PERFORCE change 105508 for review
Robert Watson
rwatson at FreeBSD.org
Sat Sep 2 06:26:48 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=105508
Change 105508 by rwatson at rwatson_sesame on 2006/09/02 06:24:56
Replace most kernel suser checks with more specific privilege
checks. In some cases, significantly rework privilege logic to
make more sense, such as in the file system handling of device
permission override. Remove some unneeded suser checks in
sysctl wrappers.
Sponsored by: nCircle Network Security, Inc.
Affected files ...
.. //depot/projects/trustedbsd/priv/sys/amd64/amd64/io.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_stat.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/conf/files#2 edit
.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cbq.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cdnr.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_hfsc.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_priq.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_red.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_rio.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/contrib/pf/net/if_pfsync.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/an/if_an.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/arl/if_arl.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/asr/asr.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/ata/atapi-cd.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/ce/if_ce.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/cp/if_cp.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/ctau/if_ct.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/cx/if_cx.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/dcons/dcons_os.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/drm/drmP.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/fdc/fdc.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/hwpmc/hwpmc_mod.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/if_ndis/if_ndis.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/kbd/kbd.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/lmc/if_lmc.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/lmc/if_lmc.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/nmdm/nmdm.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/null/null.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/ofw/ofw_console.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/random/randomdev.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/sbni/if_sbni.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/sbsh/if_sbsh.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/si/si.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/syscons/syscons.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/syscons/sysmouse.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/wi/if_wi.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/wl/if_wl.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/dev/zs/zs.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_rule.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_vnops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/fs/hpfs/hpfs_vnops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vfsops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vnops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/fs/smbfs/smbfs_vnops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/fs/udf/udf_vfsops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/fs/umapfs/umap_vfsops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vfsops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vnops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/gnu/fs/reiserfs/reiserfs_fs.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/gnu/fs/reiserfs/reiserfs_vfsops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/gnu/fs/xfs/FreeBSD/xfs_super.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/i386/i386/io.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/i386/i386/sys_machdep.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/i386/i386/vm86.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/i386/ibcs2/ibcs2_misc.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/i386/ibcs2/ibcs2_socksys.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/i386/ibcs2/ibcs2_sysi86.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/i386/linux/linux_machdep.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/i4b/driver/i4b_ipr.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/ia64/ia64/ssc.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/isofs/cd9660/cd9660_vfsops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_acct.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_descrip.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_environment.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_exec.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_fork.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_ktr.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_ktrace.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_linker.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_ntptime.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_prot.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_resource.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_shutdown.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_thr.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_time.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_xxx.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/subr_acl_posix1e.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/subr_firmware.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/subr_prf.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/subr_witness.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/sysv_msg.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/tty.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/tty_cons.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/tty_pts.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/tty_pty.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/uipc_mqueue.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/uipc_sem.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_mount.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_subr.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_syscalls.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_vnops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/bpf.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/if.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/if_bridge.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/if_gre.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/if_ppp.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/if_sl.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/if_tap.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/if_tun.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/ppp_tty.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/raw_usrreq.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net/rtsock.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/net80211/ieee80211_ioctl.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netatalk/at_control.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netatalk/ddp_pcb.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netatm/atm_usrreq.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netgraph/ng_socket.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netgraph/ng_tty.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/in_pcb.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/ip_carp.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/ip_divert.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/ip_fw2.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/ip_mroute.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/ip_output.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/raw_ip.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/tcp_subr.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/udp_usrreq.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet6/in6.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_pcb.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_src.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet6/ipsec.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netinet6/udp6_usrreq.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netipsec/ipsec_osdep.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/netipx/ipx_pcb.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netipx/ipx_usrreq.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netncp/ncp_conn.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netncp/ncp_mod.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netncp/ncp_subr.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/netsmb/smb_conn.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/netsmb/smb_subr.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/nfsserver/nfs_syscalls.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/pc98/cbus/fdc.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/posix4/p1003_1b.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/audit/audit.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/audit/audit_pipe.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/audit/audit_syscalls.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac/mac_internal.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac/mac_net.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_bsdextended/mac_bsdextended.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_lomac/mac_lomac.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_partition/mac_partition.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_portacl/mac_portacl.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_seeotheruids/mac_seeotheruids.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/sys/jail.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/sys/sysctl.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/sys/systm.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_alloc.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vfsops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vnops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_extattr.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_vnops.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/vm/swap_pager.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/vm/vm_mmap.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/priv/sys/amd64/amd64/io.c#2 (text+ko) ====
@@ -33,6 +33,7 @@
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/signalvar.h>
#include <sys/systm.h>
@@ -54,7 +55,7 @@
{
int error;
- error = suser(td);
+ error = priv_check(td, PRIV_IO);
if (error != 0)
return (error);
error = securelevel_gt(td->td_ucred, 0);
==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#2 (text+ko) ====
@@ -49,6 +49,7 @@
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/namei.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/reboot.h>
#include <sys/resourcevar.h>
@@ -1011,7 +1012,8 @@
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
+ SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#2 (text+ko) ====
@@ -33,6 +33,7 @@
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/syscallsubr.h>
#include <sys/sysproto.h>
@@ -123,7 +124,8 @@
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
+ SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#2 (text+ko) ====
@@ -45,6 +45,7 @@
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/namei.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/stat.h>
#include <sys/syscallsubr.h>
@@ -279,7 +280,7 @@
goto out;
if (td->td_ucred->cr_uid != vattr.va_uid &&
- (error = suser(td)) != 0)
+ (error = priv_check(td, PRIV_VFS_ADMIN)) != 0)
goto out;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#2 (text+ko) ====
@@ -53,6 +53,7 @@
#include <sys/msg.h>
#include <sys/mutex.h>
#include <sys/namei.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/ptrace.h>
#include <sys/resource.h>
@@ -610,7 +611,7 @@
struct file *fp;
int error, vfslocked;
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0)
return error;
if ((error = getvnode(fdp, uap->fd, &fp)) != 0)
return error;
==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_stat.c#2 (text+ko) ====
@@ -470,14 +470,10 @@
break;
#if defined(WHY_DOES_AN_EMULATOR_WANT_TO_SET_HOSTNAMES)
case SVR4_SI_SET_HOSTNAME:
- if ((error = suser(td)) != 0)
- return error;
name = KERN_HOSTNAME;
return kern_sysctl(&name, 1, 0, 0, uap->buf, rlen, td);
case SVR4_SI_SET_SRPC_DOMAIN:
- if ((error = suser(td)) != 0)
- return error;
name = KERN_NISDOMAINNAME;
return kern_sysctl(&name, 1, 0, 0, uap->buf, rlen, td);
#else
==== //depot/projects/trustedbsd/priv/sys/conf/files#2 (text+ko) ====
@@ -1335,6 +1335,7 @@
kern/kern_physio.c standard
kern/kern_pmc.c standard
kern/kern_poll.c optional device_polling
+kern/kern_priv.c standard
kern/kern_proc.c standard
kern/kern_prot.c standard
kern/kern_resource.c standard
==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cbq.c#2 (text+ko) ====
@@ -1062,7 +1062,9 @@
/* currently only command that an ordinary user can call */
break;
default:
-#if (__FreeBSD_version > 400000)
+#if (__FreeBSD_version > 700000)
+ error = priv_check(p, PRIV_ALTQ_MANAGE);
+#elsif (__FreeBSD_version > 400000)
error = suser(p);
#else
error = suser(p->p_ucred, &p->p_acflag);
==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cdnr.c#2 (text+ko) ====
@@ -1262,7 +1262,9 @@
case CDNR_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
+#if (__FreeBSD_versoin > 700000)
+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
+#elsif (__FreeBSD_version > 400000)
if ((error = suser(p)) != 0)
#else
if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_hfsc.c#2 (text+ko) ====
@@ -1975,7 +1975,10 @@
case HFSC_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
+#if (__FreeBSD_version > 700000)
+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
+ return (error);
+#elsif (__FreeBSD_version > 400000)
if ((error = suser(p)) != 0)
return (error);
#else
==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_priq.c#2 (text+ko) ====
@@ -772,7 +772,10 @@
case PRIQ_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
+#if (__FreeBSD_version > 700000)
+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
+ return (error);
+#elsif (__FreeBSD_version > 400000)
if ((error = suser(p)) != 0)
return (error);
#else
==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_red.c#2 (text+ko) ====
@@ -781,7 +781,9 @@
case RED_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
+#if (__FreeBSD_version > 700000)
+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
+#elsif (__FreeBSD_version > 400000)
if ((error = suser(p)) != 0)
#else
if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_rio.c#2 (text+ko) ====
@@ -531,7 +531,10 @@
case RIO_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
+#if (__FreeBSD_versoin > 700000)
+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
+ return (error);
+#elsif (__FreeBSD_version > 400000)
if ((error = suser(p)) != 0)
return (error);
#else
==== //depot/projects/trustedbsd/priv/sys/contrib/pf/net/if_pfsync.c#2 (text+ko) ====
@@ -54,6 +54,9 @@
#endif
#include <sys/param.h>
+#ifdef __FreeBSD__
+#include <sys/priv.h>
+#endif
#include <sys/proc.h>
#include <sys/systm.h>
#include <sys/time.h>
@@ -1057,7 +1060,7 @@
break;
case SIOCSETPFSYNC:
#ifdef __FreeBSD__
- if ((error = suser(curthread)) != 0)
+ if ((error = priv_check(curthread, PRIV_NETINET_PF)) != 0)
#else
if ((error = suser(p, p->p_acflag)) != 0)
#endif
==== //depot/projects/trustedbsd/priv/sys/dev/an/if_an.c#2 (text+ko) ====
@@ -92,6 +92,7 @@
#include <sys/systm.h>
#include <sys/sockio.h>
#include <sys/mbuf.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/kernel.h>
#include <sys/socket.h>
@@ -1920,7 +1921,7 @@
break;
#ifdef ANCACHE
if (sc->areq.an_type == AN_RID_ZERO_CACHE) {
- error = suser(td);
+ error = priv_check(td, PRIV_DRIVER);
if (error)
break;
sc->an_sigitems = sc->an_nextitem = 0;
@@ -1944,7 +1945,7 @@
error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq));
break;
case SIOCSAIRONET:
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_DRIVER)))
goto out;
error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq));
if (error != 0)
@@ -1952,7 +1953,7 @@
an_setdef(sc, &sc->areq);
break;
case SIOCGPRIVATE_0: /* used by Cisco client utility */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_DRIVER)))
goto out;
error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
if (error)
@@ -1974,7 +1975,7 @@
}
break;
case SIOCGPRIVATE_1: /* used by Cisco client utility */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_DRIVER)))
goto out;
error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
if (error)
@@ -2226,7 +2227,7 @@
}
break;
case SIOCS80211:
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_NET80211_MANAGE)))
goto out;
sc->areq.an_len = sizeof(sc->areq);
/*
==== //depot/projects/trustedbsd/priv/sys/dev/arl/if_arl.c#2 (text+ko) ====
@@ -43,6 +43,7 @@
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/sockio.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/conf.h>
@@ -504,7 +505,7 @@
break;
case SIOCS80211:
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_NET80211_MANAGE)))
break;
switch (ireq->i_type) {
case IEEE80211_IOC_SSID:
@@ -577,7 +578,7 @@
}
case SIOCGARLALL:
bzero(&arlan_io, sizeof(arlan_io));
- if (!suser(td)) {
+ if (!priv_check(td, PRIV_DRIVER)) {
bcopy(ar->systemId, arlan_io.cfg.sid, 4);
}
@@ -616,7 +617,7 @@
} while (0)
case SIOCSARLALL:
- if (suser(td))
+ if (priv_check(td, PRIV_DRIVER))
break;
user = (void *)ifr->ifr_data;
==== //depot/projects/trustedbsd/priv/sys/dev/asr/asr.c#2 (text+ko) ====
@@ -117,6 +117,7 @@
#include <sys/malloc.h>
#include <sys/conf.h>
#include <sys/ioccom.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/bus.h>
#include <machine/resource.h>
@@ -3114,7 +3115,7 @@
s = splcam ();
if (ASR_ctlr_held) {
error = EBUSY;
- } else if ((error = suser(td)) == 0) {
+ } else if ((error = priv_check(td, PRIV_DRIVER)) == 0) {
++ASR_ctlr_held;
}
splx(s);
==== //depot/projects/trustedbsd/priv/sys/dev/ata/atapi-cd.c#2 (text+ko) ====
@@ -34,6 +34,7 @@
#include <sys/kernel.h>
#include <sys/module.h>
#include <sys/malloc.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/bio.h>
#include <sys/bus.h>
@@ -257,8 +258,11 @@
cdp->flags |= F_LOCKED;
break;
+ /*
+ * XXXRW: Why does this require privilege?
+ */
case CDIOCRESET:
- error = suser(td);
+ error = priv_check(td, PRIV_DRIVER);
if (error)
break;
error = acd_test_ready(dev);
==== //depot/projects/trustedbsd/priv/sys/dev/ce/if_ce.c#2 (text+ko) ====
@@ -29,6 +29,7 @@
#if NPCI > 0
#include <sys/ucred.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
@@ -1341,9 +1342,11 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
-#else /* __FreeBSD_version >= 500000 */
+#elsif __FreeBSD_version < 700000
error = suser (td);
-#endif /* __FreeBSD_version >= 500000 */
+#else
+ error = priv_check (td, PRIV_DRIVER);
+#endif
if (error)
return error;
#if __FreeBSD_version >= 600034
@@ -1380,8 +1383,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1408,8 +1413,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1426,8 +1433,10 @@
CE_DEBUG2 (d, ("ioctl: setcfg\n"));
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1526,8 +1535,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1560,8 +1571,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1586,8 +1599,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1608,8 +1623,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1634,8 +1651,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1658,8 +1677,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1686,8 +1707,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1708,8 +1731,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1734,8 +1759,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1758,8 +1785,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1784,8 +1813,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1810,8 +1841,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1836,8 +1869,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1867,8 +1902,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1892,8 +1929,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1909,8 +1948,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
@@ -1945,8 +1986,10 @@
/* Only for superuser! */
#if __FreeBSD_version < 500000
error = suser (p);
+#elsif __FreeBSD_version < 700000
+ error = suser (td);
#else
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
#endif
if (error)
return error;
==== //depot/projects/trustedbsd/priv/sys/dev/cp/if_cp.c#2 (text+ko) ====
@@ -33,6 +33,7 @@
#include <sys/module.h>
#include <sys/conf.h>
#include <sys/malloc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/sockio.h>
#include <sys/sysctl.h>
@@ -1071,7 +1072,7 @@
case SERIAL_SETPROTO:
CP_DEBUG2 (d, ("ioctl: setproto\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (d->ifp->if_drv_flags & IFF_DRV_RUNNING)
@@ -1102,7 +1103,7 @@
case SERIAL_SETKEEPALIVE:
CP_DEBUG2 (d, ("ioctl: setkeepalive\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if ((IFP2SP(d->ifp)->pp_flags & PP_FR) ||
@@ -1126,7 +1127,7 @@
case SERIAL_SETMODE:
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (*(int*)data != SERIAL_HDLC)
@@ -1142,7 +1143,7 @@
case SERIAL_SETCFG:
CP_DEBUG2 (d, ("ioctl: setcfg\n"));
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_E1)
@@ -1239,7 +1240,7 @@
case SERIAL_CLRSTAT:
CP_DEBUG2 (d, ("ioctl: clrstat\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
c->rintr = 0;
@@ -1268,7 +1269,7 @@
case SERIAL_SETBAUD:
CP_DEBUG2 (d, ("ioctl: setbaud\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
s = splimp ();
@@ -1286,7 +1287,7 @@
case SERIAL_SETLOOP:
CP_DEBUG2 (d, ("ioctl: setloop\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
s = splimp ();
@@ -1306,7 +1307,7 @@
case SERIAL_SETDPLL:
CP_DEBUG2 (d, ("ioctl: setdpll\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_SERIAL)
@@ -1328,7 +1329,7 @@
case SERIAL_SETNRZI:
CP_DEBUG2 (d, ("ioctl: setnrzi\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_SERIAL)
@@ -1348,7 +1349,7 @@
case SERIAL_SETDEBUG:
CP_DEBUG2 (d, ("ioctl: setdebug\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
d->chan->debug = *(int*)data;
@@ -1370,7 +1371,7 @@
case SERIAL_SETHIGAIN:
CP_DEBUG2 (d, ("ioctl: sethigain\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_E1)
@@ -1392,7 +1393,7 @@
case SERIAL_SETPHONY:
CP_DEBUG2 (d, ("ioctl: setphony\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_E1)
@@ -1414,7 +1415,7 @@
case SERIAL_SETUNFRAM:
CP_DEBUG2 (d, ("ioctl: setunfram\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_E1)
@@ -1436,7 +1437,7 @@
case SERIAL_SETSCRAMBLER:
CP_DEBUG2 (d, ("ioctl: setscrambler\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_G703 && !c->unfram)
@@ -1461,7 +1462,7 @@
case SERIAL_SETMONITOR:
CP_DEBUG2 (d, ("ioctl: setmonitor\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_E1)
@@ -1483,7 +1484,7 @@
case SERIAL_SETUSE16:
CP_DEBUG2 (d, ("ioctl: setuse16\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_E1)
@@ -1505,7 +1506,7 @@
case SERIAL_SETCRC4:
CP_DEBUG2 (d, ("ioctl: setcrc4\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_E1)
@@ -1538,7 +1539,7 @@
case SERIAL_SETCLK:
CP_DEBUG2 (d, ("ioctl: setclk\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if (c->type != T_E1 &&
@@ -1571,7 +1572,7 @@
case SERIAL_SETTIMESLOTS:
CP_DEBUG2 (d, ("ioctl: settimeslots\n"));
/* Only for superuser! */
- error = suser (td);
+ error = priv_check (td, PRIV_DRIVER);
if (error)
return error;
if ((c->type != T_E1 || c->unfram) && c->type != T_DATA)
@@ -1597,7 +1598,7 @@
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list