Fri Oct 2 21:47:35 2009 UTC ()
Move ktrace's subsystem security policy to the subsystem itself, and keep
just the suser-related logic in the suser secmodel.


(elad)
diff -r1.149 -r1.150 src/sys/kern/kern_ktrace.c
diff -r1.1 -r1.2 src/sys/secmodel/suser/secmodel_suser.c
cvs diff -r1.149 -r1.150 src/sys/kern/kern_ktrace.c (expand / switch to unified diff)

--- src/sys/kern/kern_ktrace.c 2009/08/05 19:53:42 1.149
+++ src/sys/kern/kern_ktrace.c 2009/10/02 21:47:35 1.150
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: kern_ktrace.c,v 1.149 2009/08/05 19:53:42 dsl Exp $ */ 1/* $NetBSD: kern_ktrace.c,v 1.150 2009/10/02 21:47:35 elad Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc. 4 * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Andrew Doran. 8 * by Andrew Doran.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -51,27 +51,27 @@ @@ -51,27 +51,27 @@
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE. 58 * SUCH DAMAGE.
59 * 59 *
60 * @(#)kern_ktrace.c 8.5 (Berkeley) 5/14/95 60 * @(#)kern_ktrace.c 8.5 (Berkeley) 5/14/95
61 */ 61 */
62 62
63#include <sys/cdefs.h> 63#include <sys/cdefs.h>
64__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.149 2009/08/05 19:53:42 dsl Exp $"); 64__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.150 2009/10/02 21:47:35 elad Exp $");
65 65
66#include <sys/param.h> 66#include <sys/param.h>
67#include <sys/systm.h> 67#include <sys/systm.h>
68#include <sys/proc.h> 68#include <sys/proc.h>
69#include <sys/file.h> 69#include <sys/file.h>
70#include <sys/namei.h> 70#include <sys/namei.h>
71#include <sys/vnode.h> 71#include <sys/vnode.h>
72#include <sys/kernel.h> 72#include <sys/kernel.h>
73#include <sys/kthread.h> 73#include <sys/kthread.h>
74#include <sys/ktrace.h> 74#include <sys/ktrace.h>
75#include <sys/kmem.h> 75#include <sys/kmem.h>
76#include <sys/syslog.h> 76#include <sys/syslog.h>
77#include <sys/filedesc.h> 77#include <sys/filedesc.h>
@@ -169,26 +169,28 @@ static int ktrderefall(struct ktr_desc * @@ -169,26 +169,28 @@ static int ktrderefall(struct ktr_desc *
169 * Patchable variables. 169 * Patchable variables.
170 */ 170 */
171int ktd_maxentry = KTD_MAXENTRY; /* max # of entry in the queue */ 171int ktd_maxentry = KTD_MAXENTRY; /* max # of entry in the queue */
172int ktd_timeout = KTD_TIMEOUT; /* timeout in seconds */ 172int ktd_timeout = KTD_TIMEOUT; /* timeout in seconds */
173int ktd_delayqcnt = KTD_DELAYQCNT; /* # of entry allowed to delay */ 173int ktd_delayqcnt = KTD_DELAYQCNT; /* # of entry allowed to delay */
174int ktd_wakedelay = KTD_WAKEDELAY; /* delay of wakeup in *ms* */ 174int ktd_wakedelay = KTD_WAKEDELAY; /* delay of wakeup in *ms* */
175int ktd_intrwakdl = KTD_INTRWAKDL; /* ditto, but when interactive */ 175int ktd_intrwakdl = KTD_INTRWAKDL; /* ditto, but when interactive */
176 176
177kmutex_t ktrace_lock; 177kmutex_t ktrace_lock;
178int ktrace_on; 178int ktrace_on;
179static TAILQ_HEAD(, ktr_desc) ktdq = TAILQ_HEAD_INITIALIZER(ktdq); 179static TAILQ_HEAD(, ktr_desc) ktdq = TAILQ_HEAD_INITIALIZER(ktdq);
180static pool_cache_t kte_cache; 180static pool_cache_t kte_cache;
181 181
 182static kauth_listener_t ktrace_listener;
 183
182static void 184static void
183ktd_wakeup(struct ktr_desc *ktd) 185ktd_wakeup(struct ktr_desc *ktd)
184{ 186{
185 187
186 callout_stop(&ktd->ktd_wakch); 188 callout_stop(&ktd->ktd_wakch);
187 cv_signal(&ktd->ktd_cv); 189 cv_signal(&ktd->ktd_cv);
188} 190}
189 191
190static void 192static void
191ktd_callout(void *arg) 193ktd_callout(void *arg)
192{ 194{
193 195
194 mutex_enter(&ktrace_lock); 196 mutex_enter(&ktrace_lock);
@@ -227,36 +229,72 @@ ktrenter(lwp_t *l) @@ -227,36 +229,72 @@ ktrenter(lwp_t *l)
227 if ((l->l_pflag & LP_KTRACTIVE) != 0) 229 if ((l->l_pflag & LP_KTRACTIVE) != 0)
228 return 1; 230 return 1;
229 l->l_pflag |= LP_KTRACTIVE; 231 l->l_pflag |= LP_KTRACTIVE;
230 return 0; 232 return 0;
231} 233}
232 234
233static inline void 235static inline void
234ktrexit(lwp_t *l) 236ktrexit(lwp_t *l)
235{ 237{
236 238
237 l->l_pflag &= ~LP_KTRACTIVE; 239 l->l_pflag &= ~LP_KTRACTIVE;
238} 240}
239 241
 242static int
 243ktrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
 244 void *arg0, void *arg1, void *arg2, void *arg3)
 245{
 246 struct proc *p;
 247 int result;
 248 enum kauth_process_req req;
 249
 250 result = KAUTH_RESULT_DEFER;
 251 p = arg0;
 252
 253 if (action != KAUTH_PROCESS_KTRACE)
 254 return result;
 255
 256 req = (enum kauth_process_req)(unsigned long)arg1;
 257
 258 /* Privileged; secmodel should handle these. */
 259 if (req == KAUTH_REQ_PROCESS_KTRACE_PERSISTENT)
 260 return result;
 261
 262 if ((p->p_traceflag & KTRFAC_PERSISTENT) ||
 263 (p->p_flag & PK_SUGID))
 264 return result;
 265
 266 if (kauth_cred_geteuid(cred) == kauth_cred_getuid(p->p_cred) &&
 267 kauth_cred_getuid(cred) == kauth_cred_getsvuid(p->p_cred) &&
 268 kauth_cred_getgid(cred) == kauth_cred_getgid(p->p_cred) &&
 269 kauth_cred_getgid(cred) == kauth_cred_getsvgid(p->p_cred))
 270 result = KAUTH_RESULT_ALLOW;
 271
 272 return result;
 273}
 274
240/* 275/*
241 * Initialise the ktrace system. 276 * Initialise the ktrace system.
242 */ 277 */
243void 278void
244ktrinit(void) 279ktrinit(void)
245{ 280{
246 281
247 mutex_init(&ktrace_lock, MUTEX_DEFAULT, IPL_NONE); 282 mutex_init(&ktrace_lock, MUTEX_DEFAULT, IPL_NONE);
248 kte_cache = pool_cache_init(sizeof(struct ktrace_entry), 0, 0, 0, 283 kte_cache = pool_cache_init(sizeof(struct ktrace_entry), 0, 0, 0,
249 "ktrace", &pool_allocator_nointr, IPL_NONE, NULL, NULL, NULL); 284 "ktrace", &pool_allocator_nointr, IPL_NONE, NULL, NULL, NULL);
 285
 286 ktrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
 287 ktrace_listener_cb, NULL);
250} 288}
251 289
252/* 290/*
253 * Release a reference. Called with ktrace_lock held. 291 * Release a reference. Called with ktrace_lock held.
254 */ 292 */
255void 293void
256ktdrel(struct ktr_desc *ktd) 294ktdrel(struct ktr_desc *ktd)
257{ 295{
258 296
259 KASSERT(mutex_owned(&ktrace_lock)); 297 KASSERT(mutex_owned(&ktrace_lock));
260 298
261 KDASSERT(ktd->ktd_ref != 0); 299 KDASSERT(ktd->ktd_ref != 0);
262 KASSERT(ktd->ktd_ref > 0); 300 KASSERT(ktd->ktd_ref > 0);
cvs diff -r1.1 -r1.2 src/sys/secmodel/suser/secmodel_suser.c (expand / switch to unified diff)

--- src/sys/secmodel/suser/secmodel_suser.c 2009/10/02 18:50:13 1.1
+++ src/sys/secmodel/suser/secmodel_suser.c 2009/10/02 21:47:35 1.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: secmodel_suser.c,v 1.1 2009/10/02 18:50:13 elad Exp $ */ 1/* $NetBSD: secmodel_suser.c,v 1.2 2009/10/02 21:47:35 elad Exp $ */
2/*- 2/*-
3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> 3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4 * All rights reserved. 4 * All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products 14 * 3. The name of the author may not be used to endorse or promote products
@@ -28,27 +28,27 @@ @@ -28,27 +28,27 @@
28 28
29/* 29/*
30 * This file contains kauth(9) listeners needed to implement the traditional 30 * This file contains kauth(9) listeners needed to implement the traditional
31 * NetBSD superuser access restrictions. 31 * NetBSD superuser access restrictions.
32 * 32 *
33 * There are two main resources a request can be issued to: user-owned and 33 * There are two main resources a request can be issued to: user-owned and
34 * system owned. For the first, traditional Unix access checks are done, as 34 * system owned. For the first, traditional Unix access checks are done, as
35 * well as superuser checks. If needed, the request context is examined before 35 * well as superuser checks. If needed, the request context is examined before
36 * a decision is made. For the latter, usually only superuser checks are done 36 * a decision is made. For the latter, usually only superuser checks are done
37 * as normal users are not allowed to access system resources. 37 * as normal users are not allowed to access system resources.
38 */ 38 */
39 39
40#include <sys/cdefs.h> 40#include <sys/cdefs.h>
41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.1 2009/10/02 18:50:13 elad Exp $"); 41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.2 2009/10/02 21:47:35 elad Exp $");
42 42
43#include <sys/types.h> 43#include <sys/types.h>
44#include <sys/param.h> 44#include <sys/param.h>
45#include <sys/kauth.h> 45#include <sys/kauth.h>
46 46
47#include <sys/acct.h> 47#include <sys/acct.h>
48#include <sys/mutex.h> 48#include <sys/mutex.h>
49#include <sys/ktrace.h> 49#include <sys/ktrace.h>
50#include <sys/mount.h> 50#include <sys/mount.h>
51#include <sys/pset.h> 51#include <sys/pset.h>
52#include <sys/socketvar.h> 52#include <sys/socketvar.h>
53#include <sys/sysctl.h> 53#include <sys/sysctl.h>
54#include <sys/tty.h> 54#include <sys/tty.h>
@@ -614,53 +614,31 @@ secmodel_suser_process_cb(kauth_cred_t c @@ -614,53 +614,31 @@ secmodel_suser_process_cb(kauth_cred_t c
614 break; 614 break;
615 else 615 else
616 result = KAUTH_RESULT_ALLOW; 616 result = KAUTH_RESULT_ALLOW;
617 617
618 break; 618 break;
619 619
620 default: 620 default:
621 break; 621 break;
622 } 622 }
623 623
624 break; 624 break;
625 } 625 }
626 626
627 case KAUTH_PROCESS_KTRACE: { 627 case KAUTH_PROCESS_KTRACE:
628 enum kauth_process_req req; 628 if (isroot)
629 
630 req = (enum kauth_process_req)(unsigned long)arg1; 
631 
632 if (isroot) { 
633 result = KAUTH_RESULT_ALLOW; 
634 break; 
635 } else if (req == KAUTH_REQ_PROCESS_KTRACE_PERSISTENT) { 
636 break; 
637 } 
638 
639 if ((p->p_traceflag & KTRFAC_PERSISTENT) || 
640 (p->p_flag & PK_SUGID)) { 
641 break; 
642 } 
643 
644 if (kauth_cred_geteuid(cred) == kauth_cred_getuid(p->p_cred) && 
645 kauth_cred_getuid(cred) == kauth_cred_getsvuid(p->p_cred) && 
646 kauth_cred_getgid(cred) == kauth_cred_getgid(p->p_cred) && 
647 kauth_cred_getgid(cred) == kauth_cred_getsvgid(p->p_cred)) { 
648 result = KAUTH_RESULT_ALLOW; 629 result = KAUTH_RESULT_ALLOW;
649 break; 
650 } 
651 630
652 break; 631 break;
653 } 
654 632
655 case KAUTH_PROCESS_PROCFS: { 633 case KAUTH_PROCESS_PROCFS: {
656 enum kauth_process_req req = (enum kauth_process_req)arg2; 634 enum kauth_process_req req = (enum kauth_process_req)arg2;
657 struct pfsnode *pfs = arg1; 635 struct pfsnode *pfs = arg1;
658 636
659 if (isroot) { 637 if (isroot) {
660 result = KAUTH_RESULT_ALLOW; 638 result = KAUTH_RESULT_ALLOW;
661 break; 639 break;
662 } 640 }
663 641
664 if (req == KAUTH_REQ_PROCESS_PROCFS_CTL) { 642 if (req == KAUTH_REQ_PROCESS_PROCFS_CTL) {
665 break; 643 break;
666 } 644 }