Fri Oct 2 21:47:35 2009 UTC ()
Move ktrace's subsystem security policy to the subsystem itself, and keep
just the suser-related logic in the suser secmodel.


(elad)
diff -r1.149 -r1.150 src/sys/kern/kern_ktrace.c
diff -r1.1 -r1.2 src/sys/secmodel/suser/secmodel_suser.c
cvs diff -r1.149 -r1.150 src/sys/kern/kern_ktrace.c (expand / switch to context diff)
--- src/sys/kern/kern_ktrace.c 2009/08/05 19:53:42 1.149
+++ src/sys/kern/kern_ktrace.c 2009/10/02 21:47:35 1.150
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_ktrace.c,v 1.149 2009/08/05 19:53:42 dsl Exp $	*/
+/*	$NetBSD: kern_ktrace.c,v 1.150 2009/10/02 21:47:35 elad Exp $	*/
 
 /*-
  * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.149 2009/08/05 19:53:42 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.150 2009/10/02 21:47:35 elad Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -179,6 +179,8 @@
 static TAILQ_HEAD(, ktr_desc) ktdq = TAILQ_HEAD_INITIALIZER(ktdq);
 static pool_cache_t kte_cache;
 
+static kauth_listener_t ktrace_listener;
+
 static void
 ktd_wakeup(struct ktr_desc *ktd)
 {
@@ -237,6 +239,39 @@
 	l->l_pflag &= ~LP_KTRACTIVE;
 }
 
+static int
+ktrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	struct proc *p;
+	int result;
+	enum kauth_process_req req;
+
+	result = KAUTH_RESULT_DEFER;
+	p = arg0;
+
+	if (action != KAUTH_PROCESS_KTRACE)
+		return result;
+
+	req = (enum kauth_process_req)(unsigned long)arg1;
+
+	/* Privileged; secmodel should handle these. */
+	if (req == KAUTH_REQ_PROCESS_KTRACE_PERSISTENT)
+		return result;
+
+	if ((p->p_traceflag & KTRFAC_PERSISTENT) ||
+	    (p->p_flag & PK_SUGID))
+		return result;
+
+	if (kauth_cred_geteuid(cred) == kauth_cred_getuid(p->p_cred) &&
+	    kauth_cred_getuid(cred) == kauth_cred_getsvuid(p->p_cred) &&
+	    kauth_cred_getgid(cred) == kauth_cred_getgid(p->p_cred) &&
+	    kauth_cred_getgid(cred) == kauth_cred_getsvgid(p->p_cred))
+		result = KAUTH_RESULT_ALLOW;
+
+	return result;
+}
+
 /*
  * Initialise the ktrace system.
  */
@@ -247,6 +282,9 @@
 	mutex_init(&ktrace_lock, MUTEX_DEFAULT, IPL_NONE);
 	kte_cache = pool_cache_init(sizeof(struct ktrace_entry), 0, 0, 0,
 	    "ktrace", &pool_allocator_nointr, IPL_NONE, NULL, NULL, NULL);
+
+	ktrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+	    ktrace_listener_cb, NULL); 
 }
 
 /*
cvs diff -r1.1 -r1.2 src/sys/secmodel/suser/secmodel_suser.c (expand / switch to context diff)
--- src/sys/secmodel/suser/secmodel_suser.c 2009/10/02 18:50:13 1.1
+++ src/sys/secmodel/suser/secmodel_suser.c 2009/10/02 21:47:35 1.2
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.1 2009/10/02 18:50:13 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.2 2009/10/02 21:47:35 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.1 2009/10/02 18:50:13 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.2 2009/10/02 21:47:35 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -624,33 +624,11 @@
 		break;
 		}
 
-	case KAUTH_PROCESS_KTRACE: {
-		enum kauth_process_req req;
-
-		req = (enum kauth_process_req)(unsigned long)arg1;
-
-		if (isroot) {
+	case KAUTH_PROCESS_KTRACE:
+		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
-			break;
-		} else if (req == KAUTH_REQ_PROCESS_KTRACE_PERSISTENT) {
-			break;
-		}
 
-		if ((p->p_traceflag & KTRFAC_PERSISTENT) ||
-		    (p->p_flag & PK_SUGID)) {
-			break;
-		}
-
-		if (kauth_cred_geteuid(cred) == kauth_cred_getuid(p->p_cred) &&
-		    kauth_cred_getuid(cred) == kauth_cred_getsvuid(p->p_cred) &&
-		    kauth_cred_getgid(cred) == kauth_cred_getgid(p->p_cred) &&
-		    kauth_cred_getgid(cred) == kauth_cred_getsvgid(p->p_cred)) {
-			result = KAUTH_RESULT_ALLOW;
-			break;
-		}
-
 		break;
-		}
 
 	case KAUTH_PROCESS_PROCFS: {
 		enum kauth_process_req req = (enum kauth_process_req)arg2;