Date: Thu, 24 Jan 2008 08:58:36 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 133987 for review Message-ID: <200801240858.m0O8wap4012384@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=133987 Change 133987 by rwatson@rwatson_freebsd_capabilities on 2008/01/24 08:58:26 Allow various infrastructural sysctls, such as querying the next sysctl, sysctl fmt, and name2oid, in capability mode. This is too broad and should be narrowed based on the specific oid being requested. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_mib.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_sysctl.c#3 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_mib.c#3 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_sysctl.c#3 (text+ko) ==== @@ -598,7 +598,12 @@ return (SYSCTL_OUT(req, "", 1)); } -static SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD, sysctl_sysctl_name, ""); +/* + * XXXRW: Shouldn't return name data for nodes that we don't permit in + * capability mode. + */ +static SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD | CTLFLAG_CAPRD, + sysctl_sysctl_name, ""); static int sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, int *name, u_int namelen, @@ -676,7 +681,12 @@ return (error); } -static SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD, sysctl_sysctl_next, ""); +/* + * XXXRW: Shouldn't return next data for nodes that we don't permit in + * capability mode. + */ +static SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD | CTLFLAG_CAPRD, + sysctl_sysctl_next, ""); static int name2oid (char *name, int *oid, int *len, struct sysctl_oid **oidpp) @@ -768,8 +778,12 @@ return (error); } -SYSCTL_PROC(_sysctl, 3, name2oid, CTLFLAG_RW|CTLFLAG_ANYBODY, 0, 0, - sysctl_sysctl_name2oid, "I", ""); +/* + * XXXRW: Shouldn't return name2oid data for nodes that we don't permit in + * capability mode. + */ +SYSCTL_PROC(_sysctl, 3, name2oid, CTLFLAG_RW | CTLFLAG_ANYBODY | + CTLFLAG_CAPRW, 0, 0, sysctl_sysctl_name2oid, "I", ""); static int sysctl_sysctl_oidfmt(SYSCTL_HANDLER_ARGS) @@ -791,7 +805,12 @@ } -static SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD, sysctl_sysctl_oidfmt, ""); +/* + * XXXRW: Shouldn't return oidfmt data for nodes that we don't permit in + * capability mode. + */ +static SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD | CTLFLAG_CAPRD, + sysctl_sysctl_oidfmt, ""); static int sysctl_sysctl_oiddescr(SYSCTL_HANDLER_ARGS) @@ -809,7 +828,12 @@ return (error); } -static SYSCTL_NODE(_sysctl, 5, oiddescr, CTLFLAG_RD, sysctl_sysctl_oiddescr, ""); +/* + * XXXRW: Shouldn't return oiddescr data for nodes that we don't permit in + * capability mode. + */ +static SYSCTL_NODE(_sysctl, 5, oiddescr, CTLFLAG_RD | CTLFLAG_CAPRD, + sysctl_sysctl_oiddescr, ""); /* * Default "handler" functions.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801240858.m0O8wap4012384>