From owner-trustedbsd-cvs@FreeBSD.ORG Sun Oct 1 17:26:35 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F0C116A47E for ; Sun, 1 Oct 2006 17:26:35 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 541D343D46 for ; Sun, 1 Oct 2006 17:26:34 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 24A0F46B9A for ; Sun, 1 Oct 2006 13:26:33 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 1AA7455E44; Sun, 1 Oct 2006 17:26:31 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 131BC16A412; Sun, 1 Oct 2006 17:26:31 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C93F016A40F for ; Sun, 1 Oct 2006 17:26:30 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CC9943D46 for ; Sun, 1 Oct 2006 17:26:30 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k91HQUjX055605 for ; Sun, 1 Oct 2006 17:26:30 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k91HQSGk055580 for perforce@freebsd.org; Sun, 1 Oct 2006 17:26:28 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sun, 1 Oct 2006 17:26:28 GMT Message-Id: <200610011726.k91HQSGk055580@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 107054 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 17:26:35 -0000 http://perforce.freebsd.org/chv.cgi?CH=107054 Change 107054 by rwatson@rwatson_peppercorn on 2006/10/01 17:25:38 Mindlessly apply priv changes to RELENG_6, with some adaptations (no subr_acl_posix1e.c, etc), and some omissions (no mqueues, and so on). More work needed, including dealing with the alpha tree (not present in HEAD), compiling it, etc. Affected files ... .. //depot/projects/trustedbsd/priv6/src/sys/amd64/amd64/io.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/compat/linux/linux_misc.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/compat/linux/linux_uid16.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/compat/svr4/svr4_fcntl.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/compat/svr4/svr4_misc.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/conf/NOTES#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/conf/files#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/conf/options#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_cbq.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_cdnr.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_hfsc.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_priq.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_red.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_rio.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/contrib/pf/net/if_pfsync.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/an/if_an.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/arl/if_arl.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/asr/asr.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/ata/atapi-cd.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/ce/if_ce.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/cp/if_cp.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/ctau/if_ct.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/cx/if_cx.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/dcons/dcons_os.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/drm/drmP.h#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/fdc/fdc.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/hwpmc/hwpmc_mod.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/if_ndis/if_ndis.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/kbd/kbd.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/nmdm/nmdm.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/null/null.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/ofw/ofw_console.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/random/randomdev.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/sbni/if_sbni.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/sbsh/if_sbsh.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/si/si.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/syscons/syscons.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/syscons/sysmouse.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/wi/if_wi.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/wl/if_wl.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/dev/zs/zs.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/fs/devfs/devfs_rule.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/fs/devfs/devfs_vnops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/fs/hpfs/hpfs_vnops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/fs/msdosfs/msdosfs_vfsops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/fs/msdosfs/msdosfs_vnops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/fs/procfs/procfs_ioctl.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/fs/smbfs/smbfs_vnops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/fs/udf/udf_vfsops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/fs/umapfs/umap_vfsops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/gnu/fs/ext2fs/ext2_vfsops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/gnu/fs/ext2fs/ext2_vnops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/gnu/fs/reiserfs/reiserfs_fs.h#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/gnu/fs/reiserfs/reiserfs_vfsops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/i386/i386/io.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/i386/i386/sys_machdep.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/i386/i386/vm86.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/i386/ibcs2/ibcs2_misc.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/i386/ibcs2/ibcs2_socksys.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/i386/ibcs2/ibcs2_sysi86.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/i386/linux/linux_machdep.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/i4b/driver/i4b_ipr.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/ia64/ia64/ssc.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/isofs/cd9660/cd9660_vfsops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_acct.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_acl.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_descrip.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_environment.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_exec.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_fork.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_jail.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_ktrace.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_linker.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_ntptime.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_prot.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_resource.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_shutdown.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_sysctl.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_thr.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_time.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/kern_xxx.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/subr_firmware.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/subr_prf.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/subr_witness.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/sysv_ipc.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/sysv_msg.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/tty.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/tty_cons.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/tty_pty.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/uipc_sem.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/vfs_mount.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/vfs_subr.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/vfs_syscalls.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/kern/vfs_vnops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/modules/Makefile#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/bpf.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/if.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/if_bridge.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/if_gre.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/if_ppp.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/if_sl.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/if_tap.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/if_tun.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/ppp_tty.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/raw_usrreq.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net/rtsock.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/net80211/ieee80211_ioctl.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netatalk/at_control.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netatalk/ddp_pcb.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netatm/atm_usrreq.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netgraph/bluetooth/drivers/h4/ng_h4.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netgraph/bluetooth/socket/ng_btsocket_l2cap_raw.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netgraph/ng_socket.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netgraph/ng_tty.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/in_pcb.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_carp.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_divert.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_fw2.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_mroute.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_output.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/raw_ip.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/tcp_subr.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/udp_usrreq.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet6/in6.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet6/in6_pcb.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet6/in6_src.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet6/ipsec.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet6/udp6_usrreq.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netipx/ipx_pcb.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netipx/ipx_usrreq.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netncp/ncp_conn.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netncp/ncp_mod.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netncp/ncp_subr.h#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netsmb/smb_conn.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/netsmb/smb_subr.h#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/nfsserver/nfs_syscalls.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/pc98/cbus/fdc.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/posix4/p1003_1b.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/audit/audit.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/audit/audit_pipe.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/audit/audit_syscalls.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac/mac_internal.h#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac/mac_net.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac/mac_system.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac_bsdextended/mac_bsdextended.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac_lomac/mac_lomac.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac_partition/mac_partition.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac_portacl/mac_portacl.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac_seeotheruids/mac_seeotheruids.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/sys/jail.h#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/sys/mac.h#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/sys/systm.h#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/ufs/ffs/ffs_alloc.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/ufs/ffs/ffs_vfsops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/ufs/ffs/ffs_vnops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/ufs/ufs/ufs_extattr.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/ufs/ufs/ufs_quota.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/ufs/ufs/ufs_vnops.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/vm/swap_pager.c#2 edit .. //depot/projects/trustedbsd/priv6/src/sys/vm/vm_mmap.c#2 edit Differences ... ==== //depot/projects/trustedbsd/priv6/src/sys/amd64/amd64/io.c#2 (text+ko) ==== @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -54,7 +55,7 @@ { int error; - error = suser(td); + error = priv_check(td, PRIV_IO); if (error != 0) return (error); error = securelevel_gt(td->td_ucred, 0); ==== //depot/projects/trustedbsd/priv6/src/sys/compat/linux/linux_misc.c#2 (text+ko) ==== @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -1031,7 +1032,8 @@ * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { + if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, + SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); ==== //depot/projects/trustedbsd/priv6/src/sys/compat/linux/linux_uid16.c#2 (text+ko) ==== @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -123,7 +124,8 @@ * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { + if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, + SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); ==== //depot/projects/trustedbsd/priv6/src/sys/compat/svr4/svr4_fcntl.c#2 (text+ko) ==== @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include @@ -279,7 +280,8 @@ goto out; if (td->td_ucred->cr_uid != vattr.va_uid && - (error = suser(td)) != 0) + (error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, + SUSER_ALLOWJAIL)) != 0) goto out; if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) ==== //depot/projects/trustedbsd/priv6/src/sys/compat/svr4/svr4_misc.c#2 (text+ko) ==== @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include @@ -607,7 +608,8 @@ struct file *fp; int error; - if ((error = suser(td)) != 0) + if ((error = priv_check_cred(td->td_ucred, PRIV_VFS_FCHROOT, + SUSER_ALLOWJAIL)) != 0) return error; if ((error = getvnode(fdp, uap->fd, &fp)) != 0) return error; ==== //depot/projects/trustedbsd/priv6/src/sys/conf/NOTES#2 (text+ko) ==== @@ -987,6 +987,7 @@ options MAC_NONE options MAC_PARTITION options MAC_PORTACL +options MAC_PRIVS options MAC_SEEOTHERUIDS options MAC_STUB options MAC_TEST ==== //depot/projects/trustedbsd/priv6/src/sys/conf/files#2 (text+ko) ==== @@ -1268,6 +1268,7 @@ kern/kern_physio.c standard kern/kern_pmc.c standard kern/kern_poll.c optional device_polling +kern/kern_priv.c standard kern/kern_proc.c standard kern/kern_prot.c standard kern/kern_resource.c standard @@ -1839,6 +1840,7 @@ security/mac/mac_net.c optional mac security/mac/mac_pipe.c optional mac security/mac/mac_posix_sem.c optional mac +security/mac/mac_priv.c optional mac security/mac/mac_process.c optional mac security/mac/mac_socket.c optional mac security/mac/mac_system.c optional mac @@ -1854,6 +1856,7 @@ security/mac_none/mac_none.c optional mac_none security/mac_partition/mac_partition.c optional mac_partition security/mac_portacl/mac_portacl.c optional mac_portacl +security/mac_privs/mac_privs.c optional mac_privs security/mac_seeotheruids/mac_seeotheruids.c optional mac_seeotheruids security/mac_stub/mac_stub.c optional mac_stub security/mac_test/mac_test.c optional mac_test ==== //depot/projects/trustedbsd/priv6/src/sys/conf/options#2 (text+ko) ==== @@ -110,6 +110,7 @@ MAC_NONE opt_dontuse.h MAC_PARTITION opt_dontuse.h MAC_PORTACL opt_dontuse.h +MAC_PRIVS opt_dontuse.h MAC_SEEOTHERUIDS opt_dontuse.h MAC_STATIC opt_mac.h MAC_STUB opt_dontuse.h ==== //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_cbq.c#2 (text+ko) ==== @@ -1062,7 +1062,9 @@ /* currently only command that an ordinary user can call */ break; default: -#if (__FreeBSD_version > 400000) +#if (__FreeBSD_version > 700000) + error = priv_check(p, PRIV_ALTQ_MANAGE); +#elsif (__FreeBSD_version > 400000) error = suser(p); #else error = suser(p->p_ucred, &p->p_acflag); ==== //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_cdnr.c#2 (text+ko) ==== @@ -1262,7 +1262,9 @@ case CDNR_GETSTATS: break; default: -#if (__FreeBSD_version > 400000) +#if (__FreeBSD_versoin > 700000) + if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) +#elsif (__FreeBSD_version > 400000) if ((error = suser(p)) != 0) #else if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) ==== //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_hfsc.c#2 (text+ko) ==== @@ -1975,7 +1975,10 @@ case HFSC_GETSTATS: break; default: -#if (__FreeBSD_version > 400000) +#if (__FreeBSD_version > 700000) + if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) + return (error); +#elsif (__FreeBSD_version > 400000) if ((error = suser(p)) != 0) return (error); #else ==== //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_priq.c#2 (text+ko) ==== @@ -772,7 +772,10 @@ case PRIQ_GETSTATS: break; default: -#if (__FreeBSD_version > 400000) +#if (__FreeBSD_version > 700000) + if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) + return (error); +#elsif (__FreeBSD_version > 400000) if ((error = suser(p)) != 0) return (error); #else ==== //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_red.c#2 (text+ko) ==== @@ -781,7 +781,9 @@ case RED_GETSTATS: break; default: -#if (__FreeBSD_version > 400000) +#if (__FreeBSD_version > 700000) + if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) +#elsif (__FreeBSD_version > 400000) if ((error = suser(p)) != 0) #else if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) ==== //depot/projects/trustedbsd/priv6/src/sys/contrib/altq/altq/altq_rio.c#2 (text+ko) ==== @@ -531,7 +531,10 @@ case RIO_GETSTATS: break; default: -#if (__FreeBSD_version > 400000) +#if (__FreeBSD_versoin > 700000) + if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) + return (error); +#elsif (__FreeBSD_version > 400000) if ((error = suser(p)) != 0) return (error); #else ==== //depot/projects/trustedbsd/priv6/src/sys/contrib/pf/net/if_pfsync.c#2 (text+ko) ==== @@ -43,6 +43,9 @@ #endif #include +#ifdef __FreeBSD__ +#include +#endif #include #include #include @@ -1028,7 +1031,7 @@ break; case SIOCSETPFSYNC: #ifdef __FreeBSD__ - if ((error = suser(curthread)) != 0) + if ((error = priv_check(curthread, PRIV_NETINET_PF)) != 0) #else if ((error = suser(p, p->p_acflag)) != 0) #endif ==== //depot/projects/trustedbsd/priv6/src/sys/dev/an/if_an.c#2 (text+ko) ==== @@ -91,6 +91,7 @@ #include #include #include +#include #include #include #include @@ -1983,7 +1984,7 @@ break; #ifdef ANCACHE if (sc->areq.an_type == AN_RID_ZERO_CACHE) { - error = suser(td); + error = priv_check(td, PRIV_DRIVER); if (error) break; sc->an_sigitems = sc->an_nextitem = 0; @@ -2007,7 +2008,7 @@ error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq)); break; case SIOCSAIRONET: - if ((error = suser(td))) + if ((error = priv_check(td, PRIV_DRIVER))) goto out; error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq)); if (error != 0) @@ -2015,7 +2016,7 @@ an_setdef(sc, &sc->areq); break; case SIOCGPRIVATE_0: /* used by Cisco client utility */ - if ((error = suser(td))) + if ((error = priv_check(td, PRIV_DRIVER))) goto out; error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl)); if (error) @@ -2037,7 +2038,7 @@ } break; case SIOCGPRIVATE_1: /* used by Cisco client utility */ - if ((error = suser(td))) + if ((error = priv_check(td, PRIV_DRIVER))) goto out; error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl)); if (error) @@ -2289,7 +2290,7 @@ } break; case SIOCS80211: - if ((error = suser(td))) + if ((error = priv_check(td, PRIV_NET80211_MANAGE))) goto out; sc->areq.an_len = sizeof(sc->areq); /* ==== //depot/projects/trustedbsd/priv6/src/sys/dev/arl/if_arl.c#2 (text+ko) ==== @@ -43,6 +43,7 @@ #include #include #include +#include #include #include @@ -505,7 +506,7 @@ break; case SIOCS80211: - if ((error = suser(td))) + if ((error = priv_check(td, PRIV_NET80211_MANAGE))) break; switch (ireq->i_type) { case IEEE80211_IOC_SSID: @@ -578,7 +579,7 @@ } case SIOCGARLALL: bzero(&arlan_io, sizeof(arlan_io)); - if (!suser(td)) { + if (!priv_check(td, PRIV_DRIVER)) { bcopy(ar->systemId, arlan_io.cfg.sid, 4); } @@ -617,7 +618,7 @@ } while (0) case SIOCSARLALL: - if (suser(td)) + if (priv_check(td, PRIV_DRIVER)) break; user = (void *)ifr->ifr_data; ==== //depot/projects/trustedbsd/priv6/src/sys/dev/asr/asr.c#2 (text+ko) ==== @@ -117,6 +117,7 @@ #include #include #include +#include #include #include #include @@ -3021,7 +3022,7 @@ s = splcam (); if (ASR_ctlr_held) { error = EBUSY; - } else if ((error = suser(td)) == 0) { + } else if ((error = priv_check(td, PRIV_DRIVER)) == 0) { ++ASR_ctlr_held; } splx(s); ==== //depot/projects/trustedbsd/priv6/src/sys/dev/ata/atapi-cd.c#2 (text+ko) ==== @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -257,8 +258,11 @@ cdp->flags |= F_LOCKED; break; + /* + * XXXRW: Why does this require privilege? + */ case CDIOCRESET: - error = suser(td); + error = priv_check(td, PRIV_DRIVER); if (error) break; error = acd_test_ready(dev); ==== //depot/projects/trustedbsd/priv6/src/sys/dev/ce/if_ce.c#2 (text) ==== @@ -29,6 +29,7 @@ #if NPCI > 0 #include +#include #include #include #include @@ -1341,9 +1342,11 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); -#else /* __FreeBSD_version >= 500000 */ +#elsif __FreeBSD_version < 700000 error = suser (td); -#endif /* __FreeBSD_version >= 500000 */ +#else + error = priv_check (td, PRIV_DRIVER); +#endif if (error) return error; #if __FreeBSD_version >= 600034 @@ -1380,8 +1383,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1408,8 +1413,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1426,8 +1433,10 @@ CE_DEBUG2 (d, ("ioctl: setcfg\n")); #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1526,8 +1535,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1560,8 +1571,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1586,8 +1599,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1608,8 +1623,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1634,8 +1651,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1658,8 +1677,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1686,8 +1707,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1708,8 +1731,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1734,8 +1759,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1758,8 +1785,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1784,8 +1813,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1810,8 +1841,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1836,8 +1869,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1867,8 +1902,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1892,8 +1929,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1909,8 +1948,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; @@ -1945,8 +1986,10 @@ /* Only for superuser! */ #if __FreeBSD_version < 500000 error = suser (p); +#elsif __FreeBSD_version < 700000 + error = suser (td); #else - error = suser (td); + error = priv_check (td, PRIV_DRIVER); #endif if (error) return error; ==== //depot/projects/trustedbsd/priv6/src/sys/dev/cp/if_cp.c#2 (text+ko) ==== @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -1060,7 +1061,7 @@ case SERIAL_SETPROTO: CP_DEBUG2 (d, ("ioctl: setproto\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (d->ifp->if_drv_flags & IFF_DRV_RUNNING) @@ -1091,7 +1092,7 @@ case SERIAL_SETKEEPALIVE: CP_DEBUG2 (d, ("ioctl: setkeepalive\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if ((IFP2SP(d->ifp)->pp_flags & PP_FR) || @@ -1115,7 +1116,7 @@ case SERIAL_SETMODE: /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (*(int*)data != SERIAL_HDLC) @@ -1131,7 +1132,7 @@ case SERIAL_SETCFG: CP_DEBUG2 (d, ("ioctl: setcfg\n")); - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (c->type != T_E1) @@ -1228,7 +1229,7 @@ case SERIAL_CLRSTAT: CP_DEBUG2 (d, ("ioctl: clrstat\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; c->rintr = 0; @@ -1257,7 +1258,7 @@ case SERIAL_SETBAUD: CP_DEBUG2 (d, ("ioctl: setbaud\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; s = splimp (); @@ -1275,7 +1276,7 @@ case SERIAL_SETLOOP: CP_DEBUG2 (d, ("ioctl: setloop\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; s = splimp (); @@ -1295,7 +1296,7 @@ case SERIAL_SETDPLL: CP_DEBUG2 (d, ("ioctl: setdpll\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (c->type != T_SERIAL) @@ -1317,7 +1318,7 @@ case SERIAL_SETNRZI: CP_DEBUG2 (d, ("ioctl: setnrzi\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (c->type != T_SERIAL) @@ -1337,7 +1338,7 @@ case SERIAL_SETDEBUG: CP_DEBUG2 (d, ("ioctl: setdebug\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; d->chan->debug = *(int*)data; @@ -1359,7 +1360,7 @@ case SERIAL_SETHIGAIN: CP_DEBUG2 (d, ("ioctl: sethigain\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (c->type != T_E1) @@ -1381,7 +1382,7 @@ case SERIAL_SETPHONY: CP_DEBUG2 (d, ("ioctl: setphony\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (c->type != T_E1) @@ -1403,7 +1404,7 @@ case SERIAL_SETUNFRAM: CP_DEBUG2 (d, ("ioctl: setunfram\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (c->type != T_E1) @@ -1425,7 +1426,7 @@ case SERIAL_SETSCRAMBLER: CP_DEBUG2 (d, ("ioctl: setscrambler\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (c->type != T_G703 && !c->unfram) @@ -1450,7 +1451,7 @@ case SERIAL_SETMONITOR: CP_DEBUG2 (d, ("ioctl: setmonitor\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (c->type != T_E1) @@ -1472,7 +1473,7 @@ case SERIAL_SETUSE16: CP_DEBUG2 (d, ("ioctl: setuse16\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; if (c->type != T_E1) @@ -1494,7 +1495,7 @@ case SERIAL_SETCRC4: CP_DEBUG2 (d, ("ioctl: setcrc4\n")); /* Only for superuser! */ - error = suser (td); + error = priv_check (td, PRIV_DRIVER); if (error) return error; >>> TRUNCATED FOR MAIL (1000 lines) <<<