PERFORCE change 133987 for review

Thu Jan 24 00:58:37 PST 2008

http://perforce.freebsd.org/chv.cgi?CH=133987

Change 133987 by rwatson at rwatson_freebsd_capabilities on 2008/01/24 08:58:26

	Allow various infrastructural sysctls, such as querying the next
	sysctl, sysctl fmt, and name2oid, in capability mode.  This is too
	broad and should be narrowed based on the specific oid being
	requested.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_mib.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_sysctl.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_mib.c#3 (text+ko) ====


==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_sysctl.c#3 (text+ko) ====

@@ -598,7 +598,12 @@
 	return (SYSCTL_OUT(req, "", 1));
 }
 
-static SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD, sysctl_sysctl_name, "");
+/*
+ * XXXRW: Shouldn't return name data for nodes that we don't permit in
+ * capability mode.
+ */
+static SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD | CTLFLAG_CAPRD,
+    sysctl_sysctl_name, "");
 
 static int
 sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, int *name, u_int namelen, 
@@ -676,7 +681,12 @@
 	return (error);
 }
 
-static SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD, sysctl_sysctl_next, "");
+/*
+ * XXXRW: Shouldn't return next data for nodes that we don't permit in
+ * capability mode.
+ */
+static SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD | CTLFLAG_CAPRD,
+    sysctl_sysctl_next, "");
 
 static int
 name2oid (char *name, int *oid, int *len, struct sysctl_oid **oidpp)
@@ -768,8 +778,12 @@
 	return (error);
 }
 
-SYSCTL_PROC(_sysctl, 3, name2oid, CTLFLAG_RW|CTLFLAG_ANYBODY, 0, 0, 
-	sysctl_sysctl_name2oid, "I", "");
+/*
+ * XXXRW: Shouldn't return name2oid data for nodes that we don't permit in
+ * capability mode.
+ */
+SYSCTL_PROC(_sysctl, 3, name2oid, CTLFLAG_RW | CTLFLAG_ANYBODY |
+	CTLFLAG_CAPRW, 0, 0, sysctl_sysctl_name2oid, "I", "");
 
 static int
 sysctl_sysctl_oidfmt(SYSCTL_HANDLER_ARGS)
@@ -791,7 +805,12 @@
 }
 
 
-static SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD, sysctl_sysctl_oidfmt, "");
+/*
+ * XXXRW: Shouldn't return oidfmt data for nodes that we don't permit in
+ * capability mode.
+ */
+static SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD | CTLFLAG_CAPRD,
+    sysctl_sysctl_oidfmt, "");
 
 static int
 sysctl_sysctl_oiddescr(SYSCTL_HANDLER_ARGS)
@@ -809,7 +828,12 @@
 	return (error);
 }
 
-static SYSCTL_NODE(_sysctl, 5, oiddescr, CTLFLAG_RD, sysctl_sysctl_oiddescr, "");
+/*
+ * XXXRW: Shouldn't return oiddescr data for nodes that we don't permit in
+ * capability mode.
+ */
+static SYSCTL_NODE(_sysctl, 5, oiddescr, CTLFLAG_RD | CTLFLAG_CAPRD,
+    sysctl_sysctl_oiddescr, "");
 
 /*
  * Default "handler" functions.
