From nobody Wed Mar 15 05:00:20 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PbyrP1hfdz3y1Gc; Wed, 15 Mar 2023 05:00:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PbyrP1787z3PXZ; Wed, 15 Mar 2023 05:00:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678856421; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+qPaiR5BALjM9/EtZZgY4XJIhiMbZrkJTCxeeslEa3w=; b=vhZ3D7Y/uUq+8HmEMdtbq1jqm5Hh6facJV/8Vym+8jMgrpGbJnZ1YblYuo94IXDr/Vh2L3 0Zn4sxPxkYGgYdKpWDIicJDXy/58/pJowunCfMQ2wlP6SQLkQZOJQ6uC0ENxiJRJVj2G2v CPkwygZrnIxYio/ngWkn67LtAK+HCCIbWcoDpWL6EUHkBFbFymumO1Q6qcmEIFAqLFKE7i HPpDwhpTvk7oTlVA8Xg1/EhCf69uI1HSa5SWrNTXpmufgf83zY+lc3+tBwDh6Kg1ER0Nng tzflbwRARtLKP6Xs2ejWXZZMLyFwReJeOw7hTpvmas+BxuD16/UOOkByJum8Xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678856421; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+qPaiR5BALjM9/EtZZgY4XJIhiMbZrkJTCxeeslEa3w=; b=IFTMFiyY3B5SkjxWWOgp0kySio2sA9d3J+qkIdYKStP5tIs9Nyrd92U32U3I74tkcTeOY+ VokM76kj3tsSpE32ulibTxVAVV1XKzud0jZrZyRZUIwWrUyoJEgTm5K1kA99L3DZlmSrMX Pf3TqO/izUzFxk7jz/fHSl+1ExIr4e9JVZTfWCRTPIWW5vB581q70Yv1c3i5d4Pan1AAy/ Ll43a/nZsp7HnrQgFSqDbOHCVjsJ6xVXj0niTqzOE/Tj8n/RridQVSSjj8u3+atrfBanPS 4/Ix/d8KXNp3RS8YBY6XFijZzrVd4FVDh9irIvoo9WvX5o/8tHDZeH/S6Uon2A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678856421; a=rsa-sha256; cv=none; b=s2ndgGKsA4L0XPh5QvXpOWT0pt6XAwc7aIm7htb8gwmmqOW7J850PGpqEomNyGvTfEUKD4 A8eGkW679iRfzkM4Q6nqW33/Y8uKbuvRI4vLK6fLNC3j5b6u0S0wOx14gvVI5c0mRWxre5 QxqtRUarg5vmDDhr7xRUEao12j/MqpwBSP8DmWGZ8Pioo7hghl6VlBoPR/3BJcSpHAottU tNs/1ueASTOt1Oxfirb8tNbqQnilq4arUDSHDrRhWhMOoe2daReFvXvSmZmbdp24PPunuo 8LeSnlWLr73eGg0D4f2sRwr/SmUZVfygZ349kTRAiQEqsrq4OwRAhib+frmH2A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PbyrP08rgz13X4; Wed, 15 Mar 2023 05:00:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32F50KoB001015; Wed, 15 Mar 2023 05:00:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32F50K9Y001014; Wed, 15 Mar 2023 05:00:20 GMT (envelope-from git) Date: Wed, 15 Mar 2023 05:00:20 GMT Message-Id: <202303150500.32F50K9Y001014@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Warner Losh Subject: git: 559e41a11b32 - main - veriexec: Improve comments List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 559e41a11b325b4292531069a697ce6da7e2e4fa Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=559e41a11b325b4292531069a697ce6da7e2e4fa commit 559e41a11b325b4292531069a697ce6da7e2e4fa Author: Warner Losh AuthorDate: 2023-03-15 04:59:20 +0000 Commit: Warner Losh CommitDate: 2023-03-15 05:00:16 +0000 veriexec: Improve comments Make it clear we're checking to see if the target is a verified file and prevent its replacement if so. Sponsored by: Netflix Reviewed by: rpokala Differential Revision: https://reviews.freebsd.org/D39079 --- sys/security/mac_veriexec/mac_veriexec.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c index 6f06a8577212..e377f61ad21c 100644 --- a/sys/security/mac_veriexec/mac_veriexec.c +++ b/sys/security/mac_veriexec/mac_veriexec.c @@ -602,11 +602,11 @@ mac_veriexec_vnode_check_unlink(struct ucred *cred, struct vnode *dvp __unused, if ((mac_veriexec_state & VERIEXEC_STATE_ENFORCE) == 0) return (0); - /* - * Check if it's a verified file - */ error = mac_veriexec_check_vp(cred, vp, VVERIFY); - if (error == 0) { /* file is verified */ + if (error == 0) { + /* + * The target is verified, so disallow replacement. + */ MAC_VERIEXEC_DBG(2, "(UNLINK) attempted to unlink a protected file (euid: %u)", cred->cr_uid); @@ -643,11 +643,11 @@ mac_veriexec_vnode_check_rename_from(struct ucred *cred, if ((mac_veriexec_state & VERIEXEC_STATE_ENFORCE) == 0) return (0); - /* - * Check if it's a verified file - */ error = mac_veriexec_check_vp(cred, vp, VVERIFY); - if (error == 0) { /* file is verified */ + if (error == 0) { + /* + * The target is verified, so disallow replacement. + */ MAC_VERIEXEC_DBG(2, "(RENAME_FROM) attempted to rename a protected file (euid: %u)", cred->cr_uid); return (EAUTH); @@ -692,11 +692,11 @@ mac_veriexec_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp __unuse if ((mac_veriexec_state & VERIEXEC_STATE_ENFORCE) == 0) return (0); - /* - * Check if it's a verified file - */ error = mac_veriexec_check_vp(cred, vp, VVERIFY); - if (error == 0) { /* file is verified */ + if (error == 0) { + /* + * The target is verified, so disallow replacement. + */ MAC_VERIEXEC_DBG(2, "(RENAME_TO) attempted to overwrite a protected file (euid: %u)", cred->cr_uid); return (EAUTH); @@ -727,13 +727,14 @@ mac_veriexec_vnode_check_setmode(struct ucred *cred, struct vnode *vp, return (0); /* - * Do not allow chmod (set-[gu]id) of verified file + * Prohibit chmod of verified set-[gu]id file. */ error = mac_veriexec_check_vp(cred, vp, VVERIFY); - if (error == EAUTH) /* it isn't verified */ + if (error == EAUTH) /* target not verified */ return (0); if (error == 0 && (mode & (S_ISUID|S_ISGID)) != 0) return (EAUTH); + return (0); }