Date: Sat, 2 Sep 2006 02:49:22 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: Robert Watson <rwatson@freebsd.org> Cc: Perforce Change Reviews <perforce@freebsd.org> Subject: Re: PERFORCE change 105508 for review Message-ID: <20060902024832.K58636@fledge.watson.org> In-Reply-To: <200609020625.k826PGWV066879@repoman.freebsd.org> References: <200609020625.k826PGWV066879@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry if I missed a post; is there a project goin' on that explains this work? Just curious not trying to pester :-) Peace/Cheers/blah, andrew On Sat, 2 Sep 2006, Robert Watson wrote: :http://perforce.freebsd.org/chv.cgi?CH=105508 : :Change 105508 by rwatson@rwatson_sesame on 2006/09/02 06:24:56 : : Replace most kernel suser checks with more specific privilege : checks. In some cases, significantly rework privilege logic to : make more sense, such as in the file system handling of device : permission override. Remove some unneeded suser checks in : sysctl wrappers. : : Sponsored by: nCircle Network Security, Inc. : :Affected files ... : :.. //depot/projects/trustedbsd/priv/sys/amd64/amd64/io.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_stat.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/conf/files#2 edit :.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cbq.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cdnr.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_hfsc.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_priq.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_red.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_rio.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/contrib/pf/net/if_pfsync.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/an/if_an.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/arl/if_arl.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/asr/asr.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/ata/atapi-cd.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/ce/if_ce.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/cp/if_cp.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/ctau/if_ct.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/cx/if_cx.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/dcons/dcons_os.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/drm/drmP.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/fdc/fdc.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/hwpmc/hwpmc_mod.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/if_ndis/if_ndis.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/kbd/kbd.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/lmc/if_lmc.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/lmc/if_lmc.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/nmdm/nmdm.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/null/null.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/ofw/ofw_console.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/random/randomdev.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/sbni/if_sbni.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/sbsh/if_sbsh.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/si/si.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/syscons/syscons.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/syscons/sysmouse.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/wi/if_wi.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/wl/if_wl.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/dev/zs/zs.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_rule.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_vnops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/fs/hpfs/hpfs_vnops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vfsops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vnops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/fs/smbfs/smbfs_vnops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/fs/udf/udf_vfsops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/fs/umapfs/umap_vfsops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vfsops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vnops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/gnu/fs/reiserfs/reiserfs_fs.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/gnu/fs/reiserfs/reiserfs_vfsops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/gnu/fs/xfs/FreeBSD/xfs_super.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/i386/i386/io.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/i386/i386/sys_machdep.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/i386/i386/vm86.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/i386/ibcs2/ibcs2_misc.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/i386/ibcs2/ibcs2_socksys.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/i386/ibcs2/ibcs2_sysi86.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/i386/linux/linux_machdep.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/i4b/driver/i4b_ipr.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/ia64/ia64/ssc.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/isofs/cd9660/cd9660_vfsops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_acct.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_descrip.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_environment.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_exec.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_fork.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_ktr.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_ktrace.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_linker.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_ntptime.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_prot.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_resource.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_shutdown.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_thr.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_time.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/kern_xxx.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/subr_acl_posix1e.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/subr_firmware.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/subr_prf.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/subr_witness.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/sysv_msg.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/tty.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/tty_cons.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/tty_pts.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/tty_pty.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/uipc_mqueue.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/uipc_sem.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/vfs_mount.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/vfs_subr.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/vfs_syscalls.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/kern/vfs_vnops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/bpf.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/if.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/if_bridge.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/if_gre.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/if_ppp.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/if_sl.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/if_tap.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/if_tun.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/ppp_tty.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/raw_usrreq.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net/rtsock.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/net80211/ieee80211_ioctl.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netatalk/at_control.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netatalk/ddp_pcb.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netatm/atm_usrreq.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netgraph/ng_socket.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netgraph/ng_tty.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet/in_pcb.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet/ip_carp.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet/ip_divert.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet/ip_fw2.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet/ip_mroute.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet/ip_output.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet/raw_ip.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet/tcp_subr.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet/udp_usrreq.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet6/in6.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_pcb.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_src.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet6/ipsec.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netinet6/udp6_usrreq.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netipsec/ipsec_osdep.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/netipx/ipx_pcb.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netipx/ipx_usrreq.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netncp/ncp_conn.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netncp/ncp_mod.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netncp/ncp_subr.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/netsmb/smb_conn.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/netsmb/smb_subr.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/nfsserver/nfs_syscalls.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/pc98/cbus/fdc.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/posix4/p1003_1b.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/audit/audit.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/audit/audit_pipe.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/audit/audit_syscalls.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/mac/mac_internal.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/mac/mac_net.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/mac_bsdextended/mac_bsdextended.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/mac_lomac/mac_lomac.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/mac_partition/mac_partition.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/mac_portacl/mac_portacl.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/security/mac_seeotheruids/mac_seeotheruids.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/sys/jail.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/sys/sysctl.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/sys/systm.h#2 edit :.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_alloc.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vfsops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vnops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_extattr.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_vnops.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/vm/swap_pager.c#2 edit :.. //depot/projects/trustedbsd/priv/sys/vm/vm_mmap.c#2 edit : :Differences ... : :==== //depot/projects/trustedbsd/priv/sys/amd64/amd64/io.c#2 (text+ko) ==== : :@@ -33,6 +33,7 @@ : #include <sys/lock.h> : #include <sys/malloc.h> : #include <sys/mutex.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/signalvar.h> : #include <sys/systm.h> :@@ -54,7 +55,7 @@ : { : int error; : :- error = suser(td); :+ error = priv_check(td, PRIV_IO); : if (error != 0) : return (error); : error = securelevel_gt(td->td_ucred, 0); : :==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#2 (text+ko) ==== : :@@ -49,6 +49,7 @@ : #include <sys/mount.h> : #include <sys/mutex.h> : #include <sys/namei.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/reboot.h> : #include <sys/resourcevar.h> :@@ -1011,7 +1012,8 @@ : * Keep cr_groups[0] unchanged to prevent that. : */ : :- if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { :+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, :+ SUSER_ALLOWJAIL)) != 0) { : PROC_UNLOCK(p); : crfree(newcred); : return (error); : :==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#2 (text+ko) ==== : :@@ -33,6 +33,7 @@ : #include <sys/lock.h> : #include <sys/malloc.h> : #include <sys/mutex.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/syscallsubr.h> : #include <sys/sysproto.h> :@@ -123,7 +124,8 @@ : * Keep cr_groups[0] unchanged to prevent that. : */ : :- if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { :+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, :+ SUSER_ALLOWJAIL)) != 0) { : PROC_UNLOCK(p); : crfree(newcred); : return (error); : :==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#2 (text+ko) ==== : :@@ -45,6 +45,7 @@ : #include <sys/mount.h> : #include <sys/mutex.h> : #include <sys/namei.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/stat.h> : #include <sys/syscallsubr.h> :@@ -279,7 +280,7 @@ : goto out; : : if (td->td_ucred->cr_uid != vattr.va_uid && :- (error = suser(td)) != 0) :+ (error = priv_check(td, PRIV_VFS_ADMIN)) != 0) : goto out; : : if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) : :==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#2 (text+ko) ==== : :@@ -53,6 +53,7 @@ : #include <sys/msg.h> : #include <sys/mutex.h> : #include <sys/namei.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/ptrace.h> : #include <sys/resource.h> :@@ -610,7 +611,7 @@ : struct file *fp; : int error, vfslocked; : :- if ((error = suser(td)) != 0) :+ if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0) : return error; : if ((error = getvnode(fdp, uap->fd, &fp)) != 0) : return error; : :==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_stat.c#2 (text+ko) ==== : :@@ -470,14 +470,10 @@ : break; : #if defined(WHY_DOES_AN_EMULATOR_WANT_TO_SET_HOSTNAMES) : case SVR4_SI_SET_HOSTNAME: :- if ((error = suser(td)) != 0) :- return error; : name = KERN_HOSTNAME; : return kern_sysctl(&name, 1, 0, 0, uap->buf, rlen, td); : : case SVR4_SI_SET_SRPC_DOMAIN: :- if ((error = suser(td)) != 0) :- return error; : name = KERN_NISDOMAINNAME; : return kern_sysctl(&name, 1, 0, 0, uap->buf, rlen, td); : #else : :==== //depot/projects/trustedbsd/priv/sys/conf/files#2 (text+ko) ==== : :@@ -1335,6 +1335,7 @@ : kern/kern_physio.c standard : kern/kern_pmc.c standard : kern/kern_poll.c optional device_polling :+kern/kern_priv.c standard : kern/kern_proc.c standard : kern/kern_prot.c standard : kern/kern_resource.c standard : :==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cbq.c#2 (text+ko) ==== : :@@ -1062,7 +1062,9 @@ : /* currently only command that an ordinary user can call */ : break; : default: :-#if (__FreeBSD_version > 400000) :+#if (__FreeBSD_version > 700000) :+ error = priv_check(p, PRIV_ALTQ_MANAGE); :+#elsif (__FreeBSD_version > 400000) : error = suser(p); : #else : error = suser(p->p_ucred, &p->p_acflag); : :==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cdnr.c#2 (text+ko) ==== : :@@ -1262,7 +1262,9 @@ : case CDNR_GETSTATS: : break; : default: :-#if (__FreeBSD_version > 400000) :+#if (__FreeBSD_versoin > 700000) :+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) :+#elsif (__FreeBSD_version > 400000) : if ((error = suser(p)) != 0) : #else : if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) : :==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_hfsc.c#2 (text+ko) ==== : :@@ -1975,7 +1975,10 @@ : case HFSC_GETSTATS: : break; : default: :-#if (__FreeBSD_version > 400000) :+#if (__FreeBSD_version > 700000) :+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) :+ return (error); :+#elsif (__FreeBSD_version > 400000) : if ((error = suser(p)) != 0) : return (error); : #else : :==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_priq.c#2 (text+ko) ==== : :@@ -772,7 +772,10 @@ : case PRIQ_GETSTATS: : break; : default: :-#if (__FreeBSD_version > 400000) :+#if (__FreeBSD_version > 700000) :+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) :+ return (error); :+#elsif (__FreeBSD_version > 400000) : if ((error = suser(p)) != 0) : return (error); : #else : :==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_red.c#2 (text+ko) ==== : :@@ -781,7 +781,9 @@ : case RED_GETSTATS: : break; : default: :-#if (__FreeBSD_version > 400000) :+#if (__FreeBSD_version > 700000) :+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) :+#elsif (__FreeBSD_version > 400000) : if ((error = suser(p)) != 0) : #else : if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) : :==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_rio.c#2 (text+ko) ==== : :@@ -531,7 +531,10 @@ : case RIO_GETSTATS: : break; : default: :-#if (__FreeBSD_version > 400000) :+#if (__FreeBSD_versoin > 700000) :+ if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0) :+ return (error); :+#elsif (__FreeBSD_version > 400000) : if ((error = suser(p)) != 0) : return (error); : #else : :==== //depot/projects/trustedbsd/priv/sys/contrib/pf/net/if_pfsync.c#2 (text+ko) ==== : :@@ -54,6 +54,9 @@ : #endif : : #include <sys/param.h> :+#ifdef __FreeBSD__ :+#include <sys/priv.h> :+#endif : #include <sys/proc.h> : #include <sys/systm.h> : #include <sys/time.h> :@@ -1057,7 +1060,7 @@ : break; : case SIOCSETPFSYNC: : #ifdef __FreeBSD__ :- if ((error = suser(curthread)) != 0) :+ if ((error = priv_check(curthread, PRIV_NETINET_PF)) != 0) : #else : if ((error = suser(p, p->p_acflag)) != 0) : #endif : :==== //depot/projects/trustedbsd/priv/sys/dev/an/if_an.c#2 (text+ko) ==== : :@@ -92,6 +92,7 @@ : #include <sys/systm.h> : #include <sys/sockio.h> : #include <sys/mbuf.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/kernel.h> : #include <sys/socket.h> :@@ -1920,7 +1921,7 @@ : break; : #ifdef ANCACHE : if (sc->areq.an_type == AN_RID_ZERO_CACHE) { :- error = suser(td); :+ error = priv_check(td, PRIV_DRIVER); : if (error) : break; : sc->an_sigitems = sc->an_nextitem = 0; :@@ -1944,7 +1945,7 @@ : error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq)); : break; : case SIOCSAIRONET: :- if ((error = suser(td))) :+ if ((error = priv_check(td, PRIV_DRIVER))) : goto out; : error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq)); : if (error != 0) :@@ -1952,7 +1953,7 @@ : an_setdef(sc, &sc->areq); : break; : case SIOCGPRIVATE_0: /* used by Cisco client utility */ :- if ((error = suser(td))) :+ if ((error = priv_check(td, PRIV_DRIVER))) : goto out; : error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl)); : if (error) :@@ -1974,7 +1975,7 @@ : } : break; : case SIOCGPRIVATE_1: /* used by Cisco client utility */ :- if ((error = suser(td))) :+ if ((error = priv_check(td, PRIV_DRIVER))) : goto out; : error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl)); : if (error) :@@ -2226,7 +2227,7 @@ : } : break; : case SIOCS80211: :- if ((error = suser(td))) :+ if ((error = priv_check(td, PRIV_NET80211_MANAGE))) : goto out; : sc->areq.an_len = sizeof(sc->areq); : /* : :==== //depot/projects/trustedbsd/priv/sys/dev/arl/if_arl.c#2 (text+ko) ==== : :@@ -43,6 +43,7 @@ : #include <sys/mbuf.h> : #include <sys/socket.h> : #include <sys/sockio.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/conf.h> : :@@ -504,7 +505,7 @@ : break; : : case SIOCS80211: :- if ((error = suser(td))) :+ if ((error = priv_check(td, PRIV_NET80211_MANAGE))) : break; : switch (ireq->i_type) { : case IEEE80211_IOC_SSID: :@@ -577,7 +578,7 @@ : } : case SIOCGARLALL: : bzero(&arlan_io, sizeof(arlan_io)); :- if (!suser(td)) { :+ if (!priv_check(td, PRIV_DRIVER)) { : bcopy(ar->systemId, arlan_io.cfg.sid, 4); : } : :@@ -616,7 +617,7 @@ : } while (0) : : case SIOCSARLALL: :- if (suser(td)) :+ if (priv_check(td, PRIV_DRIVER)) : break; : : user = (void *)ifr->ifr_data; : :==== //depot/projects/trustedbsd/priv/sys/dev/asr/asr.c#2 (text+ko) ==== : :@@ -117,6 +117,7 @@ : #include <sys/malloc.h> : #include <sys/conf.h> : #include <sys/ioccom.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/bus.h> : #include <machine/resource.h> :@@ -3114,7 +3115,7 @@ : s = splcam (); : if (ASR_ctlr_held) { : error = EBUSY; :- } else if ((error = suser(td)) == 0) { :+ } else if ((error = priv_check(td, PRIV_DRIVER)) == 0) { : ++ASR_ctlr_held; : } : splx(s); : :==== //depot/projects/trustedbsd/priv/sys/dev/ata/atapi-cd.c#2 (text+ko) ==== : :@@ -34,6 +34,7 @@ : #include <sys/kernel.h> : #include <sys/module.h> : #include <sys/malloc.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/bio.h> : #include <sys/bus.h> :@@ -257,8 +258,11 @@ : cdp->flags |= F_LOCKED; : break; : :+ /* :+ * XXXRW: Why does this require privilege? :+ */ : case CDIOCRESET: :- error = suser(td); :+ error = priv_check(td, PRIV_DRIVER); : if (error) : break; : error = acd_test_ready(dev); : :==== //depot/projects/trustedbsd/priv/sys/dev/ce/if_ce.c#2 (text+ko) ==== : :@@ -29,6 +29,7 @@ : #if NPCI > 0 : : #include <sys/ucred.h> :+#include <sys/priv.h> : #include <sys/proc.h> : #include <sys/systm.h> : #include <sys/mbuf.h> :@@ -1341,9 +1342,11 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :-#else /* __FreeBSD_version >= 500000 */ :+#elsif __FreeBSD_version < 700000 : error = suser (td); :-#endif /* __FreeBSD_version >= 500000 */ :+#else :+ error = priv_check (td, PRIV_DRIVER); :+#endif : if (error) : return error; : #if __FreeBSD_version >= 600034 :@@ -1380,8 +1383,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1408,8 +1413,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1426,8 +1433,10 @@ : CE_DEBUG2 (d, ("ioctl: setcfg\n")); : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1526,8 +1535,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1560,8 +1571,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1586,8 +1599,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1608,8 +1623,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1634,8 +1651,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1658,8 +1677,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1686,8 +1707,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1708,8 +1731,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1734,8 +1759,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1758,8 +1785,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1784,8 +1813,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1810,8 +1841,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1836,8 +1869,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1867,8 +1902,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1892,8 +1929,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1909,8 +1948,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; :@@ -1945,8 +1986,10 @@ : /* Only for superuser! */ : #if __FreeBSD_version < 500000 : error = suser (p); :+#elsif __FreeBSD_version < 700000 :+ error = suser (td); : #else :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : #endif : if (error) : return error; : :==== //depot/projects/trustedbsd/priv/sys/dev/cp/if_cp.c#2 (text+ko) ==== : :@@ -33,6 +33,7 @@ : #include <sys/module.h> : #include <sys/conf.h> : #include <sys/malloc.h> :+#include <sys/priv.h> : #include <sys/socket.h> : #include <sys/sockio.h> : #include <sys/sysctl.h> :@@ -1071,7 +1072,7 @@ : case SERIAL_SETPROTO: : CP_DEBUG2 (d, ("ioctl: setproto\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (d->ifp->if_drv_flags & IFF_DRV_RUNNING) :@@ -1102,7 +1103,7 @@ : case SERIAL_SETKEEPALIVE: : CP_DEBUG2 (d, ("ioctl: setkeepalive\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if ((IFP2SP(d->ifp)->pp_flags & PP_FR) || :@@ -1126,7 +1127,7 @@ : : case SERIAL_SETMODE: : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (*(int*)data != SERIAL_HDLC) :@@ -1142,7 +1143,7 @@ : : case SERIAL_SETCFG: : CP_DEBUG2 (d, ("ioctl: setcfg\n")); :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_E1) :@@ -1239,7 +1240,7 @@ : case SERIAL_CLRSTAT: : CP_DEBUG2 (d, ("ioctl: clrstat\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : c->rintr = 0; :@@ -1268,7 +1269,7 @@ : case SERIAL_SETBAUD: : CP_DEBUG2 (d, ("ioctl: setbaud\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : s = splimp (); :@@ -1286,7 +1287,7 @@ : case SERIAL_SETLOOP: : CP_DEBUG2 (d, ("ioctl: setloop\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : s = splimp (); :@@ -1306,7 +1307,7 @@ : case SERIAL_SETDPLL: : CP_DEBUG2 (d, ("ioctl: setdpll\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_SERIAL) :@@ -1328,7 +1329,7 @@ : case SERIAL_SETNRZI: : CP_DEBUG2 (d, ("ioctl: setnrzi\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_SERIAL) :@@ -1348,7 +1349,7 @@ : case SERIAL_SETDEBUG: : CP_DEBUG2 (d, ("ioctl: setdebug\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : d->chan->debug = *(int*)data; :@@ -1370,7 +1371,7 @@ : case SERIAL_SETHIGAIN: : CP_DEBUG2 (d, ("ioctl: sethigain\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_E1) :@@ -1392,7 +1393,7 @@ : case SERIAL_SETPHONY: : CP_DEBUG2 (d, ("ioctl: setphony\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_E1) :@@ -1414,7 +1415,7 @@ : case SERIAL_SETUNFRAM: : CP_DEBUG2 (d, ("ioctl: setunfram\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_E1) :@@ -1436,7 +1437,7 @@ : case SERIAL_SETSCRAMBLER: : CP_DEBUG2 (d, ("ioctl: setscrambler\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_G703 && !c->unfram) :@@ -1461,7 +1462,7 @@ : case SERIAL_SETMONITOR: : CP_DEBUG2 (d, ("ioctl: setmonitor\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_E1) :@@ -1483,7 +1484,7 @@ : case SERIAL_SETUSE16: : CP_DEBUG2 (d, ("ioctl: setuse16\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_E1) :@@ -1505,7 +1506,7 @@ : case SERIAL_SETCRC4: : CP_DEBUG2 (d, ("ioctl: setcrc4\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_E1) :@@ -1538,7 +1539,7 @@ : case SERIAL_SETCLK: : CP_DEBUG2 (d, ("ioctl: setclk\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if (c->type != T_E1 && :@@ -1571,7 +1572,7 @@ : case SERIAL_SETTIMESLOTS: : CP_DEBUG2 (d, ("ioctl: settimeslots\n")); : /* Only for superuser! */ :- error = suser (td); :+ error = priv_check (td, PRIV_DRIVER); : if (error) : return error; : if ((c->type != T_E1 || c->unfram) && c->type != T_DATA) :@@ -1597,7 +1598,7 @@ : :>>> TRUNCATED FOR MAIL (1000 lines) <<< : : -- arr@watson.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060902024832.K58636>