = 0; |
176 | | | 182 | |
177 | /* XXX This should be replaced with a kauth(9) request. */ | | 183 | /* XXX This should be replaced with a kauth(9) request. */ |
178 | switch (cmd) { | | 184 | switch (cmd) { |
179 | case VERIEXEC_TABLESIZE: | | 185 | case VERIEXEC_TABLESIZE: |
180 | case VERIEXEC_LOAD: | | 186 | case VERIEXEC_LOAD: |
181 | case VERIEXEC_DELETE: | | 187 | case VERIEXEC_DELETE: |
182 | case VERIEXEC_FLUSH: | | 188 | case VERIEXEC_FLUSH: |
| | | 189 | if (!(flags & FWRITE)) |
| | | 190 | return (EPERM); |
| | | 191 | |
183 | if (veriexec_strict > VERIEXEC_LEARNING) { | | 192 | if (veriexec_strict > VERIEXEC_LEARNING) { |
184 | log(LOG_WARNING, "Veriexec: Strict mode, modifying " | | 193 | log(LOG_WARNING, "Veriexec: Strict mode, modifying " |
185 | "tables not permitted.\n"); | | 194 | "tables not permitted.\n"); |
186 | | | 195 | |
187 | return (EPERM); | | 196 | return (EPERM); |
188 | } | | 197 | } |
189 | | | 198 | |
190 | break; | | 199 | break; |
191 | | | 200 | |
192 | case VERIEXEC_QUERY: | | 201 | case VERIEXEC_QUERY: |
193 | case VERIEXEC_DUMP: | | 202 | case VERIEXEC_DUMP: |
| | | 203 | if (!(flags & FREAD)) |
| | | 204 | return (EPERM); |
| | | 205 | |
194 | break; | | 206 | break; |
195 | | | 207 | |
196 | default: | | 208 | default: |
197 | /* Invalid operation. */ | | 209 | /* Invalid operation. */ |
198 | return (ENODEV); | | 210 | return (ENODEV); |
199 | } | | 211 | } |
200 | | | 212 | |
201 | plistref = (struct plistref *)data; | | 213 | plistref = (struct plistref *)data; |
202 | | | 214 | |
203 | switch (cmd) { | | 215 | switch (cmd) { |
204 | case VERIEXEC_TABLESIZE: | | 216 | case VERIEXEC_TABLESIZE: |
205 | /* Do nothing. Kept for binary compatibility. */ | | 217 | /* Do nothing. Kept for binary compatibility. */ |
206 | break; | | 218 | break; |