PERFORCE change 19964 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=19964

Change 19964 by rwatson at rwatson_tislabs on 2002/10/23 08:11:26

	Teach mac_biba about sysctl: permit sysctl reads by any subject,
	but permit sysctl writes only if the subject meets our definition
	of Biba privileged (single==equal, either end of range==equal,
	range==low-high).  This permits information flow via sysctl only
	for privileged subjects, and prohibits system reconfiguration
	by unprivileged subjects.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#151 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#151 (text+ko) ====

@@ -320,6 +320,14 @@
 }
 
 static int
+mac_biba_privileged(struct mac_biba *mac_biba)
+{
+
+	/* Equate the notion of "equal" with privilege. */
+	return (mac_biba_subject_equal_ok(mac_biba));
+}
+
+static int
 mac_biba_valid(struct mac_biba *mac_biba)
 {
 
@@ -1807,6 +1815,30 @@
 }
 
 static int
+mac_biba_check_sysctl(struct ucred *cred, int *name, u_int namelen,
+    void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
+{
+	struct mac_biba *subj;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(&cred->cr_label);
+
+	/*
+	 * Permit sysctl modification only if Biba-privileged; permit
+	 * read by any process.
+	 */
+	if (new != NULL) {
+		if (!mac_biba_privileged(subj))
+			return (EPERM);
+	}
+
+	return (0);
+}
+
+
+static int
 mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel)
 {
@@ -2606,6 +2638,8 @@
 	    (macop_t)mac_biba_check_socket_relabel },
 	{ MAC_CHECK_SOCKET_VISIBLE,
 	    (macop_t)mac_biba_check_socket_visible },
+	{ MAC_CHECK_SYSCTL,
+	    (macop_t)mac_biba_check_sysctl },
 	{ MAC_CHECK_VNODE_ACCESS,
 	    (macop_t)mac_biba_check_vnode_open },
 	{ MAC_CHECK_VNODE_CHDIR,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message