Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Feb 2011 18:59:13 GMT
From:      Edward Tomasz Napierala <trasz@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 188463 for review
Message-ID:  <201102021859.p12IxDhI007746@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://p4web.freebsd.org/@@188463?ac=10

Change 188463 by trasz@trasz_victim on 2011/02/02 18:58:19

	Properly guard RCTL syscalls with privileges.

Affected files ...

.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#27 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/priv.h#14 edit

Differences ...

==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#27 (text+ko) ====

@@ -1213,6 +1213,10 @@
 	struct loginclass *lc;
 	struct prison *pr;
 
+	error = priv_check(td, PRIV_RCTL_GET_USAGE);
+	if (error != 0)
+		return (error);
+
 	error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
 	if (error != 0)
 		return (error);
@@ -1304,6 +1308,10 @@
 	struct rctl_rule_link *link;
 	struct proc *p;
 
+	error = priv_check(td, PRIV_RCTL_GET_RULES);
+	if (error != 0)
+		return (error);
+
 	error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
 	if (error != 0)
 		return (error);
@@ -1373,6 +1381,10 @@
 	struct rctl_rule *filter;
 	struct rctl_rule_link *link;
 
+	error = priv_check(td, PRIV_RCTL_GET_LIMITS);
+	if (error != 0)
+		return (error);
+
 	error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
 	if (error != 0)
 		return (error);
@@ -1439,7 +1451,7 @@
 	struct rctl_rule *rule;
 	char *inputstr;
 
-	error = priv_check(td, PRIV_RCTL_SET);
+	error = priv_check(td, PRIV_RCTL_ADD_RULE);
 	if (error != 0)
 		return (error);
 
@@ -1481,7 +1493,7 @@
 	struct rctl_rule *filter;
 	char *inputstr;
 
-	error = priv_check(td, PRIV_RCTL_SET);
+	error = priv_check(td, PRIV_RCTL_REMOVE_RULE);
 	if (error != 0)
 		return (error);
 

==== //depot/projects/soc2009/trasz_limits/sys/sys/priv.h#14 (text+ko) ====

@@ -486,13 +486,16 @@
 /*
  * Resource Limits privileges.
  */
-#define	PRIV_RCTL_SET		670
-#define	PRIV_RCTL_GET		671
+#define	PRIV_RCTL_GET_RULES	670
+#define	PRIV_RCTL_ADD_RULE	671
+#define	PRIV_RCTL_REMOVE_RULE	672
+#define	PRIV_RCTL_GET_USAGE	673
+#define	PRIV_RCTL_GET_LIMITS	674
 
 /*
  * Track end of privilege list.
  */
-#define	_PRIV_HIGHEST		672
+#define	_PRIV_HIGHEST		674
 
 /*
  * Validate that a named privilege is known by the privilege system.  Invalid

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102021859.p12IxDhI007746>