From owner-freebsd-hackers@FreeBSD.ORG Mon Jul 25 09:42:54 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 291DA1065670 for ; Mon, 25 Jul 2011 09:42:54 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 06D968FC1C for ; Mon, 25 Jul 2011 09:42:54 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 76F3446B03; Mon, 25 Jul 2011 05:42:53 -0400 (EDT) Date: Mon, 25 Jul 2011 10:42:53 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: s In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@freebsd.org Subject: Re: Finding symlink information in MAC Framework X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jul 2011 09:42:54 -0000 On Fri, 15 Jul 2011, s wrote: > I am trying to get some information related to the symlink which is being > accessed by the user in MAC Framework. Currently I managed to get the > uid/gid of the owner of the symlink that is being read, but now I need to > get the same information about the target, that the symlink points to. > > static int samplemac_vnode_check_link (struct ucred *cred, struct vnode *vp, > struct label *vplabel) > { > > int error; > struct vattr vap; > > error = VOP_GETATTR(vp, &vap, cred); > if (error) > return (1); > > if(vap.va_uid != 0) { > log(LOG_NOTICE, "stub_vnode_check_readlink: %i, gid: %i\n", > vap.va_uid, vap.va_gid); > return (0); > } > > return (0); > } > > And I have no idea how could I do that. Where should I look for that info? > And what way would be the fastest? Hi Jakub: Could you say a bit more about what you're trying to accomplish? The reason it's hard to express what you're trying to do (inspect the target of a symlink during a read of the symlink) is that it's not really a coherent concept in terms of kernel implementation. At the point where the access control check on readlink is occuring, the string hasn't yet been read from the link, and even if it had, you couldn't look up the target object as you're already holding locks relating to lookup and read of the symlink itself. Even if you could, there's also a risk of recursion: the symlink could point straight back to where you are, etc. The readlink check is mid-lookup and triggering an entirely fresh lookup from there might be quite awkward for a number of such reasons. In general, however, this is not an issue for the policies we've encountered thus far: they almost all care only about authorising path segment lookups (in which case readlink is just another segment in evaluation), or absolute paths to objects reconstructed during the actual operation on the target object, etc. Hence my wondering what you're trying to accomplish -- the first question, really, is "is what you're trying to express actually safely expressible in a fine-grained, multiprocessing kernel?" Robert