Fri Oct 2 23:00:02 2009 UTC ()
Put procfs policy back in the subsystem.


(elad)
diff -r1.83 -r1.84 src/sys/miscfs/procfs/procfs_vfsops.c
diff -r1.7 -r1.8 src/sys/secmodel/suser/secmodel_suser.c
cvs diff -r1.83 -r1.84 src/sys/miscfs/procfs/procfs_vfsops.c (expand / switch to unified diff)

--- src/sys/miscfs/procfs/procfs_vfsops.c 2009/03/15 17:22:38 1.83
+++ src/sys/miscfs/procfs/procfs_vfsops.c 2009/10/02 23:00:02 1.84
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: procfs_vfsops.c,v 1.83 2009/03/15 17:22:38 cegger Exp $ */ 1/* $NetBSD: procfs_vfsops.c,v 1.84 2009/10/02 23:00:02 elad Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1993 4 * Copyright (c) 1993
5 * The Regents of the University of California. All rights reserved. 5 * The Regents of the University of California. All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to Berkeley by 7 * This code is derived from software contributed to Berkeley by
8 * Jan-Simon Pendry. 8 * Jan-Simon Pendry.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -66,27 +66,27 @@ @@ -66,27 +66,27 @@
66 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 66 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
67 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 67 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
68 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 68 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
69 * SUCH DAMAGE. 69 * SUCH DAMAGE.
70 * 70 *
71 * @(#)procfs_vfsops.c 8.7 (Berkeley) 5/10/95 71 * @(#)procfs_vfsops.c 8.7 (Berkeley) 5/10/95
72 */ 72 */
73 73
74/* 74/*
75 * procfs VFS interface 75 * procfs VFS interface
76 */ 76 */
77 77
78#include <sys/cdefs.h> 78#include <sys/cdefs.h>
79__KERNEL_RCSID(0, "$NetBSD: procfs_vfsops.c,v 1.83 2009/03/15 17:22:38 cegger Exp $"); 79__KERNEL_RCSID(0, "$NetBSD: procfs_vfsops.c,v 1.84 2009/10/02 23:00:02 elad Exp $");
80 80
81#if defined(_KERNEL_OPT) 81#if defined(_KERNEL_OPT)
82#include "opt_compat_netbsd.h" 82#include "opt_compat_netbsd.h"
83#endif 83#endif
84 84
85#include <sys/param.h> 85#include <sys/param.h>
86#include <sys/time.h> 86#include <sys/time.h>
87#include <sys/kernel.h> 87#include <sys/kernel.h>
88#include <sys/systm.h> 88#include <sys/systm.h>
89#include <sys/sysctl.h> 89#include <sys/sysctl.h>
90#include <sys/proc.h> 90#include <sys/proc.h>
91#include <sys/buf.h> 91#include <sys/buf.h>
92#include <sys/syslog.h> 92#include <sys/syslog.h>
@@ -100,26 +100,28 @@ __KERNEL_RCSID(0, "$NetBSD: procfs_vfsop @@ -100,26 +100,28 @@ __KERNEL_RCSID(0, "$NetBSD: procfs_vfsop
100 100
101#include <miscfs/genfs/genfs.h> 101#include <miscfs/genfs/genfs.h>
102 102
103#include <miscfs/procfs/procfs.h> 103#include <miscfs/procfs/procfs.h>
104 104
105#include <uvm/uvm_extern.h> /* for PAGE_SIZE */ 105#include <uvm/uvm_extern.h> /* for PAGE_SIZE */
106 106
107MODULE(MODULE_CLASS_VFS, procfs, NULL); 107MODULE(MODULE_CLASS_VFS, procfs, NULL);
108 108
109VFS_PROTOS(procfs); 109VFS_PROTOS(procfs);
110 110
111static struct sysctllog *procfs_sysctl_log; 111static struct sysctllog *procfs_sysctl_log;
112 112
 113static kauth_listener_t procfs_listener;
 114
113/* 115/*
114 * VFS Operations. 116 * VFS Operations.
115 * 117 *
116 * mount system call 118 * mount system call
117 */ 119 */
118/* ARGSUSED */ 120/* ARGSUSED */
119int 121int
120procfs_mount( 122procfs_mount(
121 struct mount *mp, 123 struct mount *mp,
122 const char *path, 124 const char *path,
123 void *data, 125 void *data,
124 size_t *data_len) 126 size_t *data_len)
125{ 127{
@@ -295,52 +297,96 @@ struct vfsops procfs_vfsops = { @@ -295,52 +297,96 @@ struct vfsops procfs_vfsops = {
295 NULL, /* vfs_mountroot */ 297 NULL, /* vfs_mountroot */
296 (int (*)(struct mount *, struct vnode *, struct timespec *)) eopnotsupp, 298 (int (*)(struct mount *, struct vnode *, struct timespec *)) eopnotsupp,
297 vfs_stdextattrctl, 299 vfs_stdextattrctl,
298 (void *)eopnotsupp, /* vfs_suspendctl */ 300 (void *)eopnotsupp, /* vfs_suspendctl */
299 genfs_renamelock_enter, 301 genfs_renamelock_enter,
300 genfs_renamelock_exit, 302 genfs_renamelock_exit,
301 (void *)eopnotsupp, 303 (void *)eopnotsupp,
302 procfs_vnodeopv_descs, 304 procfs_vnodeopv_descs,
303 0, 305 0,
304 { NULL, NULL }, 306 { NULL, NULL },
305}; 307};
306 308
307static int 309static int
 310procfs_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
 311 void *arg0, void *arg1, void *arg2, void *arg3)
 312{
 313 struct proc *p;
 314 struct pfsnode *pfs;
 315 enum kauth_process_req req;
 316 int result;
 317
 318 result = KAUTH_RESULT_DEFER;
 319 p = arg0;
 320 pfs = arg1;
 321 req = (enum kauth_process_req)(unsigned long)arg2;
 322
 323 if (action != KAUTH_PROCESS_PROCFS)
 324 return result;
 325
 326 /* Privileged; let secmodel handle that. */
 327 if (req == KAUTH_REQ_PROCESS_PROCFS_CTL)
 328 return result;
 329
 330 switch (pfs->pfs_type) {
 331 case PFSregs:
 332 case PFSfpregs:
 333 case PFSmem:
 334 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) ||
 335 ISSET(p->p_flag, PK_SUGID))
 336 break;
 337
 338 /*FALLTHROUGH*/
 339 default:
 340 result = KAUTH_RESULT_ALLOW;
 341 break;
 342 }
 343
 344 return result;
 345}
 346
 347
 348static int
308procfs_modcmd(modcmd_t cmd, void *arg) 349procfs_modcmd(modcmd_t cmd, void *arg)
309{ 350{
310 int error; 351 int error;
311 352
312 switch (cmd) { 353 switch (cmd) {
313 case MODULE_CMD_INIT: 354 case MODULE_CMD_INIT:
314 error = vfs_attach(&procfs_vfsops); 355 error = vfs_attach(&procfs_vfsops);
315 if (error != 0) 356 if (error != 0)
316 break; 357 break;
317 sysctl_createv(&procfs_sysctl_log, 0, NULL, NULL, 358 sysctl_createv(&procfs_sysctl_log, 0, NULL, NULL,
318 CTLFLAG_PERMANENT, 359 CTLFLAG_PERMANENT,
319 CTLTYPE_NODE, "vfs", NULL, 360 CTLTYPE_NODE, "vfs", NULL,
320 NULL, 0, NULL, 0, 361 NULL, 0, NULL, 0,
321 CTL_VFS, CTL_EOL); 362 CTL_VFS, CTL_EOL);
322 sysctl_createv(&procfs_sysctl_log, 0, NULL, NULL, 363 sysctl_createv(&procfs_sysctl_log, 0, NULL, NULL,
323 CTLFLAG_PERMANENT, 364 CTLFLAG_PERMANENT,
324 CTLTYPE_NODE, "procfs", 365 CTLTYPE_NODE, "procfs",
325 SYSCTL_DESCR("Process file system"), 366 SYSCTL_DESCR("Process file system"),
326 NULL, 0, NULL, 0, 367 NULL, 0, NULL, 0,
327 CTL_VFS, 12, CTL_EOL); 368 CTL_VFS, 12, CTL_EOL);
328 /* 369 /*
329 * XXX the "12" above could be dynamic, thereby eliminating 370 * XXX the "12" above could be dynamic, thereby eliminating
330 * one more instance of the "number to vfs" mapping problem, 371 * one more instance of the "number to vfs" mapping problem,
331 * but "12" is the order as taken from sys/mount.h 372 * but "12" is the order as taken from sys/mount.h
332 */ 373 */
 374
 375 procfs_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
 376 procfs_listener_cb, NULL);
 377
333 break; 378 break;
334 case MODULE_CMD_FINI: 379 case MODULE_CMD_FINI:
335 error = vfs_detach(&procfs_vfsops); 380 error = vfs_detach(&procfs_vfsops);
336 if (error != 0) 381 if (error != 0)
337 break; 382 break;
338 sysctl_teardown(&procfs_sysctl_log); 383 sysctl_teardown(&procfs_sysctl_log);
 384 kauth_unlisten_scope(procfs_listener);
339 break; 385 break;
340 default: 386 default:
341 error = ENOTTY; 387 error = ENOTTY;
342 break; 388 break;
343 } 389 }
344 390
345 return (error); 391 return (error);
346} 392}
cvs diff -r1.7 -r1.8 src/sys/secmodel/suser/secmodel_suser.c (expand / switch to unified diff)

--- src/sys/secmodel/suser/secmodel_suser.c 2009/10/02 22:46:18 1.7
+++ src/sys/secmodel/suser/secmodel_suser.c 2009/10/02 23:00:02 1.8
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $ */ 1/* $NetBSD: secmodel_suser.c,v 1.8 2009/10/02 23:00:02 elad Exp $ */
2/*- 2/*-
3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> 3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4 * All rights reserved. 4 * All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products 14 * 3. The name of the author may not be used to endorse or promote products
@@ -28,27 +28,27 @@ @@ -28,27 +28,27 @@
28 28
29/* 29/*
30 * This file contains kauth(9) listeners needed to implement the traditional 30 * This file contains kauth(9) listeners needed to implement the traditional
31 * NetBSD superuser access restrictions. 31 * NetBSD superuser access restrictions.
32 * 32 *
33 * There are two main resources a request can be issued to: user-owned and 33 * There are two main resources a request can be issued to: user-owned and
34 * system owned. For the first, traditional Unix access checks are done, as 34 * system owned. For the first, traditional Unix access checks are done, as
35 * well as superuser checks. If needed, the request context is examined before 35 * well as superuser checks. If needed, the request context is examined before
36 * a decision is made. For the latter, usually only superuser checks are done 36 * a decision is made. For the latter, usually only superuser checks are done
37 * as normal users are not allowed to access system resources. 37 * as normal users are not allowed to access system resources.
38 */ 38 */
39 39
40#include <sys/cdefs.h> 40#include <sys/cdefs.h>
41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $"); 41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.8 2009/10/02 23:00:02 elad Exp $");
42 42
43#include <sys/types.h> 43#include <sys/types.h>
44#include <sys/param.h> 44#include <sys/param.h>
45#include <sys/kauth.h> 45#include <sys/kauth.h>
46 46
47#include <sys/acct.h> 47#include <sys/acct.h>
48#include <sys/mutex.h> 48#include <sys/mutex.h>
49#include <sys/ktrace.h> 49#include <sys/ktrace.h>
50#include <sys/mount.h> 50#include <sys/mount.h>
51#include <sys/pset.h> 51#include <sys/pset.h>
52#include <sys/socketvar.h> 52#include <sys/socketvar.h>
53#include <sys/sysctl.h> 53#include <sys/sysctl.h>
54#include <sys/tty.h> 54#include <sys/tty.h>
@@ -564,56 +564,31 @@ secmodel_suser_process_cb(kauth_cred_t c @@ -564,56 +564,31 @@ secmodel_suser_process_cb(kauth_cred_t c
564 default: 564 default:
565 break; 565 break;
566 } 566 }
567 567
568 break; 568 break;
569 } 569 }
570 570
571 case KAUTH_PROCESS_KTRACE: 571 case KAUTH_PROCESS_KTRACE:
572 if (isroot) 572 if (isroot)
573 result = KAUTH_RESULT_ALLOW; 573 result = KAUTH_RESULT_ALLOW;
574 574
575 break; 575 break;
576 576
577 case KAUTH_PROCESS_PROCFS: { 577 case KAUTH_PROCESS_PROCFS:
578 enum kauth_process_req req = (enum kauth_process_req)arg2; 578 if (isroot)
579 struct pfsnode *pfs = arg1; 
580 
581 if (isroot) { 
582 result = KAUTH_RESULT_ALLOW; 
583 break; 
584 } 
585 
586 if (req == KAUTH_REQ_PROCESS_PROCFS_CTL) { 
587 break; 
588 } 
589 
590 switch (pfs->pfs_type) { 
591 case PFSregs: 
592 case PFSfpregs: 
593 case PFSmem: 
594 if (kauth_cred_getuid(cred) != 
595 kauth_cred_getuid(p->p_cred) || 
596 ISSET(p->p_flag, PK_SUGID)) { 
597 break; 
598 } 
599 /*FALLTHROUGH*/ 
600 default: 
601 result = KAUTH_RESULT_ALLOW; 579 result = KAUTH_RESULT_ALLOW;
602 break; 
603 } 
604 580
605 break; 581 break;
606 } 
607 582
608 case KAUTH_PROCESS_PTRACE: 583 case KAUTH_PROCESS_PTRACE:
609 if (isroot) 584 if (isroot)
610 result = KAUTH_RESULT_ALLOW; 585 result = KAUTH_RESULT_ALLOW;
611 586
612 break; 587 break;
613 588
614 case KAUTH_PROCESS_CORENAME: 589 case KAUTH_PROCESS_CORENAME:
615 if (isroot || proc_uidmatch(cred, p->p_cred) == 0) 590 if (isroot || proc_uidmatch(cred, p->p_cred) == 0)
616 result = KAUTH_RESULT_ALLOW; 591 result = KAUTH_RESULT_ALLOW;
617 592
618 break; 593 break;
619 594