PERFORCE change 133870 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=133870

Change 133870 by rwatson at rwatson_freebsd_capabilities on 2008/01/22 16:28:22

	Don't allow sysctl read or write access in capability mode unless
	nodes have been specifically marked as available.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_sysctl.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/sysctl.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_sysctl.c#2 (text+ko) ====

@@ -38,10 +38,12 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD: src/sys/kern/kern_sysctl.c,v 1.179 2007/11/30 21:29:08 peter Exp $");
 
+#include "opt_capabilities.h"
 #include "opt_compat.h"
 #include "opt_mac.h"
 
 #include <sys/param.h>
+#include <sys/capability.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/sysctl.h>
@@ -1288,6 +1290,19 @@
 
 	KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL"));
 
+#ifdef CAPABILITIES
+	/*
+	 * If the process is in capability mode, then don't permit reading or
+	 * writing unless specifically granted for the node.
+	 */
+	if (req->td->td_ucred->cr_flags & CRED_FLAG_CAPMODE) {
+		if (req->oldptr && !(oid->oid_kind & CTLFLAG_CAPRD))
+			return (EPERM);
+		if (req->newptr && !(oid->oid_kind & CTLFLAG_CAPWR))
+			return (EPERM);
+	}
+#endif
+
 	/* Is this sysctl sensitive to securelevels? */
 	if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) {
 		lvl = (oid->oid_kind & CTLMASK_SECURE) >> CTLSHIFT_SECURE;

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/sysctl.h#2 (text+ko) ====

@@ -85,6 +85,8 @@
 #define CTLMASK_SECURE	0x00F00000	/* Secure level */
 #define CTLFLAG_TUN	0x00080000	/* Tunable variable */
 #define CTLFLAG_RDTUN	(CTLFLAG_RD|CTLFLAG_TUN)
+#define CTLFLAG_CAPRD	0x00040000	/* Can be read in capability mode */
+#define CTLFLAG_CAPWR	0x00020000	/* Can be written in capability mode */
 
 /*
  * Secure level.   Note that CTLFLAG_SECURE == CTLFLAG_SECURE1.