PERFORCE change 120663 for review
Robert Watson
rwatson at FreeBSD.org
Thu May 31 14:05:57 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=120663
Change 120663 by rwatson at rwatson_zoo on 2007/05/31 14:05:34
Start process of removing SUSER_ALLOWJAIL flag.
Affected files ...
.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#14 edit
.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#5 edit
.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#6 edit
.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#7 edit
.. //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_vnops.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vnops.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vnops.c#6 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_exec.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_fork.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_ktrace.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_prot.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_resource.c#12 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#7 edit
.. //depot/projects/trustedbsd/priv/sys/kern/subr_acl_posix1e.c#4 edit
.. //depot/projects/trustedbsd/priv/sys/kern/sysv_ipc.c#6 edit
.. //depot/projects/trustedbsd/priv/sys/kern/sysv_msg.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/kern/uipc_mqueue.c#12 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_mount.c#14 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_subr.c#13 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_syscalls.c#13 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/in_pcb.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/raw_ip.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/sctp_pcb.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/sctp_usrreq.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/tcp_subr.c#13 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/udp_usrreq.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_pcb.c#6 edit
.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_src.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_portacl/mac_portacl.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_seeotheruids/mac_seeotheruids.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_alloc.c#7 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vnops.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_vnops.c#9 edit
Differences ...
==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#14 (text+ko) ====
@@ -1077,8 +1077,7 @@
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
- SUSER_ALLOWJAIL)) != 0) {
+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#5 (text+ko) ====
@@ -124,8 +124,7 @@
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
- SUSER_ALLOWJAIL)) != 0) {
+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#6 (text+ko) ====
@@ -281,8 +281,7 @@
goto out;
if (td->td_ucred->cr_uid != vattr.va_uid &&
- (error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check(td, PRIV_VFS_ADMIN)) != 0)
goto out;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#7 (text+ko) ====
@@ -612,8 +612,7 @@
struct file *fp;
int error, vfslocked;
- if ((error = priv_check_cred(td->td_ucred, PRIV_VFS_FCHROOT,
- SUSER_ALLOWJAIL)) != 0)
+ if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0)
return error;
if ((error = getvnode(fdp, uap->fd, &fp)) != 0)
return error;
==== //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_vnops.c#9 (text+ko) ====
@@ -1168,7 +1168,7 @@
if ((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
(gid != de->de_gid && !groupmember(gid, ap->a_cred))) {
error = priv_check_cred(ap->a_td->td_ucred,
- PRIV_VFS_CHOWN, SUSER_ALLOWJAIL);
+ PRIV_VFS_CHOWN, 0);
if (error)
return (error);
}
@@ -1180,7 +1180,7 @@
if (vap->va_mode != (mode_t)VNOVAL) {
if (ap->a_cred->cr_uid != de->de_uid) {
error = priv_check_cred(ap->a_td->td_ucred,
- PRIV_VFS_ADMIN, SUSER_ALLOWJAIL);
+ PRIV_VFS_ADMIN, 0);
if (error)
return (error);
}
==== //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vnops.c#9 (text+ko) ====
@@ -408,8 +408,7 @@
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid) {
- error = priv_check_cred(cred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
if (error)
return (error);
}
@@ -426,8 +425,7 @@
* sensible filesystem attempts it a lot.
*/
if (vap->va_flags & SF_SETTABLE) {
- error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0);
if (error)
return (error);
}
@@ -454,8 +452,7 @@
gid = pmp->pm_gid;
if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
(gid != pmp->pm_gid && !groupmember(gid, cred))) {
- error = priv_check_cred(cred, PRIV_VFS_CHOWN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
if (error)
return (error);
}
@@ -520,8 +517,7 @@
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid) {
- error = priv_check_cred(cred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
if (error)
return (error);
}
==== //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#10 (text+ko) ====
@@ -115,7 +115,7 @@
* are missing.
*/
error = priv_check_cred(td->td_ucred,
- PRIV_DEBUG_SUGID, SUSER_ALLOWJAIL);
+ PRIV_DEBUG_SUGID, 0);
if (error)
break;
}
==== //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vnops.c#6 (text+ko) ====
@@ -415,8 +415,7 @@
* Privileged non-jail processes may not modify system flags
* if securelevel > 0 and any existing system flags are set.
*/
- if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
- SUSER_ALLOWJAIL)) {
+ if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
if (ip->i_flags
& (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
error = securelevel_gt(cred, 0);
@@ -535,14 +534,12 @@
* process is not a member of.
*/
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
- error = priv_check_cred(cred, PRIV_VFS_STICKYFILE,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0);
if (error)
return (EFTYPE);
}
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
- error = priv_check_cred(cred, PRIV_VFS_SETGID,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
if (error)
return (error);
}
@@ -586,8 +583,7 @@
*/
if (uid != ip->i_uid || (gid != ip->i_gid &&
!groupmember(gid, cred))) {
- error = priv_check_cred(cred, PRIV_VFS_CHOWN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
if (error)
return (error);
}
@@ -597,8 +593,7 @@
ip->i_uid = uid;
ip->i_flag |= IN_CHANGE;
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
- if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL) != 0)
+ if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0) != 0)
ip->i_mode &= ~(ISUID | ISGID);
}
return (0);
@@ -1648,8 +1643,7 @@
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
ip->i_nlink = 1;
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) {
- if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL))
+ if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, 0))
ip->i_mode &= ~ISGID;
}
==== //depot/projects/trustedbsd/priv/sys/kern/kern_exec.c#8 (text+ko) ====
@@ -567,8 +567,7 @@
#ifdef KTRACE
if (p->p_tracevp != NULL &&
- priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED,
- SUSER_ALLOWJAIL)) {
+ priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED, 0)) {
mtx_lock(&ktrace_mtx);
p->p_traceflag = 0;
tracevp = p->p_tracevp;
==== //depot/projects/trustedbsd/priv/sys/kern/kern_fork.c#10 (text+ko) ====
@@ -309,8 +309,7 @@
*
* XXXRW: Can we avoid privilege here if it's not needed?
*/
- error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID |
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID);
if (error == 0)
ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0);
else {
==== //depot/projects/trustedbsd/priv/sys/kern/kern_ktrace.c#9 (text+ko) ====
@@ -793,8 +793,7 @@
p->p_tracecred = crhold(td->td_ucred);
}
p->p_traceflag |= facs;
- if (priv_check_cred(td->td_ucred, PRIV_KTRACE,
- SUSER_ALLOWJAIL) == 0)
+ if (priv_check(td, PRIV_KTRACE) == 0)
p->p_traceflag |= KTRFAC_ROOT;
} else {
/* KTROP_CLEAR */
@@ -1000,7 +999,7 @@
PROC_LOCK_ASSERT(targetp, MA_OWNED);
if (targetp->p_traceflag & KTRFAC_ROOT &&
- priv_check_cred(td->td_ucred, PRIV_KTRACE, SUSER_ALLOWJAIL))
+ priv_check(td, PRIV_KTRACE))
return (0);
if (p_candebug(td, targetp) != 0)
==== //depot/projects/trustedbsd/priv/sys/kern/kern_prot.c#8 (text+ko) ====
@@ -511,8 +511,7 @@
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
uid != oldcred->cr_uid && /* allow setuid(geteuid()) */
#endif
- (error = priv_check_cred(oldcred, PRIV_CRED_SETUID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETUID, 0)) != 0)
goto fail;
/*
@@ -529,7 +528,7 @@
uid == oldcred->cr_uid ||
#endif
/* We are using privs. */
- priv_check_cred(oldcred, PRIV_CRED_SETUID, SUSER_ALLOWJAIL) == 0)
+ priv_check_cred(oldcred, PRIV_CRED_SETUID, 0) == 0)
#endif
{
/*
@@ -602,8 +601,7 @@
if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */
euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */
- (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0)
goto fail;
/*
@@ -672,8 +670,7 @@
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
#endif
- (error = priv_check_cred(oldcred, PRIV_CRED_SETGID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -687,7 +684,7 @@
gid == oldcred->cr_groups[0] ||
#endif
/* We are using privs. */
- priv_check_cred(oldcred, PRIV_CRED_SETGID, SUSER_ALLOWJAIL) == 0)
+ priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0)
#endif
{
/*
@@ -756,8 +753,7 @@
if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */
egid != oldcred->cr_svgid && /* allow setegid(saved gid) */
- (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -817,8 +813,7 @@
goto fail;
#endif
- error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0);
if (error)
goto fail;
@@ -887,8 +882,7 @@
ruid != oldcred->cr_svuid) ||
(euid != (uid_t)-1 && euid != oldcred->cr_uid &&
euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -953,8 +947,7 @@
rgid != oldcred->cr_svgid) ||
(egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -1030,8 +1023,7 @@
(suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
suid != oldcred->cr_svuid &&
suid != oldcred->cr_uid)) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -1108,8 +1100,7 @@
(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
sgid != oldcred->cr_svgid &&
sgid != oldcred->cr_groups[0])) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -1317,8 +1308,7 @@
{
if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
- if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL)
- != 0)
+ if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) != 0)
return (ESRCH);
}
return (0);
@@ -1357,8 +1347,7 @@
break;
}
if (!match) {
- if (priv_check_cred(u1, PRIV_SEEOTHERGIDS,
- SUSER_ALLOWJAIL) != 0)
+ if (priv_check_cred(u1, PRIV_SEEOTHERGIDS, 0) != 0)
return (ESRCH);
}
}
@@ -1475,8 +1464,7 @@
break;
default:
/* Not permitted without privilege. */
- error = priv_check_cred(cred, PRIV_SIGNAL_SUGID,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_SIGNAL_SUGID, 0);
if (error)
return (error);
}
@@ -1490,9 +1478,7 @@
cred->cr_ruid != proc->p_ucred->cr_svuid &&
cred->cr_uid != proc->p_ucred->cr_ruid &&
cred->cr_uid != proc->p_ucred->cr_svuid) {
- /* Not permitted without privilege. */
- error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED, 0);
if (error)
return (error);
}
@@ -1570,8 +1556,7 @@
return (error);
if (td->td_ucred->cr_ruid != p->p_ucred->cr_ruid &&
td->td_ucred->cr_uid != p->p_ucred->cr_ruid) {
- error = priv_check_cred(td->td_ucred, PRIV_SCHED_DIFFCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_SCHED_DIFFCRED);
if (error)
return (error);
}
@@ -1610,8 +1595,7 @@
KASSERT(td == curthread, ("%s: td not curthread", __func__));
PROC_LOCK_ASSERT(p, MA_OWNED);
if (!unprivileged_proc_debug) {
- error = priv_check_cred(td->td_ucred, PRIV_DEBUG_UNPRIV,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_DEBUG_UNPRIV);
if (error)
return (error);
}
@@ -1662,15 +1646,13 @@
* for td to debug p.
*/
if (!grpsubset || !uidsubset) {
- error = priv_check_cred(td->td_ucred, PRIV_DEBUG_DIFFCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_DEBUG_DIFFCRED);
if (error)
return (error);
}
if (credentialchanged) {
- error = priv_check_cred(td->td_ucred, PRIV_DEBUG_SUGID,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_DEBUG_SUGID);
if (error)
return (error);
}
@@ -1931,8 +1913,7 @@
int error;
char logintmp[MAXLOGNAME];
- error = priv_check_cred(td->td_ucred, PRIV_PROC_SETLOGIN,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_PROC_SETLOGIN);
if (error)
return (error);
error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL);
==== //depot/projects/trustedbsd/priv/sys/kern/kern_resource.c#12 (text+ko) ====
@@ -650,8 +650,7 @@
alimp = &oldlim->pl_rlimit[which];
if (limp->rlim_cur > alimp->rlim_max ||
limp->rlim_max > alimp->rlim_max)
- if ((error = priv_check_cred(td->td_ucred,
- PRIV_PROC_SETRLIMIT, SUSER_ALLOWJAIL))) {
+ if ((error = priv_check(td, PRIV_PROC_SETRLIMIT))) {
PROC_UNLOCK(p);
lim_free(newlim);
return (error);
==== //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#7 (text+ko) ====
@@ -1255,8 +1255,7 @@
/* Is this sysctl writable by only privileged users? */
if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
if (oid->oid_kind & CTLFLAG_PRISON)
- error = priv_check_cred(req->td->td_ucred,
- PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
else
error = priv_check(req->td, PRIV_SYSCTL_WRITE);
if (error)
==== //depot/projects/trustedbsd/priv/sys/kern/subr_acl_posix1e.c#4 (text+ko) ====
@@ -82,24 +82,22 @@
if (type == VDIR) {
if ((acc_mode & VEXEC) && !priv_check_cred(cred,
- PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL))
+ PRIV_VFS_LOOKUP, 0))
priv_granted |= VEXEC;
} else {
if ((acc_mode & VEXEC) && !priv_check_cred(cred,
- PRIV_VFS_EXEC, SUSER_ALLOWJAIL))
+ PRIV_VFS_EXEC, 0))
priv_granted |= VEXEC;
}
- if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ,
- SUSER_ALLOWJAIL))
+ if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0))
priv_granted |= VREAD;
if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) &&
- !priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
priv_granted |= (VWRITE | VAPPEND);
- if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL))
+ if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
priv_granted |= VADMIN;
/*
==== //depot/projects/trustedbsd/priv/sys/kern/sysv_ipc.c#6 (text+ko) ====
@@ -125,22 +125,19 @@
*/
priv_granted = 0;
if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) {
- error = priv_check_cred(td->td_ucred, PRIV_IPC_ADMIN,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_IPC_ADMIN);
if (error == 0)
priv_granted |= IPC_M;
}
if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) {
- error = priv_check_cred(td->td_ucred, PRIV_IPC_READ,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_IPC_READ);
if (error == 0)
priv_granted |= IPC_R;
}
if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) {
- error = priv_check_cred(td->td_ucred, PRIV_IPC_WRITE,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_IPC_WRITE);
if (error == 0)
priv_granted |= IPC_W;
}
==== //depot/projects/trustedbsd/priv/sys/kern/sysv_msg.c#10 (text+ko) ====
@@ -502,8 +502,7 @@
if ((error = ipcperm(td, &msqkptr->u.msg_perm, IPC_M)))
goto done2;
if (msqbuf->msg_qbytes > msqkptr->u.msg_qbytes) {
- error = priv_check_cred(td->td_ucred,
- PRIV_IPC_MSGSIZE, SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_IPC_MSGSIZE);
if (error)
goto done2;
}
==== //depot/projects/trustedbsd/priv/sys/kern/uipc_mqueue.c#12 (text+ko) ====
@@ -961,8 +961,7 @@
sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
if (ucred->cr_uid != pn->mn_uid &&
- (error = priv_check_cred(ucred, PRIV_MQ_ADMIN,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0)
error = EACCES;
else if (!pn->mn_deleted) {
parent = pn->mn_parent;
@@ -1221,8 +1220,7 @@
*/
if (((ap->a_cred->cr_uid != pn->mn_uid) || uid != pn->mn_uid ||
(gid != pn->mn_gid && !groupmember(gid, ap->a_cred))) &&
- (error = priv_check_cred(ap->a_td->td_ucred,
- PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check(ap->a_td, PRIV_MQ_ADMIN)) != 0)
return (error);
pn->mn_uid = uid;
pn->mn_gid = gid;
@@ -1231,8 +1229,7 @@
if (vap->va_mode != (mode_t)VNOVAL) {
if ((ap->a_cred->cr_uid != pn->mn_uid) &&
- (error = priv_check_cred(ap->a_td->td_ucred,
- PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)))
+ (error = priv_check(ap->a_td, PRIV_MQ_ADMIN)))
return (error);
pn->mn_mode = vap->va_mode;
c = 1;
==== //depot/projects/trustedbsd/priv/sys/kern/vfs_mount.c#14 (text+ko) ====
@@ -918,7 +918,7 @@
}
if (va.va_uid != td->td_ucred->cr_uid) {
error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL);
+ 0);
if (error) {
vput(vp);
return (error);
==== //depot/projects/trustedbsd/priv/sys/kern/vfs_subr.c#13 (text+ko) ====
@@ -3300,24 +3300,24 @@
* requests, instead of PRIV_VFS_EXEC.
*/
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0))
priv_granted |= VEXEC;
} else {
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_EXEC, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
priv_granted |= VEXEC;
}
if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_READ, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_READ, 0))
priv_granted |= VREAD;
if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
priv_granted |= (VWRITE | VAPPEND);
if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
priv_granted |= VADMIN;
if ((acc_mode & (priv_granted | dac_granted)) == acc_mode) {
==== //depot/projects/trustedbsd/priv/sys/kern/vfs_syscalls.c#13 (text+ko) ====
@@ -837,8 +837,7 @@
struct nameidata nd;
int vfslocked;
- error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_CHROOT);
if (error)
return (error);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
@@ -1379,15 +1378,13 @@
return (error);
if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
- error = priv_check_cred(cred, PRIV_VFS_LINK,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
if (error)
return (error);
}
if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
- error = priv_check_cred(cred, PRIV_VFS_LINK,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
if (error)
return (error);
}
@@ -2349,8 +2346,7 @@
* chown can't fail when done as root.
*/
if (vp->v_type == VCHR || vp->v_type == VBLK) {
- error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
if (error)
return (error);
}
@@ -3852,8 +3848,7 @@
if (error)
goto out;
if (td->td_ucred->cr_uid != vattr.va_uid) {
- error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_ADMIN);
if (error)
goto out;
}
==== //depot/projects/trustedbsd/priv/sys/netinet/in_pcb.c#10 (text+ko) ====
@@ -340,13 +340,13 @@
if (ntohs(lport) <= ipport_reservedhigh &&
ntohs(lport) >= ipport_reservedlow &&
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL))
+ 0))
return (EACCES);
if (jailed(cred))
prison = 1;
if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
priv_check_cred(so->so_cred,
- PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) {
+ PRIV_NETINET_REUSEPORT, 0) != 0) {
t = in_pcblookup_local(inp->inp_pcbinfo,
sin->sin_addr, lport,
prison ? 0 : INPLOOKUP_WILDCARD);
@@ -411,7 +411,7 @@
lastport = &pcbinfo->ipi_lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
error = priv_check_cred(cred,
- PRIV_NETINET_RESERVEDPORT, SUSER_ALLOWJAIL);
+ PRIV_NETINET_RESERVEDPORT, 0);
if (error)
return error;
first = ipport_lowfirstauto; /* 1023 */
==== //depot/projects/trustedbsd/priv/sys/netinet/raw_ip.c#10 (text+ko) ====
@@ -607,13 +607,8 @@
inp = sotoinpcb(so);
KASSERT(inp == NULL, ("rip_attach: inp != NULL"));
- /*
- * XXXRW: Centralize privilege decision in kern_jail.c.
- */
- if (jailed(td->td_ucred) && !jail_allow_raw_sockets)
- return (EPERM);
- error = priv_check_cred(td->td_ucred, PRIV_NETINET_RAW,
- SUSER_ALLOWJAIL);
+
+ error = priv_check(td, PRIV_NETINET_RAW);
if (error)
return error;
if (proto >= IPPROTO_MAX || proto < 0)
==== //depot/projects/trustedbsd/priv/sys/netinet/sctp_pcb.c#8 (text+ko) ====
@@ -2120,10 +2120,7 @@
/* got to be root to get at low ports */
if (ntohs(lport) < IPPORT_RESERVED) {
if (p && (error =
- priv_check_cred(p->td_ucred,
- PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL
- )
+ priv_check(p, PRIV_NETINET_RESERVEDPORT)
)) {
SCTP_INP_DECR_REF(inp);
SCTP_INP_WUNLOCK(inp);
==== //depot/projects/trustedbsd/priv/sys/netinet/sctp_usrreq.c#8 (text+ko) ====
@@ -385,13 +385,8 @@
/* FIX, for non-bsd is this right? */
vrf_id = SCTP_DEFAULT_VRFID;
- /*
- * XXXRW: Other instances of getcred use SUSER_ALLOWJAIL, as socket
- * visibility is scoped using cr_canseesocket(), which it is not
- * here.
- */
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
+
if (error)
return (error);
@@ -3302,9 +3297,8 @@
{
union sctp_sockstore *ss;
- error = priv_check_cred(curthread->td_ucred,
- PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL);
+ error = priv_check(curthread,
+ PRIV_NETINET_RESERVEDPORT);
if (error)
break;
==== //depot/projects/trustedbsd/priv/sys/netinet/tcp_subr.c#13 (text+ko) ====
@@ -1019,8 +1019,7 @@
struct inpcb *inp;
int error;
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
@@ -1064,8 +1063,7 @@
struct inpcb *inp;
int error, mapped = 0;
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
==== //depot/projects/trustedbsd/priv/sys/netinet/udp_usrreq.c#9 (text+ko) ====
@@ -696,8 +696,7 @@
struct inpcb *inp;
int error;
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
==== //depot/projects/trustedbsd/priv/sys/netinet6/in6_pcb.c#6 (text+ko) ====
@@ -192,11 +192,11 @@
if (ntohs(lport) <= ipport_reservedhigh &&
ntohs(lport) >= ipport_reservedlow &&
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL))
+ 0))
return (EACCES);
if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) &&
priv_check_cred(so->so_cred,
- PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) {
+ PRIV_NETINET_REUSEPORT, 0) != 0) {
t = in6_pcblookup_local(pcbinfo,
&sin6->sin6_addr, lport,
INPLOOKUP_WILDCARD);
==== //depot/projects/trustedbsd/priv/sys/netinet6/in6_src.c#8 (text+ko) ====
@@ -775,8 +775,7 @@
last = ipport_hilastauto;
lastport = &pcbinfo->ipi_lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
- error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
if (error)
return error;
first = ipport_lowfirstauto; /* 1023 */
==== //depot/projects/trustedbsd/priv/sys/security/mac_portacl/mac_portacl.c#10 (text+ko) ====
@@ -419,8 +419,7 @@
mtx_unlock(&rule_mtx);
if (error != 0 && mac_portacl_suser_exempt != 0)
- error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
return (error);
}
==== //depot/projects/trustedbsd/priv/sys/security/mac_seeotheruids/mac_seeotheruids.c#10 (text+ko) ====
@@ -114,8 +114,7 @@
return (0);
if (suser_privileged) {
- if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL)
- == 0)
+ if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, 0) == 0)
return (0);
}
==== //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_alloc.c#7 (text+ko) ====
@@ -173,7 +173,7 @@
#endif
if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
goto nospace;
- if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) &&
+ if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) &&
freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0)
goto nospace;
if (bpref >= fs->fs_size)
@@ -268,7 +268,7 @@
#endif /* DIAGNOSTIC */
reclaimed = 0;
retry:
- if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) &&
+ if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) &&
freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) {
goto nospace;
}
==== //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vnops.c#9 (text+ko) ====
@@ -790,8 +790,7 @@
*/
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
ap->a_cred) {
- if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL)) {
+ if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0)) {
ip->i_mode &= ~(ISUID | ISGID);
DIP_SET(ip, i_mode, ip->i_mode);
}
@@ -1121,8 +1120,7 @@
* tampering.
*/
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) {
- if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL)) {
+ if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, 0)) {
ip->i_mode &= ~(ISUID | ISGID);
dp->di_mode = ip->i_mode;
}
==== //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#10 (text+ko) ====
@@ -515,7 +515,7 @@
int error, flags, vfslocked;
struct nameidata nd;
- error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, 0);
+ error = priv_check(td, PRIV_UFS_QUOTAON);
if (error)
return (error);
@@ -747,10 +747,7 @@
struct ufsmount *ump;
int error;
- /*
- * XXXRW: This also seems wrong to allow in a jail?
- */
- error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, 0);
+ error = priv_check(td, PRIV_UFS_QUOTAOFF);
if (error)
return (error);
@@ -783,8 +780,7 @@
switch (type) {
case USRQUOTA:
if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) {
- error = priv_check_cred(td->td_ucred,
- PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_GETQUOTA);
if (error)
return (error);
}
@@ -793,8 +789,7 @@
case GRPQUOTA:
if (!groupmember(id, td->td_ucred) &&
!unprivileged_get_quota) {
- error = priv_check_cred(td->td_ucred,
- PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_GETQUOTA);
if (error)
return (error);
}
@@ -830,8 +825,7 @@
struct dqblk newlim;
int error;
- error = priv_check_cred(td->td_ucred, PRIV_VFS_SETQUOTA,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_SETQUOTA);
if (error)
return (error);
@@ -901,7 +895,7 @@
struct dqblk usage;
int error;
- error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, 0);
+ error = priv_check(td, PRIV_UFS_SETUSE);
if (error)
return (error);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list