Date: Thu, 16 Oct 2003 09:36:10 +0200 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: freebsd-hackers@freebsd.org Cc: rwatson@freebsd.org Subject: Sysctls cleanup. Message-ID: <20031016073610.GY520@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
--EYAXRszTzQPG7bQS Content-Type: multipart/mixed; boundary="QdA8+0Hc+u1HcecE" Content-Disposition: inline --QdA8+0Hc+u1HcecE Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Helloi hackers... I think this is more correct (but I haven't test it!). I've started to implement labels for sysctls, but after thinking this over again, I think this isn't really necessary. --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --QdA8+0Hc+u1HcecE Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: attachment; filename="mac_sysctls.patch" Content-Transfer-Encoding: quoted-printable (c) 2003 Pawel Jakub Dawidek <jules@garage.freebsd.pl> Patch against FreeBSD 5.1-CURRENT, kern.osreldate: 501110. diff -upr /usr/src/sys/kern/kern_mac.c src/sys/kern/kern_mac.c --- /usr/src/sys/kern/kern_mac.c Tue Oct 14 21:15:22 2003 +++ src/sys/kern/kern_mac.c Thu Oct 16 04:45:37 2003 @@ -2961,8 +2961,8 @@ mac_check_system_swapoff(struct ucred *c } =20 int -mac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, - void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) +mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, void = *arg1, + int arg2, struct sysctl_req *req) { int error; =20 @@ -2973,8 +2973,7 @@ mac_check_system_sysctl(struct ucred *cr if (!mac_enforce_system) return (0); =20 - MAC_CHECK(check_system_sysctl, cred, name, namelen, old, oldlenp, - inkernel, new, newlen); + MAC_CHECK(check_system_sysctl, cred, oidp, arg1, arg2, req); =20 return (error); } diff -upr /usr/src/sys/kern/kern_sysctl.c src/sys/kern/kern_sysctl.c --- /usr/src/sys/kern/kern_sysctl.c Thu Oct 16 02:58:27 2003 +++ src/sys/kern/kern_sysctl.c Thu Oct 16 04:51:02 2003 @@ -1175,12 +1175,22 @@ sysctl_root(SYSCTL_HANDLER_ARGS) if (!oid->oid_handler) return EINVAL; =20 - if ((oid->oid_kind & CTLTYPE) =3D=3D CTLTYPE_NODE) - error =3D oid->oid_handler(oid, (int *)arg1 + indx, arg2 - indx, - req); - else - error =3D oid->oid_handler(oid, oid->oid_arg1, oid->oid_arg2, - req); + if ((oid->oid_kind & CTLTYPE) =3D=3D CTLTYPE_NODE) { + (int *)arg1 +=3D indx; + arg2 -=3D indx; + } else { + arg1 =3D oid->oid_arg1; + arg2 =3D oid->oid_arg2; + } + +#ifdef MAC + error =3D mac_check_system_sysctl(td->td_ucred, oid, arg1, arg2, req); + if (error !=3D 0) + return (error); +#endif + + error =3D oid->oid_handler(oid, arg1, arg2, req); + return (error); } =20 @@ -1271,15 +1281,6 @@ userland_sysctl(struct thread *td, int * req.lock =3D REQ_LOCKED; =20 SYSCTL_LOCK(); - -#ifdef MAC - error =3D mac_check_system_sysctl(td->td_ucred, name, namelen, old, - oldlenp, inkernel, new, newlen); - if (error) { - SYSCTL_UNLOCK(); - return (error); - } -#endif =20 do { req2 =3D req; diff -upr /usr/src/sys/security/mac_biba/mac_biba.c src/sys/security/mac_bi= ba/mac_biba.c --- /usr/src/sys/security/mac_biba/mac_biba.c Thu Aug 21 16:34:54 2003 +++ src/sys/security/mac_biba/mac_biba.c Thu Oct 16 04:34:56 2003 @@ -1941,8 +1941,8 @@ mac_biba_check_system_swapoff(struct ucr } =20 static int -mac_biba_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, - void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) +mac_biba_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req) { struct mac_biba *subj; int error; @@ -1953,16 +1953,10 @@ mac_biba_check_system_sysctl(struct ucre subj =3D SLOT(&cred->cr_label); =20 /* - * In general, treat sysctl variables as biba/high, but also - * require privilege to change them, since they are a - * communications channel between grades. Exempt MIB - * queries from this due to undocmented sysctl magic. - * XXXMAC: This probably requires some more review. + * Treat sysctl variables without CTLFLAG_ANYBODY flag as + * biba/high, but also require privilege to change them. */ - if (new !=3D NULL) { - if (namelen > 0 && name[0] =3D=3D 0) - return (0); - + if (req->newptr !=3D NULL && (oid->oid_kind & CTLFLAG_ANYBODY) =3D=3D 0) { if (!mac_biba_subject_dominate_high(subj)) return (EACCES); =20 diff -upr /usr/src/sys/security/mac_lomac/mac_lomac.c src/sys/security/mac_= lomac/mac_lomac.c --- /usr/src/sys/security/mac_lomac/mac_lomac.c Thu Aug 21 20:07:52 2003 +++ src/sys/security/mac_lomac/mac_lomac.c Thu Oct 16 04:51:58 2003 @@ -2031,8 +2031,8 @@ mac_lomac_check_system_swapon(struct ucr } =20 static int -mac_lomac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, - void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) +mac_lomac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req) { struct mac_lomac *subj; =20 @@ -2042,16 +2042,10 @@ mac_lomac_check_system_sysctl(struct ucr subj =3D SLOT(&cred->cr_label); =20 /* - * In general, treat sysctl variables as lomac/high, but also - * require privilege to change them, since they are a - * communications channel between grades. Exempt MIB - * queries from this due to undocmented sysctl magic. - * XXXMAC: This probably requires some more review. + * Treat sysctl variables without CTLFLAG_ANYBODY flag as + * lomac/high, but also require privilege to change them. */ - if (new !=3D NULL) { - if (namelen > 0 && name[0] =3D=3D 0) - return (0); - + if (req->newptr !=3D NULL && (oid->oid_kind & CTLFLAG_ANYBODY) =3D=3D 0) { #ifdef notdef if (!mac_lomac_subject_dominate_high(subj)) return (EACCES); diff -upr /usr/src/sys/security/mac_stub/mac_stub.c src/sys/security/mac_st= ub/mac_stub.c --- /usr/src/sys/security/mac_stub/mac_stub.c Thu Aug 21 19:05:36 2003 +++ src/sys/security/mac_stub/mac_stub.c Thu Oct 16 04:42:42 2003 @@ -727,8 +727,8 @@ stub_check_system_swapoff(struct ucred * } =20 static int -stub_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, - void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) +stub_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req) { =20 return (0); diff -upr /usr/src/sys/security/mac_test/mac_test.c src/sys/security/mac_te= st/mac_test.c --- /usr/src/sys/security/mac_test/mac_test.c Tue Oct 14 21:16:35 2003 +++ src/sys/security/mac_test/mac_test.c Thu Oct 16 04:44:22 2003 @@ -1361,8 +1361,8 @@ mac_test_check_system_swapoff(struct ucr } =20 static int -mac_test_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, - void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) +mac_test_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req) { =20 ASSERT_CRED_LABEL(&cred->cr_label); diff -upr /usr/src/sys/sys/mac.h src/sys/sys/mac.h --- /usr/src/sys/sys/mac.h Tue Oct 14 21:16:40 2003 +++ src/sys/sys/mac.h Thu Oct 16 04:38:12 2003 @@ -270,9 +270,8 @@ int mac_check_system_reboot(struct ucred int mac_check_system_settime(struct ucred *cred); int mac_check_system_swapon(struct ucred *cred, struct vnode *vp); int mac_check_system_swapoff(struct ucred *cred, struct vnode *vp); -int mac_check_system_sysctl(struct ucred *cred, int *name, - u_int namelen, void *old, size_t *oldlenp, int inkernel, - void *new, size_t newlen); +int mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode); int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp); diff -upr /usr/src/sys/sys/mac_policy.h src/sys/sys/mac_policy.h --- /usr/src/sys/sys/mac_policy.h Tue Oct 14 21:16:40 2003 +++ src/sys/sys/mac_policy.h Thu Oct 16 04:36:02 2003 @@ -344,9 +344,9 @@ struct mac_policy_ops { struct vnode *vp, struct label *label); int (*mpo_check_system_swapoff)(struct ucred *cred, struct vnode *vp, struct label *label); - int (*mpo_check_system_sysctl)(struct ucred *cred, int *name, - u_int namelen, void *old, size_t *oldlenp, int inkernel, - void *new, size_t newlen); + int (*mpo_check_system_sysctl)(struct ucred *cred, + struct sysctl_oid *oidp, void *arg1, int arg2, + struct sysctl_req *req); int (*mpo_check_vnode_access)(struct ucred *cred, struct vnode *vp, struct label *label, int acc_mode); int (*mpo_check_vnode_chdir)(struct ucred *cred, --QdA8+0Hc+u1HcecE-- --EYAXRszTzQPG7bQS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBP45Kaj/PhmMH/Mf1AQGxtAP/ZUqBV0h2fdyIj2/IB1wuMMTNbRYG2kJ3 lhGsn4erjXIaswmtG97JoNeYaoKxatLTGLCQnSv1N9rR43iB/37cxTvtUaa80bUK RoxmRq8jksFiYc62ycsje7MyK9jK5/gI6lGSn7/2c7BZSnm8CM/PRjmEEOBf4ACN nGLD0rUMQBg= =I4wp -----END PGP SIGNATURE----- --EYAXRszTzQPG7bQS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031016073610.GY520>