PERFORCE change 26783 for review
Robert Watson
rwatson at freebsd.org
Wed Mar 12 20:01:32 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=26783
Change 26783 by rwatson at rwatson_paprika on 2003/03/12 12:00:32
Flush minor patches from my flight on Sunday: permit policies
to prevent use of wait4() (and related calls) to monitor
inappropriate processes. Many policies will want to avoid
limiting wait4() due to possible zombie-related side effects,
but some policies will require it.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_exit.c#29 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#376 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#32 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#228 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#182 edit
.. //depot/projects/trustedbsd/mac/sys/sys/proc.h#38 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_exit.c#29 (text+ko) ====
@@ -585,6 +585,10 @@
PROC_UNLOCK(p);
continue;
}
+ if (p_canwait(td, p)) {
+ PROC_UNLOCK(p);
+ continue;
+ }
/*
* This special case handles a kthread spawned by linux_clone
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#376 (text+ko) ====
@@ -2516,6 +2516,21 @@
}
int
+mac_check_proc_wait(struct ucred *cred, struct proc *proc)
+{
+ int error;
+
+ PROC_LOCK_ASSERT(proc, MA_OWNED);
+
+ if (!mac_enforce_process)
+ return (0);
+
+ MAC_CHECK(check_proc_wait, cred, proc);
+
+ return (error);
+}
+
+int
mac_check_socket_bind(struct ucred *ucred, struct socket *socket,
struct sockaddr *sockaddr)
{
==== //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#32 (text+ko) ====
@@ -1670,6 +1670,37 @@
return (0);
}
+/*-
+ * Determine whether td can wait for the exit of p.
+ * Returns: 0 for permitted, an errno value otherwise
+ * Locks: Sufficient locks to protect various components of td and p
+ * must be held. td must be curthread, and a lock must
+ * be held for p.
+ * References: td and p must be valid for the lifetime of the call
+
+ */
+int
+p_canwait(struct thread *td, struct proc *p)
+{
+ int error;
+
+ KASSERT(td == curthread, ("%s: td not curthread", __func__));
+ PROC_LOCK_ASSERT(p, MA_OWNED);
+ if ((error = prison_check(td->td_ucred, p->p_ucred)))
+ return (error);
+#ifdef MAC
+ if ((error = mac_check_proc_wait(td->td_ucred, p)))
+ return (error);
+#endif
+#if 0
+ /* XXXMAC: This could have odd effects on some shells. */
+ if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred)))
+ return (error);
+#endif
+
+ return (0);
+}
+
/*
* Allocate a zeroed cred structure.
*/
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#228 (text+ko) ====
@@ -256,6 +256,7 @@
int mac_check_proc_sched(struct ucred *cred, struct proc *proc);
int mac_check_proc_signal(struct ucred *cred, struct proc *proc,
int signum);
+int mac_check_proc_wait(struct ucred *cred, struct proc *proc);
int mac_check_socket_bind(struct ucred *cred, struct socket *so,
struct sockaddr *sockaddr);
int mac_check_socket_connect(struct ucred *cred, struct socket *so,
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#182 (text+ko) ====
@@ -303,6 +303,8 @@
struct proc *proc);
int (*mpo_check_proc_signal)(struct ucred *cred,
struct proc *proc, int signum);
+ int (*mpo_check_proc_wait)(struct ucred *cred,
+ struct proc *proc);
int (*mpo_check_socket_bind)(struct ucred *cred,
struct socket *so, struct label *socketlabel,
struct sockaddr *sockaddr);
==== //depot/projects/trustedbsd/mac/sys/sys/proc.h#38 (text+ko) ====
@@ -868,6 +868,7 @@
int p_cansee(struct thread *td, struct proc *p);
int p_cansched(struct thread *td, struct proc *p);
int p_cansignal(struct thread *td, struct proc *p, int signum);
+int p_canwait(struct thread *td, struct proc *p);
struct pargs *pargs_alloc(int len);
void pargs_drop(struct pargs *pa);
void pargs_free(struct pargs *pa);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list