Date: Fri, 31 Jan 2014 17:39:52 +0000 (UTC) From: Jamie Gritton <jamie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r261326 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail Message-ID: <201401311739.s0VHdq8r020193@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jamie Date: Fri Jan 31 17:39:51 2014 New Revision: 261326 URL: http://svnweb.freebsd.org/changeset/base/261326 Log: Back out r261266 pending security buy-in. r261266: Add a jail parameter, allow.kmem, which lets jailed processes access /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE). This in conjunction with changing the drm driver's permission check from PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server. Modified: head/sys/dev/drm/drmP.h head/sys/kern/kern_jail.c head/sys/sys/jail.h head/usr.sbin/jail/jail.8 Modified: head/sys/dev/drm/drmP.h ============================================================================== --- head/sys/dev/drm/drmP.h Fri Jan 31 17:26:15 2014 (r261325) +++ head/sys/dev/drm/drmP.h Fri Jan 31 17:39:51 2014 (r261326) @@ -227,9 +227,7 @@ enum { #define PAGE_ALIGN(addr) round_page(addr) /* DRM_SUSER returns true if the user is superuser */ -#if __FreeBSD_version >= 1000000 -#define DRM_SUSER(p) (priv_check(p, PRIV_KMEM_WRITE) == 0) -#elif __FreeBSD_version >= 700000 +#if __FreeBSD_version >= 700000 #define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0) #else #define DRM_SUSER(p) (suser(p) == 0) Modified: head/sys/kern/kern_jail.c ============================================================================== --- head/sys/kern/kern_jail.c Fri Jan 31 17:26:15 2014 (r261325) +++ head/sys/kern/kern_jail.c Fri Jan 31 17:39:51 2014 (r261326) @@ -208,7 +208,6 @@ static char *pr_allow_names[] = { "allow.mount.zfs", "allow.mount.procfs", "allow.mount.tmpfs", - "allow.kmem", }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -225,7 +224,6 @@ static char *pr_allow_nonames[] = { "allow.mount.nozfs", "allow.mount.noprocfs", "allow.mount.notmpfs", - "allow.nokmem", }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -3953,27 +3951,6 @@ prison_priv_check(struct ucred *cred, in return (0); /* - * Allow access to /dev/io in a jail if the non-jailed admin - * requests this and if /dev/io exists in the jail. This - * allows Xorg to probe a card. - */ - case PRIV_IO: - if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM) - return (0); - else - return (EPERM); - - /* - * Allow low level access to KMEM-like devices (e.g. to - * allow Xorg to use DRI). - */ - case PRIV_KMEM_WRITE: - if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM) - return (0); - else - return (EPERM); - - /* * Allow jailed root to set loginclass. */ case PRIV_PROC_SETLOGINCLASS: @@ -4407,8 +4384,6 @@ SYSCTL_JAIL_PARAM(_allow, quotas, CTLTYP "B", "Jail may set file quotas"); SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route"); -SYSCTL_JAIL_PARAM(_allow, kmem, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may access kmem-like devices (io, dri) if they exist"); SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags"); SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, Modified: head/sys/sys/jail.h ============================================================================== --- head/sys/sys/jail.h Fri Jan 31 17:26:15 2014 (r261325) +++ head/sys/sys/jail.h Fri Jan 31 17:39:51 2014 (r261326) @@ -228,8 +228,7 @@ struct prison_racct { #define PR_ALLOW_MOUNT_ZFS 0x0200 #define PR_ALLOW_MOUNT_PROCFS 0x0400 #define PR_ALLOW_MOUNT_TMPFS 0x0800 -#define PR_ALLOW_KMEM 0x1000 -#define PR_ALLOW_ALL 0x1fff +#define PR_ALLOW_ALL 0x0fff /* * OSD methods Modified: head/usr.sbin/jail/jail.8 ============================================================================== --- head/usr.sbin/jail/jail.8 Fri Jan 31 17:26:15 2014 (r261325) +++ head/usr.sbin/jail/jail.8 Fri Jan 31 17:39:51 2014 (r261326) @@ -573,17 +573,6 @@ with non-jailed parts of the system. Sockets within a jail are normally restricted to IPv4, IPv6, local (UNIX), and route. This allows access to other protocol stacks that have not had jail functionality added to them. -.It Va allow.kmem -Jailed processes may access -.Pa /dev/kmem -and similar devices (e.g. io, dri) if they have sufficient permission -(via the usual file permissions). -Note that the device files must exist within the jail for this parameter -to be of any use; -the default devfs ruleset for jails does not include any such devices. -Giving a jail access to kernel memory obviates much of the security that -jails offer, but can still be useful for other purposes. -For example, this would allow the Xorg server to run inside a jail. .El .El .Pp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401311739.s0VHdq8r020193>