PERFORCE change 43036 for review
Andrew Reisse
areisse at FreeBSD.org
Tue Nov 25 16:11:44 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=43036
Change 43036 by areisse at areisse_ibook on 2003/11/25 08:11:44
chdir and exec permission checks
execve handles script labels
Affected files ...
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#4 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#33 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#8 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#7 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/vfs/vfs_syscalls.c#12 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#19 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#4 (text+ko) ====
@@ -212,8 +212,8 @@
char *ws_cache_name = NULL; /* used for pre-heat */
int cred_change = 0;
#ifdef MAC
- struct label execlabel;
- struct label *execlabelp;
+ struct label execlabel, scriptlabel;
+ struct label *execlabelp, *scriptlabelp = NULL;
int no_trans = 0;
int will_transition = 0;
#endif
@@ -247,7 +247,7 @@
error = execargs_alloc(&execargs);
if (error)
- return(error);
+ goto free_execl;
savedpath = execargs;
@@ -267,7 +267,7 @@
error = copyinstr(uap->fname, savedpath, MAXPATHLEN, &savedpathlen);
if (error)
- return (error);
+ goto free_execl;
/*
* copyinstr will put in savedpathlen, the count of
* characters (including NULL) in the path.
@@ -319,6 +319,11 @@
*(&vattr) = *(&origvattr);
again:
+#ifdef MAC
+ error = mac_check_vnode_exec (p->p_ucred, vp, execlabelp);
+ if (error)
+ goto bad;
+#endif
error = check_exec_access(p, vp, &vattr);
if (error)
goto bad;
@@ -415,6 +420,14 @@
/* Save the name aside for future use */
execargsp = (vm_offset_t *)((char *)(execargs) + savedpathlen);
+ /* Copy the script label for later use. Note that
+ the label can be different when the script is actually
+ read by the interpreter. */
+#ifdef MAC
+ scriptlabelp = &scriptlabel;
+ mac_init_vnode_label (&scriptlabel);
+ mac_copy_vnode_label (&vp->v_label, &scriptlabel);
+#endif
indir = 1;
vput(vp);
nd.ni_cnd.cn_nameiop = LOOKUP;
@@ -602,7 +615,7 @@
/* Transitions */
#ifdef MAC
- will_transition = mac_execve_will_transition (p->p_ucred, vp, NULL,
+ will_transition = mac_execve_will_transition (p->p_ucred, vp, scriptlabelp,
execlabelp);
cred_change |= will_transition;
#endif
@@ -645,7 +658,7 @@
#ifdef MAC
if (will_transition && !no_trans)
- mac_execve_transition (cred, p->p_ucred, vp, NULL, execlabelp);
+ mac_execve_transition (cred, p->p_ucred, vp, scriptlabelp, execlabelp);
#endif
crfree (cred);
@@ -884,8 +897,14 @@
if (!error && vfexec) {
vfork_return(current_act(), p->p_pptr, p, retval);
(void) thread_resume(thr_act);
- return(0);
}
+free_execl:
+#ifdef MAC
+ if (execlabelp)
+ mac_destroy_cred_label (execlabelp);
+ if (scriptlabelp)
+ mac_destroy_vnode_label (scriptlabelp);
+#endif
return(error);
}
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#33 (text+ko) ====
@@ -1095,7 +1095,7 @@
MAC_DEBUG_COUNTER_DEC(&nmacbpfdescs);
}
-static void
+void
mac_destroy_cred_label(struct label *label)
{
@@ -1593,7 +1593,7 @@
void
mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp,
- struct label *interpvnodelabel, struct label *execl)
+ struct label *scriptvnodelabel, struct label *execl)
{
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
@@ -1601,13 +1601,17 @@
if (!mac_enforce_process && !mac_enforce_fs)
return;
- MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label,
- interpvnodelabel, execl);
+ if (scriptvnodelabel)
+ MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label,
+ scriptvnodelabel, execl);
+ else
+ MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label,
+ NULL, execl);
}
int
mac_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *interpvnodelabel, struct label *execlabel)
+ struct label *scriptvnodelabel, struct label *execlabel)
{
int result;
@@ -1617,8 +1621,12 @@
return (0);
result = 0;
- MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label,
- interpvnodelabel, execlabel);
+ if (scriptvnodelabel)
+ MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label,
+ scriptvnodelabel, execlabel);
+ else
+ MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label,
+ NULL, execlabel);
return (result);
}
@@ -1729,10 +1737,8 @@
}
#endif
-#if 0
int
-mac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct image_params *imgp)
+mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct label *execl)
{
int error;
@@ -1741,12 +1747,10 @@
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, imgp,
- imgp->execlabel);
+ MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, execl);
return (error);
}
-#endif
#if 0
int
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#8 (text+ko) ====
@@ -107,7 +107,6 @@
struct devnode;
struct ifnet;
struct ifreq;
-struct image_params;
struct ipq;
struct m_tag;
struct mbuf;
@@ -227,10 +226,10 @@
struct label *execlabel);
void mac_execve_exit(struct image_params *imgp);
void mac_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *interpvnodelabel,
+ struct vnode *vp, struct label *scriptvnodelabel,
struct label *execlabel);
int mac_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *interpvnodelabel, struct label *execlabel);
+ struct label *scriptvnodelabel, struct label *execlabel);
void mac_create_proc0(struct ucred *cred);
void mac_create_proc1(struct ucred *cred);
#if 0
@@ -294,7 +293,7 @@
acl_type_t type);
#endif
int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct image_params *imgp);
+ struct label *execlabel);
#if 0
int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
acl_type_t type);
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#7 (text+ko) ====
@@ -395,12 +395,11 @@
struct componentname *cnp);
int (*mpo_check_vnode_deleteextattr)(struct ucred *cred,
struct vnode *vp, int attrnamespace, const char *name);
+ int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp,
+ struct label *label, struct label *execlabel);
#if 0
int (*mpo_check_vnode_deleteacl)(struct ucred *cred,
struct vnode *vp, struct label *label, acl_type_t type);
- int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp,
- struct label *label, struct image_params *imgp,
- struct label *execlabel);
int (*mpo_check_vnode_getacl)(struct ucred *cred,
struct vnode *vp, struct label *label, acl_type_t type);
#endif
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/vfs/vfs_syscalls.c#12 (text+ko) ====
@@ -998,7 +998,13 @@
if (vp->v_type != VDIR)
error = ENOTDIR;
else
+ {
+#ifdef MAC
+ error = mac_check_vnode_chdir (p->p_ucred, ndp->ni_vp);
+ if (0 == error)
+#endif
error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p);
+ }
if (error)
vput(vp);
else
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#19 (text+ko) ====
@@ -1528,10 +1528,9 @@
}
#endif
-#ifdef HAS_IMAGE_PARAMS
static int
sebsd_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct label *label, struct image_params *imgp, struct label *execlabel)
+ struct label *label, struct label *execlabel)
{
struct task_security_struct *task;
struct vnode_security_struct *file;
@@ -1590,7 +1589,6 @@
return (0);
}
-#endif
#ifdef HAS_ACLS
static int
@@ -2203,12 +2201,11 @@
.mpo_check_vnode_access = sebsd_check_vnode_access,
.mpo_check_vnode_chdir = sebsd_check_vnode_chdir,
.mpo_check_vnode_chroot = sebsd_check_vnode_chroot,
- //.mpo_check_vnode_create = sebsd_check_vnode_create,
+ .mpo_check_vnode_create = sebsd_check_vnode_create,
.mpo_check_vnode_delete = sebsd_check_vnode_delete,
+ .mpo_check_vnode_exec = sebsd_check_vnode_exec,
#ifdef EXTATTR
- .mpo_check_vnode_exec = sebsd_check_vnode_exec,
-
.mpo_check_vnode_getextattr = sebsd_check_vnode_getextattr,
.mpo_check_vnode_listextattr = NOT_IMPLEMENTED,
.mpo_check_vnode_deleteextattr = NOT_IMPLEMENTED,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list