From owner-p4-projects@FreeBSD.ORG Wed Feb 18 13:15:37 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E8DA516A4DE; Wed, 18 Feb 2004 13:15:36 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3CA116A4E6 for ; Wed, 18 Feb 2004 13:15:36 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88AD943D1D for ; Wed, 18 Feb 2004 13:15:36 -0800 (PST) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i1ILFaGe014499 for ; Wed, 18 Feb 2004 13:15:36 -0800 (PST) (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i1ILFad9014496 for perforce@freebsd.org; Wed, 18 Feb 2004 13:15:36 -0800 (PST) (envelope-from areisse@nailabs.com) Date: Wed, 18 Feb 2004 13:15:36 -0800 (PST) Message-Id: <200402182115.i1ILFad9014496@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 47145 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 21:15:37 -0000 http://perforce.freebsd.org/chv.cgi?CH=47145 Change 47145 by areisse@areisse_ibook on 2004/02/18 13:15:33 Uses label handle message trailer format for bootstrap security checks. Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.c#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/rpc_services.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.c#3 (text+ko) ==== @@ -1015,6 +1015,7 @@ server_t *serverp; kern_return_t result; mig_reply_error_t *reply; + mach_msg_mac_trailer_t *trailer = (mach_msg_mac_trailer_t *) (((char*)Request)+Request->msgh_size); debug("received message on port %x\n", Request->msgh_local_port); @@ -1195,8 +1196,11 @@ else { /* must be a service request */ debug("Handled request."); - return bootstrap_server(Request, Reply); + boolean_t result = bootstrap_server(Request, Reply); + mach_port_destroy(mach_task_self(), trailer->msgh_labels.sender); + return result; } + mach_port_destroy(mach_task_self(), trailer->msgh_labels.sender); return TRUE; } ==== //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/rpc_services.c#3 (text+ko) ==== @@ -99,9 +99,9 @@ return BOOTSTRAP_NOT_PRIVILEGED; } - kern_return_t kr = mac_check_name_port_access + kern_return_t kr = mac_check_port_access (mach_task_self(), - labels.slabel, bootstrap_port, + labels.sender, bootstrap_port, "mach_names", "create_server"); if (kr) return BOOTSTRAP_NOT_PRIVILEGED; @@ -297,9 +297,9 @@ debug("Register attempt for service %s port %x", service_name, service_port); - result = mac_check_name_port_access (mach_task_self(), - labels.slabel, bootstrap_port, - "mach_names", "register"); + result = mac_check_port_access (mach_task_self(), + labels.sender, bootstrap_port, + "mach_names", "register"); if (result) return result; @@ -419,13 +419,13 @@ servicep = lookup_service_by_name(bootstrap, service_name); mach_port_t sp = servicep ? servicep->port : MACH_PORT_NULL; - kern_return_t kr = mac_check_name_port_access + kern_return_t kr = mac_check_port_access (mach_task_self(), - labels.slabel, sp == MACH_PORT_NULL ? bootstrap_port : sp, + labels.sender, sp == MACH_PORT_NULL ? bootstrap_port : sp, "mach_names", "look_up"); if (kr) { - log("bootstrap denied %s :%d", labels.slabel, kr); + log("bootstrap denied %d :%d", labels.sender, kr); return KERN_NO_ACCESS; } @@ -746,8 +746,8 @@ if (!bootstrap || !active_bootstrap(bootstrap)) return BOOTSTRAP_NOT_PRIVILEGED; - kern_return_t kr = mac_check_name_port_access - (mach_task_self(), labels.slabel, bootstrap_port, + kern_return_t kr = mac_check_port_access + (mach_task_self(), labels.sender, bootstrap_port, "mach_names", "makesubset"); if (kr) return BOOTSTRAP_NOT_PRIVILEGED; @@ -774,13 +774,22 @@ if (result != KERN_SUCCESS) kern_fatal(result, "port_set_add"); + char slabel[512]; char *nslabel; - result = security_change_context2 (labels.slabel+6, labels.slabel+6, "mach_names", + + result = mach_get_port_label (mach_task_self(), labels.sender, slabel); + if (result) + { + log ("error getting port label"); + } + else { + + result = security_change_context2 (slabel+6, slabel+6, "mach_names", &nslabel); if (result) { - log ("error changing context for %s", labels.slabel); - nslabel = labels.slabel; + log ("error changing context for %s", slabel); + nslabel = slabel; } else { @@ -795,6 +804,7 @@ nslabel); if (result != KERN_SUCCESS) kern_fatal(result, "mach_set_port_label"); + } subset = new_bootstrap(bootstrap, new_bootstrap_port, requestor_port);