Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 2 Sep 2006 02:49:22 -0400 (EDT)
From:      "Andrew R. Reiter" <arr@watson.org>
To:        Robert Watson <rwatson@freebsd.org>
Cc:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   Re: PERFORCE change 105508 for review
Message-ID:  <20060902024832.K58636@fledge.watson.org>
In-Reply-To: <200609020625.k826PGWV066879@repoman.freebsd.org>
References:  <200609020625.k826PGWV066879@repoman.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

Sorry if I missed a post; is there a project goin' on that explains this 
work?  Just curious not trying to pester :-)

Peace/Cheers/blah,
andrew

On Sat, 2 Sep 2006, Robert Watson wrote:

:http://perforce.freebsd.org/chv.cgi?CH=105508
:
:Change 105508 by rwatson@rwatson_sesame on 2006/09/02 06:24:56
:
:	Replace most kernel suser checks with more specific privilege
:	checks.  In some cases, significantly rework privilege logic to
:	make more sense, such as in the file system handling of device
:	permission override.  Remove some unneeded suser checks in
:	sysctl wrappers.
:	
:	Sponsored by:	nCircle Network Security, Inc.
:
:Affected files ...
:
:.. //depot/projects/trustedbsd/priv/sys/amd64/amd64/io.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_stat.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/conf/files#2 edit
:.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cbq.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cdnr.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_hfsc.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_priq.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_red.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_rio.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/contrib/pf/net/if_pfsync.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/an/if_an.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/arl/if_arl.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/asr/asr.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/ata/atapi-cd.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/ce/if_ce.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/cp/if_cp.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/ctau/if_ct.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/cx/if_cx.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/dcons/dcons_os.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/drm/drmP.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/fdc/fdc.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/hwpmc/hwpmc_mod.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/if_ndis/if_ndis.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/kbd/kbd.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/lmc/if_lmc.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/lmc/if_lmc.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/nmdm/nmdm.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/null/null.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/ofw/ofw_console.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/random/randomdev.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/sbni/if_sbni.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/sbsh/if_sbsh.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/si/si.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/syscons/syscons.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/syscons/sysmouse.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/wi/if_wi.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/wl/if_wl.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/dev/zs/zs.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_rule.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_vnops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/fs/hpfs/hpfs_vnops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vfsops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vnops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/fs/smbfs/smbfs_vnops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/fs/udf/udf_vfsops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/fs/umapfs/umap_vfsops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vfsops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vnops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/gnu/fs/reiserfs/reiserfs_fs.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/gnu/fs/reiserfs/reiserfs_vfsops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/gnu/fs/xfs/FreeBSD/xfs_super.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/i386/i386/io.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/i386/i386/sys_machdep.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/i386/i386/vm86.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/i386/ibcs2/ibcs2_misc.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/i386/ibcs2/ibcs2_socksys.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/i386/ibcs2/ibcs2_sysi86.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/i386/linux/linux_machdep.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/i4b/driver/i4b_ipr.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/ia64/ia64/ssc.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/isofs/cd9660/cd9660_vfsops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_acct.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_descrip.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_environment.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_exec.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_fork.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_ktr.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_ktrace.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_linker.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_ntptime.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_prot.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_resource.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_shutdown.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_thr.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_time.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/kern_xxx.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/subr_acl_posix1e.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/subr_firmware.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/subr_prf.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/subr_witness.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/sysv_msg.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/tty.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/tty_cons.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/tty_pts.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/tty_pty.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/uipc_mqueue.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/uipc_sem.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/vfs_mount.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/vfs_subr.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/vfs_syscalls.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/kern/vfs_vnops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/bpf.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/if.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/if_bridge.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/if_gre.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/if_ppp.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/if_sl.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/if_tap.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/if_tun.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/ppp_tty.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/raw_usrreq.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net/rtsock.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/net80211/ieee80211_ioctl.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netatalk/at_control.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netatalk/ddp_pcb.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netatm/atm_usrreq.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netgraph/ng_socket.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netgraph/ng_tty.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet/in_pcb.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet/ip_carp.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet/ip_divert.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet/ip_fw2.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet/ip_mroute.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet/ip_output.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet/raw_ip.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet/tcp_subr.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet/udp_usrreq.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet6/in6.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_pcb.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_src.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet6/ipsec.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netinet6/udp6_usrreq.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netipsec/ipsec_osdep.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netipx/ipx_pcb.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netipx/ipx_usrreq.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netncp/ncp_conn.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netncp/ncp_mod.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netncp/ncp_subr.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netsmb/smb_conn.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/netsmb/smb_subr.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/nfsserver/nfs_syscalls.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/pc98/cbus/fdc.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/posix4/p1003_1b.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/audit/audit.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/audit/audit_pipe.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/audit/audit_syscalls.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/mac/mac_internal.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/mac/mac_net.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/mac_bsdextended/mac_bsdextended.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/mac_lomac/mac_lomac.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/mac_partition/mac_partition.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/mac_portacl/mac_portacl.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/security/mac_seeotheruids/mac_seeotheruids.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/sys/jail.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/sys/sysctl.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/sys/systm.h#2 edit
:.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_alloc.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vfsops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vnops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_extattr.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_vnops.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/vm/swap_pager.c#2 edit
:.. //depot/projects/trustedbsd/priv/sys/vm/vm_mmap.c#2 edit
:
:Differences ...
:
:==== //depot/projects/trustedbsd/priv/sys/amd64/amd64/io.c#2 (text+ko) ====
:
:@@ -33,6 +33,7 @@
: #include <sys/lock.h>
: #include <sys/malloc.h>
: #include <sys/mutex.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/signalvar.h>
: #include <sys/systm.h>
:@@ -54,7 +55,7 @@
: {
: 	int error;
: 
:-	error = suser(td);
:+	error = priv_check(td, PRIV_IO);
: 	if (error != 0)
: 		return (error);
: 	error = securelevel_gt(td->td_ucred, 0);
:
:==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#2 (text+ko) ====
:
:@@ -49,6 +49,7 @@
: #include <sys/mount.h>
: #include <sys/mutex.h>
: #include <sys/namei.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/reboot.h>
: #include <sys/resourcevar.h>
:@@ -1011,7 +1012,8 @@
: 	 * Keep cr_groups[0] unchanged to prevent that.
: 	 */
: 
:-	if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
:+	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
:+	    SUSER_ALLOWJAIL)) != 0) {
: 		PROC_UNLOCK(p);
: 		crfree(newcred);
: 		return (error);
:
:==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#2 (text+ko) ====
:
:@@ -33,6 +33,7 @@
: #include <sys/lock.h>
: #include <sys/malloc.h>
: #include <sys/mutex.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/syscallsubr.h>
: #include <sys/sysproto.h>
:@@ -123,7 +124,8 @@
: 	 * Keep cr_groups[0] unchanged to prevent that.
: 	 */
: 
:-	if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
:+	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
:+	    SUSER_ALLOWJAIL)) != 0) {
: 		PROC_UNLOCK(p);
: 		crfree(newcred);
: 		return (error);
:
:==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#2 (text+ko) ====
:
:@@ -45,6 +45,7 @@
: #include <sys/mount.h>
: #include <sys/mutex.h>
: #include <sys/namei.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/stat.h>
: #include <sys/syscallsubr.h>
:@@ -279,7 +280,7 @@
: 		goto out;
: 
: 	if (td->td_ucred->cr_uid != vattr.va_uid &&
:-	    (error = suser(td)) != 0)
:+	    (error = priv_check(td, PRIV_VFS_ADMIN)) != 0)
: 		goto out;
: 
: 	if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
:
:==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#2 (text+ko) ====
:
:@@ -53,6 +53,7 @@
: #include <sys/msg.h>
: #include <sys/mutex.h>
: #include <sys/namei.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/ptrace.h>
: #include <sys/resource.h>
:@@ -610,7 +611,7 @@
: 	struct file	*fp;
: 	int		 error, vfslocked;
: 
:-	if ((error = suser(td)) != 0)
:+	if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0)
: 		return error;
: 	if ((error = getvnode(fdp, uap->fd, &fp)) != 0)
: 		return error;
:
:==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_stat.c#2 (text+ko) ====
:
:@@ -470,14 +470,10 @@
: 		break;
: #if defined(WHY_DOES_AN_EMULATOR_WANT_TO_SET_HOSTNAMES)
: 	case SVR4_SI_SET_HOSTNAME:
:-		if ((error = suser(td)) != 0)
:-			return error;
: 		name = KERN_HOSTNAME;
: 		return kern_sysctl(&name, 1, 0, 0, uap->buf, rlen, td);
: 
: 	case SVR4_SI_SET_SRPC_DOMAIN:
:-		if ((error = suser(td)) != 0)
:-			return error;
: 		name = KERN_NISDOMAINNAME;
: 		return kern_sysctl(&name, 1, 0, 0, uap->buf, rlen, td);
: #else
:
:==== //depot/projects/trustedbsd/priv/sys/conf/files#2 (text+ko) ====
:
:@@ -1335,6 +1335,7 @@
: kern/kern_physio.c		standard
: kern/kern_pmc.c			standard
: kern/kern_poll.c		optional device_polling
:+kern/kern_priv.c		standard
: kern/kern_proc.c		standard
: kern/kern_prot.c		standard
: kern/kern_resource.c		standard
:
:==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cbq.c#2 (text+ko) ====
:
:@@ -1062,7 +1062,9 @@
: 		/* currently only command that an ordinary user can call */
: 		break;
: 	default:
:-#if (__FreeBSD_version > 400000)
:+#if (__FreeBSD_version > 700000)
:+		error = priv_check(p, PRIV_ALTQ_MANAGE);
:+#elsif (__FreeBSD_version > 400000)
: 		error = suser(p);
: #else
: 		error = suser(p->p_ucred, &p->p_acflag);
:
:==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_cdnr.c#2 (text+ko) ====
:
:@@ -1262,7 +1262,9 @@
: 	case CDNR_GETSTATS:
: 		break;
: 	default:
:-#if (__FreeBSD_version > 400000)
:+#if (__FreeBSD_versoin > 700000)
:+		if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
:+#elsif (__FreeBSD_version > 400000)
: 		if ((error = suser(p)) != 0)
: #else
: 		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
:
:==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_hfsc.c#2 (text+ko) ====
:
:@@ -1975,7 +1975,10 @@
: 	case HFSC_GETSTATS:
: 		break;
: 	default:
:-#if (__FreeBSD_version > 400000)
:+#if (__FreeBSD_version > 700000)
:+		if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
:+			return (error);
:+#elsif (__FreeBSD_version > 400000)
: 		if ((error = suser(p)) != 0)
: 			return (error);
: #else
:
:==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_priq.c#2 (text+ko) ====
:
:@@ -772,7 +772,10 @@
: 	case PRIQ_GETSTATS:
: 		break;
: 	default:
:-#if (__FreeBSD_version > 400000)
:+#if (__FreeBSD_version > 700000)
:+		if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
:+			return (error);
:+#elsif (__FreeBSD_version > 400000)
: 		if ((error = suser(p)) != 0)
: 			return (error);
: #else
:
:==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_red.c#2 (text+ko) ====
:
:@@ -781,7 +781,9 @@
: 	case RED_GETSTATS:
: 		break;
: 	default:
:-#if (__FreeBSD_version > 400000)
:+#if (__FreeBSD_version > 700000)
:+		if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
:+#elsif (__FreeBSD_version > 400000)
: 		if ((error = suser(p)) != 0)
: #else
: 		if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
:
:==== //depot/projects/trustedbsd/priv/sys/contrib/altq/altq/altq_rio.c#2 (text+ko) ====
:
:@@ -531,7 +531,10 @@
: 	case RIO_GETSTATS:
: 		break;
: 	default:
:-#if (__FreeBSD_version > 400000)
:+#if (__FreeBSD_versoin > 700000)
:+		if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
:+			return (error);
:+#elsif (__FreeBSD_version > 400000)
: 		if ((error = suser(p)) != 0)
: 			return (error);
: #else
:
:==== //depot/projects/trustedbsd/priv/sys/contrib/pf/net/if_pfsync.c#2 (text+ko) ====
:
:@@ -54,6 +54,9 @@
: #endif
: 
: #include <sys/param.h>
:+#ifdef __FreeBSD__
:+#include <sys/priv.h>
:+#endif
: #include <sys/proc.h>
: #include <sys/systm.h>
: #include <sys/time.h>
:@@ -1057,7 +1060,7 @@
: 		break;
: 	case SIOCSETPFSYNC:
: #ifdef __FreeBSD__
:-		if ((error = suser(curthread)) != 0)
:+		if ((error = priv_check(curthread, PRIV_NETINET_PF)) != 0)
: #else
: 		if ((error = suser(p, p->p_acflag)) != 0)
: #endif
:
:==== //depot/projects/trustedbsd/priv/sys/dev/an/if_an.c#2 (text+ko) ====
:
:@@ -92,6 +92,7 @@
: #include <sys/systm.h>
: #include <sys/sockio.h>
: #include <sys/mbuf.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/kernel.h>
: #include <sys/socket.h>
:@@ -1920,7 +1921,7 @@
: 			break;
: #ifdef ANCACHE
: 		if (sc->areq.an_type == AN_RID_ZERO_CACHE) {
:-			error = suser(td);
:+			error = priv_check(td, PRIV_DRIVER);
: 			if (error)
: 				break;
: 			sc->an_sigitems = sc->an_nextitem = 0;
:@@ -1944,7 +1945,7 @@
: 		error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq));
: 		break;
: 	case SIOCSAIRONET:
:-		if ((error = suser(td)))
:+		if ((error = priv_check(td, PRIV_DRIVER)))
: 			goto out;
: 		error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq));
: 		if (error != 0)
:@@ -1952,7 +1953,7 @@
: 		an_setdef(sc, &sc->areq);
: 		break;
: 	case SIOCGPRIVATE_0:              /* used by Cisco client utility */
:-		if ((error = suser(td)))
:+		if ((error = priv_check(td, PRIV_DRIVER)))
: 			goto out;
: 		error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
: 		if (error)
:@@ -1974,7 +1975,7 @@
: 		}
: 		break;
: 	case SIOCGPRIVATE_1:              /* used by Cisco client utility */
:-		if ((error = suser(td)))
:+		if ((error = priv_check(td, PRIV_DRIVER)))
: 			goto out;
: 		error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
: 		if (error)
:@@ -2226,7 +2227,7 @@
: 		}
: 		break;
: 	case SIOCS80211:
:-		if ((error = suser(td)))
:+		if ((error = priv_check(td, PRIV_NET80211_MANAGE)))
: 			goto out;
: 		sc->areq.an_len = sizeof(sc->areq);
: 		/*
:
:==== //depot/projects/trustedbsd/priv/sys/dev/arl/if_arl.c#2 (text+ko) ====
:
:@@ -43,6 +43,7 @@
: #include <sys/mbuf.h>
: #include <sys/socket.h>
: #include <sys/sockio.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/conf.h>
: 
:@@ -504,7 +505,7 @@
: 		break;
: 
: 	case SIOCS80211:
:-		if ((error = suser(td)))
:+		if ((error = priv_check(td, PRIV_NET80211_MANAGE)))
: 			break;
: 		switch (ireq->i_type) {
: 		case IEEE80211_IOC_SSID:
:@@ -577,7 +578,7 @@
: 	}
: 	case SIOCGARLALL:
: 		bzero(&arlan_io, sizeof(arlan_io));
:-		if (!suser(td)) {
:+		if (!priv_check(td, PRIV_DRIVER)) {
: 			bcopy(ar->systemId, arlan_io.cfg.sid, 4);
: 		}
: 
:@@ -616,7 +617,7 @@
: 	} while (0)
: 
: 	case SIOCSARLALL:
:-		if (suser(td))
:+		if (priv_check(td, PRIV_DRIVER))
: 			break;
: 
: 		user = (void *)ifr->ifr_data;
:
:==== //depot/projects/trustedbsd/priv/sys/dev/asr/asr.c#2 (text+ko) ====
:
:@@ -117,6 +117,7 @@
: #include <sys/malloc.h>
: #include <sys/conf.h>
: #include <sys/ioccom.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/bus.h>
: #include <machine/resource.h>
:@@ -3114,7 +3115,7 @@
: 	s = splcam ();
: 	if (ASR_ctlr_held) {
: 		error = EBUSY;
:-	} else if ((error = suser(td)) == 0) {
:+	} else if ((error = priv_check(td, PRIV_DRIVER)) == 0) {
: 		++ASR_ctlr_held;
: 	}
: 	splx(s);
:
:==== //depot/projects/trustedbsd/priv/sys/dev/ata/atapi-cd.c#2 (text+ko) ====
:
:@@ -34,6 +34,7 @@
: #include <sys/kernel.h>
: #include <sys/module.h>
: #include <sys/malloc.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/bio.h>
: #include <sys/bus.h>
:@@ -257,8 +258,11 @@
: 	cdp->flags |= F_LOCKED;
: 	break;
: 
:+    /*
:+     * XXXRW: Why does this require privilege?
:+     */
:     case CDIOCRESET:
:-	error = suser(td);
:+	error = priv_check(td, PRIV_DRIVER);
: 	if (error)
: 	    break;
: 	error = acd_test_ready(dev);
:
:==== //depot/projects/trustedbsd/priv/sys/dev/ce/if_ce.c#2 (text+ko) ====
:
:@@ -29,6 +29,7 @@
: #if NPCI > 0
: 
: #include <sys/ucred.h>
:+#include <sys/priv.h>
: #include <sys/proc.h>
: #include <sys/systm.h>
: #include <sys/mbuf.h>
:@@ -1341,9 +1342,11 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:-#else /* __FreeBSD_version >= 500000 */
:+#elsif __FreeBSD_version < 700000
: 		error = suser (td);
:-#endif /* __FreeBSD_version >= 500000 */
:+#else
:+		error = priv_check (td, PRIV_DRIVER);
:+#endif
: 		if (error)
: 			return error;
: #if __FreeBSD_version >= 600034
:@@ -1380,8 +1383,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1408,8 +1413,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1426,8 +1433,10 @@
: 		CE_DEBUG2 (d, ("ioctl: setcfg\n"));
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1526,8 +1535,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1560,8 +1571,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1586,8 +1599,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1608,8 +1623,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1634,8 +1651,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1658,8 +1677,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1686,8 +1707,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1708,8 +1731,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1734,8 +1759,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1758,8 +1785,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1784,8 +1813,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1810,8 +1841,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1836,8 +1869,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1867,8 +1902,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1892,8 +1929,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1909,8 +1948,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:@@ -1945,8 +1986,10 @@
: 		/* Only for superuser! */
: #if __FreeBSD_version < 500000
: 		error = suser (p);
:+#elsif __FreeBSD_version < 700000
:+		error = suser (td);
: #else
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: #endif
: 		if (error)
: 			return error;
:
:==== //depot/projects/trustedbsd/priv/sys/dev/cp/if_cp.c#2 (text+ko) ====
:
:@@ -33,6 +33,7 @@
: #include <sys/module.h>
: #include <sys/conf.h>
: #include <sys/malloc.h>
:+#include <sys/priv.h>
: #include <sys/socket.h>
: #include <sys/sockio.h>
: #include <sys/sysctl.h>
:@@ -1071,7 +1072,7 @@
: 	case SERIAL_SETPROTO:
: 		CP_DEBUG2 (d, ("ioctl: setproto\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (d->ifp->if_drv_flags & IFF_DRV_RUNNING)
:@@ -1102,7 +1103,7 @@
: 	case SERIAL_SETKEEPALIVE:
: 		CP_DEBUG2 (d, ("ioctl: setkeepalive\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if ((IFP2SP(d->ifp)->pp_flags & PP_FR) ||
:@@ -1126,7 +1127,7 @@
: 
: 	case SERIAL_SETMODE:
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (*(int*)data != SERIAL_HDLC)
:@@ -1142,7 +1143,7 @@
: 
: 	case SERIAL_SETCFG:
: 		CP_DEBUG2 (d, ("ioctl: setcfg\n"));
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_E1)
:@@ -1239,7 +1240,7 @@
: 	case SERIAL_CLRSTAT:
: 		CP_DEBUG2 (d, ("ioctl: clrstat\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		c->rintr    = 0;
:@@ -1268,7 +1269,7 @@
: 	case SERIAL_SETBAUD:
: 		CP_DEBUG2 (d, ("ioctl: setbaud\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		s = splimp ();
:@@ -1286,7 +1287,7 @@
: 	case SERIAL_SETLOOP:
: 		CP_DEBUG2 (d, ("ioctl: setloop\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		s = splimp ();
:@@ -1306,7 +1307,7 @@
: 	case SERIAL_SETDPLL:
: 		CP_DEBUG2 (d, ("ioctl: setdpll\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_SERIAL)
:@@ -1328,7 +1329,7 @@
: 	case SERIAL_SETNRZI:
: 		CP_DEBUG2 (d, ("ioctl: setnrzi\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_SERIAL)
:@@ -1348,7 +1349,7 @@
: 	case SERIAL_SETDEBUG:
: 		CP_DEBUG2 (d, ("ioctl: setdebug\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		d->chan->debug = *(int*)data;
:@@ -1370,7 +1371,7 @@
: 	case SERIAL_SETHIGAIN:
: 		CP_DEBUG2 (d, ("ioctl: sethigain\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_E1)
:@@ -1392,7 +1393,7 @@
: 	case SERIAL_SETPHONY:
: 		CP_DEBUG2 (d, ("ioctl: setphony\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_E1)
:@@ -1414,7 +1415,7 @@
: 	case SERIAL_SETUNFRAM:
: 		CP_DEBUG2 (d, ("ioctl: setunfram\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_E1)
:@@ -1436,7 +1437,7 @@
: 	case SERIAL_SETSCRAMBLER:
: 		CP_DEBUG2 (d, ("ioctl: setscrambler\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_G703 && !c->unfram)
:@@ -1461,7 +1462,7 @@
: 	case SERIAL_SETMONITOR:
: 		CP_DEBUG2 (d, ("ioctl: setmonitor\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_E1)
:@@ -1483,7 +1484,7 @@
: 	case SERIAL_SETUSE16:
: 		CP_DEBUG2 (d, ("ioctl: setuse16\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_E1)
:@@ -1505,7 +1506,7 @@
: 	case SERIAL_SETCRC4:
: 		CP_DEBUG2 (d, ("ioctl: setcrc4\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_E1)
:@@ -1538,7 +1539,7 @@
: 	case SERIAL_SETCLK:
: 		CP_DEBUG2 (d, ("ioctl: setclk\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if (c->type != T_E1 &&
:@@ -1571,7 +1572,7 @@
: 	case SERIAL_SETTIMESLOTS:
: 		CP_DEBUG2 (d, ("ioctl: settimeslots\n"));
: 		/* Only for superuser! */
:-		error = suser (td);
:+		error = priv_check (td, PRIV_DRIVER);
: 		if (error)
: 			return error;
: 		if ((c->type != T_E1 || c->unfram) && c->type != T_DATA)
:@@ -1597,7 +1598,7 @@
:
:>>> TRUNCATED FOR MAIL (1000 lines) <<<
:
:

--
arr@watson.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060902024832.K58636>