From owner-svn-soc-all@FreeBSD.ORG Sun Aug 5 19:00:56 2012 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from socsvn.FreeBSD.org (unknown [IPv6:2001:4f8:fff6::2f]) by hub.freebsd.org (Postfix) with SMTP id 0923E106564A for ; Sun, 5 Aug 2012 19:00:54 +0000 (UTC) (envelope-from gpf@FreeBSD.org) Received: by socsvn.FreeBSD.org (sSMTP sendmail emulation); Sun, 05 Aug 2012 19:00:54 +0000 Date: Sun, 05 Aug 2012 19:00:54 +0000 From: gpf@FreeBSD.org To: svn-soc-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <20120805190054.0923E106564A@hub.freebsd.org> Cc: Subject: socsvn commit: r240113 - soc2012/gpf/pefs_head/head/sys/kern X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Aug 2012 19:00:56 -0000 Author: gpf Date: Sun Aug 5 19:00:53 2012 New Revision: 240113 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=240113 Log: kern_exec.c hack: During an exec(), kernel checks if sysctl var "vfs.pefs.exec.enable" exists and is turned on. If it is active, we check the schg flag of the executable. For the moment, we simply print a "denied" message. Next patch will return proper error code and fail in a graceful manner. The pefs specific sysctl var is used to ease development so it's just temporary. If the file being executed is a shell script, only the respective interpreter is checked for the schg flag, not the script itself. work in progress Modified: soc2012/gpf/pefs_head/head/sys/kern/kern_exec.c Modified: soc2012/gpf/pefs_head/head/sys/kern/kern_exec.c ============================================================================== --- soc2012/gpf/pefs_head/head/sys/kern/kern_exec.c Sun Aug 5 17:30:17 2012 (r240112) +++ soc2012/gpf/pefs_head/head/sys/kern/kern_exec.c Sun Aug 5 19:00:53 2012 (r240113) @@ -122,7 +122,7 @@ NULL, 0, sysctl_kern_stackprot, "I", ""); u_long ps_arg_cache_limit = PAGE_SIZE / 16; -SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, +SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, &ps_arg_cache_limit, 0, ""); static int map_at_zero = 0; @@ -186,9 +186,9 @@ #ifndef _SYS_SYSPROTO_H_ struct execve_args { - char *fname; + char *fname; char **argv; - char **envv; + char **envv; }; #endif @@ -548,6 +548,24 @@ goto interpret; } + { + int enabled, rval; + size_t enabled_len; + + rval = kernel_sysctlbyname(td, "vfs.pefs.exec.enable", + &enabled, &enabled_len, NULL, 0, NULL, 0); + //printf("sysctl vfs.pefs.exec.enable=%d returns %d\n", enabled, + //rval); + if (rval == 0 && enabled != 0) { + printf("checking flag for %s\n", args->fname); + if ((imgp->attr->va_flags & SF_IMMUTABLE) == 0) { + printf("denied!\n"); + //error = ... + //goto exec_fail_dealloc; + } + } + } + /* * NB: We unlock the vnode here because it is believed that none * of the sv_copyout_strings/sv_fixup operations require the vnode. @@ -821,7 +839,7 @@ /* Set values passed into the program in registers. */ if (p->p_sysent->sv_setregs) - (*p->p_sysent->sv_setregs)(td, imgp, + (*p->p_sysent->sv_setregs)(td, imgp, (u_long)(uintptr_t)stack_base); else exec_setregs(td, imgp, (u_long)(uintptr_t)stack_base); @@ -1160,7 +1178,7 @@ } if ((error = copyinstr(argp, args->endp, args->stringspace, &length))) { - if (error == ENAMETOOLONG) + if (error == ENAMETOOLONG) error = E2BIG; goto err_exit; }