kern/63096: [patch] MAC entry point for route manipulation

Thu Feb 19 16:40:24 PST 2004

>Number:         63096
>Category:       kern
>Synopsis:       [patch] MAC entry point for route manipulation
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 19 16:40:23 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Christian S.J. Peron
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD  5.2-CURRENT FreeBSD 5.2-CURRENT #11: Thu Feb 19 05:26:09 GMT 2004     cperon@:/usr/src/sys/i386/compile/ROUTER  i386 


	
>Description:
	Currently there is no way to restrict routing table manipulation from
	userspace using the MAC framework.

	I think it would be beneficial to have this functionality
	I have tested this is a static environment, meaning the routes
	on this box did not change on a regular basis.

	The following patch(s) define a hook which is invoked by 
	rt_output() in rtsock.c for the MAC framework.

How-To-Repeat:
	N/A
>How-To-Repeat:
>Fix:

--- sys/sys/mac.h.bak	Thu Feb 19 03:44:47 2004
+++ sys/sys/mac.h	Thu Feb 19 03:44:02 2004
@@ -278,6 +278,7 @@
 int	mac_check_system_acct(struct ucred *cred, struct vnode *vp);
 int	mac_check_system_nfsd(struct ucred *cred);
 int	mac_check_system_reboot(struct ucred *cred, int howto);
+int	mac_check_system_route_alter(struct ucred *cred);
 int	mac_check_system_settime(struct ucred *cred);
 int	mac_check_system_swapon(struct ucred *cred, struct vnode *vp);
 int	mac_check_system_swapoff(struct ucred *cred, struct vnode *vp);
--- sys/sys/mac_policy.h.bak	Thu Feb 19 03:45:32 2004
+++ sys/sys/mac_policy.h	Thu Feb 19 16:35:12 2004
@@ -356,6 +356,7 @@
 		    struct vnode *vp, struct label *vlabel);
 	int	(*mpo_check_system_nfsd)(struct ucred *cred);
 	int	(*mpo_check_system_reboot)(struct ucred *cred, int howto);
+	int	(*mpo_check_system_route_alter)(struct ucred *cred);
 	int	(*mpo_check_system_settime)(struct ucred *cred);
 	int	(*mpo_check_system_swapon)(struct ucred *cred,
 		    struct vnode *vp, struct label *label);
--- sys/security/mac/mac_system.c.bak	Thu Feb 19 01:17:26 2004
+++ sys/security/mac/mac_system.c	Thu Feb 19 16:31:13 2004
@@ -152,6 +152,19 @@
 }
 
 int
+mac_check_system_route_alter(struct ucred *cred)
+{
+	int error;
+
+	if (!mac_enforce_system)
+		return (0);
+
+	MAC_CHECK(check_system_route_alter, cred);
+
+	return(error);
+}
+
+int
 mac_check_sysarch_ioperm(struct ucred *cred)
 {
 	int error;
--- sys/net/rtsock.c.orig	Thu Nov 20 20:07:37 2003
+++ sys/net/rtsock.c	Thu Feb 19 16:33:10 2004
@@ -38,6 +38,7 @@
 #include <sys/domain.h>
 #include <sys/kernel.h>
 #include <sys/jail.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/proc.h>
@@ -52,6 +53,8 @@
 #include <net/raw_cb.h>
 #include <net/route.h>
 
+#include "opt_mac.h"
+
 MALLOC_DEFINE(M_RTABLE, "routetbl", "routing tables");
 
 /* NB: these are not modified */
@@ -343,6 +346,12 @@
 	 */
 	if (rtm->rtm_type != RTM_GET && (error = suser(curthread)) != 0)
 		senderr(error);
+
+#ifdef MAC
+	error = mac_check_system_route_alter(curthread->td_ucred);
+	if (error)
+		return(error);
+#endif
 
 	switch (rtm->rtm_type) {
 		struct rtentry *saved_nrt;
>Release-Note:
>Audit-Trail:
>Unformatted:
