svn commit: r194532 - in head/sys: fs/devfs kern sys
Ed Schouten
ed at FreeBSD.org
Sat Jun 20 14:50:33 UTC 2009
Author: ed
Date: Sat Jun 20 14:50:32 2009
New Revision: 194532
URL: http://svn.freebsd.org/changeset/base/194532
Log:
Improve nested jail awareness of devfs by handling credentials.
Now that we start to use credentials on character devices more often
(because of MPSAFE TTY), move the prison-checks that are in place in the
TTY code into devfs.
Instead of strictly comparing the prisons, use the more common
prison_check() function to compare credentials. This means that
pseudo-terminals are only visible in devfs by processes within the same
jail and parent jails.
Even though regular users in parent jails can now interact with
pseudo-terminals from child jails, this seems to be the right approach.
These processes are also capable of interacting with the jailed
processes anyway, through signals for example.
Reviewed by: kib, rwatson (older version)
Modified:
head/sys/fs/devfs/devfs_vnops.c
head/sys/kern/tty.c
head/sys/sys/priv.h
Modified: head/sys/fs/devfs/devfs_vnops.c
==============================================================================
--- head/sys/fs/devfs/devfs_vnops.c Sat Jun 20 14:16:41 2009 (r194531)
+++ head/sys/fs/devfs/devfs_vnops.c Sat Jun 20 14:50:32 2009 (r194532)
@@ -48,6 +48,7 @@
#include <sys/file.h>
#include <sys/filedesc.h>
#include <sys/filio.h>
+#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/malloc.h>
@@ -706,6 +707,22 @@ devfs_kqfilter_f(struct file *fp, struct
return (error);
}
+static inline int
+devfs_prison_check(struct devfs_dirent *de, struct ucred *tcr)
+{
+ struct cdev_priv *cdp;
+ struct ucred *dcr;
+
+ cdp = de->de_cdp;
+ if (cdp == NULL)
+ return (0);
+ dcr = cdp->cdp_c.si_cred;
+ if (dcr == NULL)
+ return (0);
+
+ return (prison_check(tcr, dcr));
+}
+
static int
devfs_lookupx(struct vop_lookup_args *ap, int *dm_unlock)
{
@@ -831,6 +848,9 @@ devfs_lookupx(struct vop_lookup_args *ap
return (ENOENT);
}
+ if (devfs_prison_check(de, td->td_ucred))
+ return (ENOENT);
+
if ((cnp->cn_nameiop == DELETE) && (flags & ISLASTCN)) {
error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred, td);
if (error)
@@ -1106,6 +1126,8 @@ devfs_readdir(struct vop_readdir_args *a
KASSERT(dd->de_cdp != (void *)0xdeadc0de, ("%s %d\n", __func__, __LINE__));
if (dd->de_flags & DE_WHITEOUT)
continue;
+ if (devfs_prison_check(dd, ap->a_cred))
+ continue;
if (dd->de_dirent->d_type == DT_DIR)
de = dd->de_dir;
else
Modified: head/sys/kern/tty.c
==============================================================================
--- head/sys/kern/tty.c Sat Jun 20 14:16:41 2009 (r194531)
+++ head/sys/kern/tty.c Sat Jun 20 14:50:32 2009 (r194532)
@@ -219,13 +219,6 @@ ttydev_open(struct cdev *dev, int oflags
struct tty *tp = dev->si_drv1;
int error = 0;
- /* Disallow access when the TTY belongs to a different prison. */
- if (dev->si_cred != NULL &&
- dev->si_cred->cr_prison != td->td_ucred->cr_prison &&
- priv_check(td, PRIV_TTY_PRISON)) {
- return (EPERM);
- }
-
tty_lock(tp);
if (tty_gone(tp)) {
/* Device is already gone. */
Modified: head/sys/sys/priv.h
==============================================================================
--- head/sys/sys/priv.h Sat Jun 20 14:16:41 2009 (r194531)
+++ head/sys/sys/priv.h Sat Jun 20 14:50:32 2009 (r194532)
@@ -211,7 +211,6 @@
#define PRIV_TTY_DRAINWAIT 251 /* Set tty drain wait time. */
#define PRIV_TTY_DTRWAIT 252 /* Set DTR wait on tty. */
#define PRIV_TTY_EXCLUSIVE 253 /* Override tty exclusive flag. */
-#define PRIV_TTY_PRISON 254 /* Can open pts across jails. */
#define PRIV_TTY_STI 255 /* Simulate input on another tty. */
#define PRIV_TTY_SETA 256 /* Set tty termios structure. */
More information about the svn-src-head
mailing list