PERFORCE change 20703 for review
Robert Watson
rwatson at freebsd.org
Tue Nov 5 17:59:21 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=20703
Change 20703 by rwatson at rwatson_tislabs on 2002/11/05 09:58:48
Further loopback of MAC execve() changes.
Affected files ...
.. //depot/projects/trustedbsd/base/sys/compat/pecoff/imgact_pecoff.c#13 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_exec.c#23 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#29 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#20 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_bsdextended/mac_bsdextended.c#6 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.c#18 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_none/mac_none.c#12 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_test/mac_test.c#12 integrate
.. //depot/projects/trustedbsd/base/sys/sys/imgact.h#8 integrate
.. //depot/projects/trustedbsd/base/sys/sys/mac.h#20 integrate
.. //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#19 integrate
Differences ...
==== //depot/projects/trustedbsd/base/sys/compat/pecoff/imgact_pecoff.c#13 (text+ko) ====
@@ -1,5 +1,5 @@
/* $NetBSD$ */
-/* $FreeBSD: src/sys/compat/pecoff/imgact_pecoff.c,v 1.27 2002/11/05 01:59:56 rwatson Exp $ */
+/* $FreeBSD: src/sys/compat/pecoff/imgact_pecoff.c,v 1.28 2002/11/05 17:51:56 rwatson Exp $ */
/*
* Copyright (c) 2000 Masaru OKI
@@ -365,6 +365,7 @@
imgp->proc = td->td_proc;
imgp->userspace_argv = NULL;
imgp->userspace_envv = NULL;
+ imgp->execlabel = NULL;
imgp->attr = &attr;
imgp->firstpage = NULL;
==== //depot/projects/trustedbsd/base/sys/kern/kern_exec.c#23 (text+ko) ====
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/kern/kern_exec.c,v 1.195 2002/11/05 14:57:49 rwatson Exp $
+ * $FreeBSD: src/sys/kern/kern_exec.c,v 1.196 2002/11/05 17:51:55 rwatson Exp $
*/
#include "opt_ktrace.h"
@@ -77,7 +77,7 @@
static int sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS);
static int sysctl_kern_usrstack(SYSCTL_HANDLER_ARGS);
static int kern_execve(struct thread *td, char *fname, char **argv,
- char **envv);
+ char **envv, struct mac *mac_p);
/*
* callout list for things to do at exec time
@@ -144,11 +144,12 @@
* MPSAFE
*/
static int
-kern_execve(td, fname, argv, envv)
+kern_execve(td, fname, argv, envv, mac_p)
struct thread *td;
char *fname;
char **argv;
char **envv;
+ struct mac *mac_p;
{
struct proc *p = td->td_proc;
struct nameidata nd, *ndp;
@@ -168,7 +169,9 @@
int credential_changing;
int textset;
#ifdef MAC
- int will_transition;
+ struct label interplabel; /* label of the interpreted vnode */
+ struct label execlabel; /* optional label argument */
+ int will_transition, interplabelvalid = 0;
#endif
imgp = &image_params;
@@ -205,6 +208,7 @@
imgp->proc = p;
imgp->userspace_argv = argv;
imgp->userspace_envv = envv;
+ imgp->execlabel = NULL;
imgp->attr = &attr;
imgp->argc = imgp->envc = 0;
imgp->argv0 = NULL;
@@ -219,6 +223,14 @@
imgp->ps_strings = 0;
imgp->auxarg_size = 0;
+#ifdef MAC
+ error = mac_execve_enter(imgp, mac_p, &execlabel);
+ if (error) {
+ mtx_lock(&Giant);
+ goto exec_fail;
+ }
+#endif
+
/*
* Allocate temporary demand zeroed space for argument and
* environment strings
@@ -325,6 +337,11 @@
imgp->vp->v_vflag &= ~VV_TEXT;
/* free name buffer and old vnode */
NDFREE(ndp, NDF_ONLY_PNBUF);
+#ifdef MAC
+ mac_init_vnode_label(&interplabel);
+ mac_copy_vnode_label(&ndp->ni_vp->v_label, &interplabel);
+ interplabelvalid = 1;
+#endif
vput(ndp->ni_vp);
vm_object_deallocate(imgp->object);
imgp->object = NULL;
@@ -432,6 +449,9 @@
*
* Don't honor setuid/setgid if the filesystem prohibits it or if
* the process is being traced.
+ *
+ * XXXMAC: For the time being, use NOSUID to also prohibit
+ * transitions on the file system.
*/
oldcred = p->p_ucred;
credential_changing = 0;
@@ -440,7 +460,8 @@
credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid !=
attr.va_gid;
#ifdef MAC
- will_transition = mac_execve_will_transition(oldcred, imgp->vp);
+ will_transition = mac_execve_will_transition(oldcred, imgp->vp,
+ interplabelvalid ? &interplabel : NULL, imgp);
credential_changing |= will_transition;
#endif
@@ -486,8 +507,10 @@
if (attr.va_mode & VSGID)
change_egid(newcred, attr.va_gid);
#ifdef MAC
- if (will_transition)
- mac_execve_transition(oldcred, newcred, imgp->vp);
+ if (will_transition) {
+ mac_execve_transition(oldcred, newcred, imgp->vp,
+ interplabelvalid ? &interplabel : NULL, imgp);
+ }
#endif
/*
* Implement correct POSIX saved-id behavior.
@@ -628,11 +651,21 @@
if (imgp->vmspace_destroyed) {
/* sorry, no more process anymore. exit gracefully */
+#ifdef MAC
+ mac_execve_exit(imgp);
+ if (interplabelvalid)
+ mac_destroy_vnode_label(&interplabel);
+#endif
exit1(td, W_EXITCODE(0, SIGABRT));
/* NOT REACHED */
error = 0;
}
done2:
+#ifdef MAC
+ mac_execve_exit(imgp);
+ if (interplabelvalid)
+ mac_destroy_vnode_label(&interplabel);
+#endif
mtx_unlock(&Giant);
return (error);
}
@@ -658,7 +691,38 @@
} */ *uap;
{
- return (kern_execve(td, uap->fname, uap->argv, uap->envv));
+#ifdef MAC
+ return (kern_execve(td, uap->fname, uap->argv, uap->envv, NULL));
+#else
+ return (ENOSYS);
+#endif
+}
+
+#ifndef _SYS_SYSPROTO_H_
+struct __mac_execve_args {
+ char *fname;
+ char **argv;
+ char **envv;
+ struct mac *mac_p;
+};
+#endif
+
+/*
+ * MPSAFE
+ */
+int
+__mac_execve(td, uap)
+ struct thread *td;
+ struct __mac_execve_args /* {
+ syscallarg(char *) fname;
+ syscallarg(char **) argv;
+ syscallarg(char **) envv;
+ syscallarg(struct mac *) mac_p;
+ } */ *uap;
+{
+
+ return (kern_execve(td, uap->fname, uap->argv, uap->envv,
+ uap->mac_p));
}
int
@@ -1022,7 +1086,7 @@
td = curthread; /* XXXKSE */
#ifdef MAC
- error = mac_check_vnode_exec(td->td_ucred, imgp->vp);
+ error = mac_check_vnode_exec(td->td_ucred, imgp->vp, imgp);
if (error)
return (error);
#endif
==== //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#29 (text+ko) ====
@@ -33,7 +33,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/kern/kern_mac.c,v 1.62 2002/11/05 15:11:33 rwatson Exp $
+ * $FreeBSD: src/sys/kern/kern_mac.c,v 1.63 2002/11/05 17:51:55 rwatson Exp $
*/
/*
* Developed by the TrustedBSD Project.
@@ -47,6 +47,7 @@
#include <sys/param.h>
#include <sys/extattr.h>
+#include <sys/imgact.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/malloc.h>
@@ -1251,8 +1252,53 @@
return (error);
}
+int
+mac_execve_enter(struct image_params *imgp, struct mac *mac_p,
+ struct label *execlabelstorage)
+{
+ struct mac mac;
+ char *buffer;
+ int error;
+
+ if (mac_p == NULL)
+ return (0);
+
+ error = copyin(mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
+ if (error) {
+ free(buffer, M_MACTEMP);
+ return (error);
+ }
+
+ mac_init_cred_label(execlabelstorage);
+ error = mac_internalize_cred_label(execlabelstorage, buffer);
+ free(buffer, M_MACTEMP);
+ if (error) {
+ mac_destroy_cred_label(execlabelstorage);
+ return (error);
+ }
+ imgp->execlabel = execlabelstorage;
+ return (0);
+}
+
void
-mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
+mac_execve_exit(struct image_params *imgp)
+{
+ if (imgp->execlabel != NULL)
+ mac_destroy_cred_label(imgp->execlabel);
+}
+
+void
+mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp,
+ struct label *interpvnodelabel, struct image_params *imgp)
{
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
@@ -1260,11 +1306,13 @@
if (!mac_enforce_process && !mac_enforce_fs)
return;
- MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
+ MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label,
+ interpvnodelabel, imgp);
}
int
-mac_execve_will_transition(struct ucred *old, struct vnode *vp)
+mac_execve_will_transition(struct ucred *old, struct vnode *vp,
+ struct label *interpvnodelabel, struct image_params *imgp)
{
int result;
@@ -1274,7 +1322,8 @@
return (0);
result = 0;
- MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);
+ MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label,
+ interpvnodelabel, imgp);
return (result);
}
@@ -1369,7 +1418,8 @@
}
int
-mac_check_vnode_exec(struct ucred *cred, struct vnode *vp)
+mac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
+ struct image_params *imgp)
{
int error;
@@ -1378,7 +1428,7 @@
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label);
+ MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, imgp);
return (error);
}
==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#20 (text+ko) ====
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.44 2002/11/05 16:44:29 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.45 2002/11/05 17:52:42 rwatson Exp $
*/
/*
@@ -2044,7 +2044,7 @@
static int
mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *label, struct image_params *imgp)
{
struct mac_biba *subj, *obj;
==== //depot/projects/trustedbsd/base/sys/security/mac_bsdextended/mac_bsdextended.c#6 (text+ko) ====
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_bsdextended/mac_bsdextended.c,v 1.7 2002/11/04 01:53:11 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_bsdextended/mac_bsdextended.c,v 1.8 2002/11/05 17:52:42 rwatson Exp $
*/
/*
* Developed by the TrustedBSD Project.
@@ -394,7 +394,7 @@
static int
mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *label, struct image_params *imgp)
{
struct vattr vap;
int error;
==== //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.c#18 (text+ko) ====
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_mls/mac_mls.c,v 1.32 2002/11/05 16:44:29 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_mls/mac_mls.c,v 1.33 2002/11/05 17:52:42 rwatson Exp $
*/
/*
@@ -1862,7 +1862,7 @@
static int
mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *label, struct image_params *imgp)
{
struct mac_mls *subj, *obj;
==== //depot/projects/trustedbsd/base/sys/security/mac_none/mac_none.c#12 (text+ko) ====
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_none/mac_none.c,v 1.20 2002/11/04 01:53:11 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_none/mac_none.c,v 1.21 2002/11/05 17:52:42 rwatson Exp $
*/
/*
@@ -416,14 +416,16 @@
static void
mac_none_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *vnodelabel)
+ struct vnode *vp, struct label *vnodelabel,
+ struct label *interpvnodelabel, struct image_params *imgp)
{
}
static int
mac_none_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *vnodelabel)
+ struct label *vnodelabel, struct label *interpvnodelabel,
+ struct image_params *imgp)
{
return (0);
@@ -687,7 +689,7 @@
static int
mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *label, struct image_params *imgp)
{
return (0);
==== //depot/projects/trustedbsd/base/sys/security/mac_test/mac_test.c#12 (text+ko) ====
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.17 2002/11/04 01:53:12 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.18 2002/11/05 17:52:42 rwatson Exp $
*/
/*
@@ -766,14 +766,16 @@
static void
mac_test_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *filelabel)
+ struct vnode *vp, struct label *filelabel,
+ struct label *interpvnodelabel, struct image_params *imgp)
{
}
static int
mac_test_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *filelabel)
+ struct label *filelabel, struct label *interpvnodelabel,
+ struct image_params *imgp)
{
return (0);
@@ -1014,7 +1016,7 @@
static int
mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *label, struct image_params *imgp)
{
return (0);
==== //depot/projects/trustedbsd/base/sys/sys/imgact.h#8 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/sys/imgact.h,v 1.32 2002/11/05 01:59:55 rwatson Exp $
+ * $FreeBSD: src/sys/sys/imgact.h,v 1.33 2002/11/05 17:51:55 rwatson Exp $
*/
#ifndef _SYS_IMGACT_H_
@@ -38,6 +38,7 @@
#define MAXSHELLCMDLEN 128
+struct label;
struct sysentvec;
struct thread;
struct vm_object;
@@ -46,6 +47,7 @@
struct proc *proc; /* our process struct */
char **userspace_argv; /* system call argument */
char **userspace_envv; /* system call argument */
+ struct label *execlabel; /* optional exec label */
struct vnode *vp; /* pointer to vnode of file to exec */
struct vm_object *object; /* The vm object for this vp */
struct vattr *attr; /* attributes of file */
==== //depot/projects/trustedbsd/base/sys/sys/mac.h#20 (text+ko) ====
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/sys/mac.h,v 1.28 2002/11/04 15:13:35 rwatson Exp $
+ * $FreeBSD: src/sys/sys/mac.h,v 1.29 2002/11/05 17:51:55 rwatson Exp $
*/
/*
* Userland/kernel interface for Mandatory Access Control.
@@ -84,6 +84,8 @@
* Extended non-POSIX.1e interfaces that offer additional services
* available from the userland and kernel MAC frameworks.
*/
+int mac_execve(char *fname, char **argv, char **envv,
+ mac_t _label);
int mac_free(mac_t _label);
int mac_from_text(mac_t *_label, const char *_text);
int mac_get_fd(int _fd, mac_t _label);
@@ -113,6 +115,7 @@
struct devfs_dirent;
struct ifnet;
struct ifreq;
+struct image_params;
struct ipq;
struct mbuf;
struct mount;
@@ -129,7 +132,6 @@
#include <sys/acl.h> /* XXX acl_type_t */
-struct vop_refreshlabel_args;
struct vop_setlabel_args;
/*
@@ -216,9 +218,14 @@
* Labeling event operations: processes.
*/
void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child);
+int mac_execve_enter(struct image_params *imgp, struct mac *mac_p,
+ struct label *execlabel);
+void mac_execve_exit(struct image_params *imgp);
void mac_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp);
-int mac_execve_will_transition(struct ucred *old, struct vnode *vp);
+ struct vnode *vp, struct label *interpvnodelabel,
+ struct image_params *imgp);
+int mac_execve_will_transition(struct ucred *old, struct vnode *vp,
+ struct label *interpvnodelabel, struct image_params *imgp);
void mac_create_proc0(struct ucred *cred);
void mac_create_proc1(struct ucred *cred);
void mac_thread_userret(struct thread *td);
@@ -269,7 +276,8 @@
struct vnode *vp, struct componentname *cnp);
int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
acl_type_t type);
-int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
+ struct image_params *imgp);
int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
acl_type_t type);
int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
==== //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#19 (text+ko) ====
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/sys/mac_policy.h,v 1.28 2002/11/04 15:13:35 rwatson Exp $
+ * $FreeBSD: src/sys/sys/mac_policy.h,v 1.29 2002/11/05 17:51:55 rwatson Exp $
*/
/*
* Kernel interface for MAC policy modules.
@@ -242,9 +242,13 @@
void (*mpo_create_cred)(struct ucred *parent_cred,
struct ucred *child_cred);
void (*mpo_execve_transition)(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *vnodelabel);
+ struct vnode *vp, struct label *vnodelabel,
+ struct label *interpvnodelabel,
+ struct image_params *imgp);
int (*mpo_execve_will_transition)(struct ucred *old,
- struct vnode *vp, struct label *vnodelabel);
+ struct vnode *vp, struct label *vnodelabel,
+ struct label *interpvnodelabel,
+ struct image_params *imgp);
void (*mpo_create_proc0)(struct ucred *cred);
void (*mpo_create_proc1)(struct ucred *cred);
void (*mpo_relabel_cred)(struct ucred *cred,
@@ -338,7 +342,7 @@
int (*mpo_check_vnode_deleteacl)(struct ucred *cred,
struct vnode *vp, struct label *label, acl_type_t type);
int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp,
- struct label *label);
+ struct label *label, struct image_params *imgp);
int (*mpo_check_vnode_getacl)(struct ucred *cred,
struct vnode *vp, struct label *label, acl_type_t type);
int (*mpo_check_vnode_getextattr)(struct ucred *cred,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list