From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 26 22:16:15 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BE38106566B; Tue, 26 Jul 2011 22:16:15 +0000 (UTC) (envelope-from s@samu.pl) Received: from samu.pl (samu.pl [IPv6:2001:41d0:1:f0cf::1]) by mx1.freebsd.org (Postfix) with ESMTP id 3010C8FC08; Tue, 26 Jul 2011 22:16:15 +0000 (UTC) Received: by samu.pl (Postfix, from userid 1001) id 5DEB6CD667; Wed, 27 Jul 2011 00:16:14 +0200 (CEST) To: Robert Watson MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 27 Jul 2011 00:16:14 +0200 From: s In-Reply-To: References: Message-ID: X-Sender: s@samu.pl User-Agent: RoundCube Webmail/0.5.1 Cc: freebsd-hackers@freebsd.org Subject: Re: Finding symlink information in MAC Framework X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jul 2011 22:16:15 -0000 On Mon, 25 Jul 2011 10:42:53 +0100 (BST), Robert Watson wrote: > On Fri, 15 Jul 2011, s wrote: > >> I am trying to get some information related to the symlink which is >> being accessed by the user in MAC Framework. Currently I managed to >> get the uid/gid of the owner of the symlink that is being read, but >> now I need to get the same information about the target, that the >> symlink points to. >> >> static int samplemac_vnode_check_link (struct ucred *cred, struct >> vnode *vp, >> struct label *vplabel) >> { >> >> int error; >> struct vattr vap; >> >> error = VOP_GETATTR(vp, &vap, cred); >> if (error) >> return (1); >> >> if(vap.va_uid != 0) { >> log(LOG_NOTICE, "stub_vnode_check_readlink: %i, gid: %i\n", >> vap.va_uid, vap.va_gid); >> return (0); >> } >> >> return (0); >> } >> >> And I have no idea how could I do that. Where should I look for that >> info? And what way would be the fastest? > > Hi Jakub: > > Could you say a bit more about what you're trying to accomplish? The > reason it's hard to express what you're trying to do (inspect the > target of a symlink during a read of the symlink) is that it's not > really a coherent concept in terms of kernel implementation. At the > point where the access control check on readlink is occuring, the > string hasn't yet been read from the link, and even if it had, you > couldn't look up the target object as you're already holding locks > relating to lookup and read of the symlink itself. Even if you > could, > there's also a risk of recursion: the symlink could point straight > back to where you are, etc. The readlink check is mid-lookup and > triggering an entirely fresh lookup from there might be quite awkward > for a number of such reasons. > > In general, however, this is not an issue for the policies we've > encountered thus far: they almost all care only about authorising > path > segment lookups (in which case readlink is just another segment in > evaluation), or absolute paths to objects reconstructed during the > actual operation on the target object, etc. Hence my wondering what > you're trying to accomplish -- the first question, really, is "is > what > you're trying to express actually safely expressible in a > fine-grained, multiprocessing kernel?" > > Robert Hello, In general, I am trying to compare the owner of the symlink to the owner of what the symlink points to, and then do some actions and return appropriate value, depending on how it will be configured to act. At first I was trying to check wheter some user is trying to create such a symlink, but I couldn't find such entry point in MAC Framework. P.S My mail client did something messy and sent this reply to a wrong place, and I would like to apologize for that. I hope that THIS time, it will be sent to the right place. -- Pozdrawiam, Jakub 'samu' SzafraƄski