From owner-p4-projects@FreeBSD.ORG Tue Nov 25 08:11:47 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 5D93F16A4D0; Tue, 25 Nov 2003 08:11:47 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20ECF16A4CE for ; Tue, 25 Nov 2003 08:11:47 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B31443FB1 for ; Tue, 25 Nov 2003 08:11:45 -0800 (PST) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hAPGBjXJ007798 for ; Tue, 25 Nov 2003 08:11:45 -0800 (PST) (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hAPGBi2V007795 for perforce@freebsd.org; Tue, 25 Nov 2003 08:11:44 -0800 (PST) (envelope-from areisse@nailabs.com) Date: Tue, 25 Nov 2003 08:11:44 -0800 (PST) Message-Id: <200311251611.hAPGBi2V007795@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 43036 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2003 16:11:47 -0000 http://perforce.freebsd.org/chv.cgi?CH=43036 Change 43036 by areisse@areisse_ibook on 2003/11/25 08:11:44 chdir and exec permission checks execve handles script labels Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#4 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#33 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#8 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#7 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/vfs/vfs_syscalls.c#12 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#19 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#4 (text+ko) ==== @@ -212,8 +212,8 @@ char *ws_cache_name = NULL; /* used for pre-heat */ int cred_change = 0; #ifdef MAC - struct label execlabel; - struct label *execlabelp; + struct label execlabel, scriptlabel; + struct label *execlabelp, *scriptlabelp = NULL; int no_trans = 0; int will_transition = 0; #endif @@ -247,7 +247,7 @@ error = execargs_alloc(&execargs); if (error) - return(error); + goto free_execl; savedpath = execargs; @@ -267,7 +267,7 @@ error = copyinstr(uap->fname, savedpath, MAXPATHLEN, &savedpathlen); if (error) - return (error); + goto free_execl; /* * copyinstr will put in savedpathlen, the count of * characters (including NULL) in the path. @@ -319,6 +319,11 @@ *(&vattr) = *(&origvattr); again: +#ifdef MAC + error = mac_check_vnode_exec (p->p_ucred, vp, execlabelp); + if (error) + goto bad; +#endif error = check_exec_access(p, vp, &vattr); if (error) goto bad; @@ -415,6 +420,14 @@ /* Save the name aside for future use */ execargsp = (vm_offset_t *)((char *)(execargs) + savedpathlen); + /* Copy the script label for later use. Note that + the label can be different when the script is actually + read by the interpreter. */ +#ifdef MAC + scriptlabelp = &scriptlabel; + mac_init_vnode_label (&scriptlabel); + mac_copy_vnode_label (&vp->v_label, &scriptlabel); +#endif indir = 1; vput(vp); nd.ni_cnd.cn_nameiop = LOOKUP; @@ -602,7 +615,7 @@ /* Transitions */ #ifdef MAC - will_transition = mac_execve_will_transition (p->p_ucred, vp, NULL, + will_transition = mac_execve_will_transition (p->p_ucred, vp, scriptlabelp, execlabelp); cred_change |= will_transition; #endif @@ -645,7 +658,7 @@ #ifdef MAC if (will_transition && !no_trans) - mac_execve_transition (cred, p->p_ucred, vp, NULL, execlabelp); + mac_execve_transition (cred, p->p_ucred, vp, scriptlabelp, execlabelp); #endif crfree (cred); @@ -884,8 +897,14 @@ if (!error && vfexec) { vfork_return(current_act(), p->p_pptr, p, retval); (void) thread_resume(thr_act); - return(0); } +free_execl: +#ifdef MAC + if (execlabelp) + mac_destroy_cred_label (execlabelp); + if (scriptlabelp) + mac_destroy_vnode_label (scriptlabelp); +#endif return(error); } ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#33 (text+ko) ==== @@ -1095,7 +1095,7 @@ MAC_DEBUG_COUNTER_DEC(&nmacbpfdescs); } -static void +void mac_destroy_cred_label(struct label *label) { @@ -1593,7 +1593,7 @@ void mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, - struct label *interpvnodelabel, struct label *execl) + struct label *scriptvnodelabel, struct label *execl) { ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); @@ -1601,13 +1601,17 @@ if (!mac_enforce_process && !mac_enforce_fs) return; - MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, - interpvnodelabel, execl); + if (scriptvnodelabel) + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, + scriptvnodelabel, execl); + else + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, + NULL, execl); } int mac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *interpvnodelabel, struct label *execlabel) + struct label *scriptvnodelabel, struct label *execlabel) { int result; @@ -1617,8 +1621,12 @@ return (0); result = 0; - MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label, - interpvnodelabel, execlabel); + if (scriptvnodelabel) + MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label, + scriptvnodelabel, execlabel); + else + MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label, + NULL, execlabel); return (result); } @@ -1729,10 +1737,8 @@ } #endif -#if 0 int -mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct image_params *imgp) +mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct label *execl) { int error; @@ -1741,12 +1747,10 @@ if (!mac_enforce_process && !mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, imgp, - imgp->execlabel); + MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, execl); return (error); } -#endif #if 0 int ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#8 (text+ko) ==== @@ -107,7 +107,6 @@ struct devnode; struct ifnet; struct ifreq; -struct image_params; struct ipq; struct m_tag; struct mbuf; @@ -227,10 +226,10 @@ struct label *execlabel); void mac_execve_exit(struct image_params *imgp); void mac_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *interpvnodelabel, + struct vnode *vp, struct label *scriptvnodelabel, struct label *execlabel); int mac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *interpvnodelabel, struct label *execlabel); + struct label *scriptvnodelabel, struct label *execlabel); void mac_create_proc0(struct ucred *cred); void mac_create_proc1(struct ucred *cred); #if 0 @@ -294,7 +293,7 @@ acl_type_t type); #endif int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct image_params *imgp); + struct label *execlabel); #if 0 int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, acl_type_t type); ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#7 (text+ko) ==== @@ -395,12 +395,11 @@ struct componentname *cnp); int (*mpo_check_vnode_deleteextattr)(struct ucred *cred, struct vnode *vp, int attrnamespace, const char *name); + int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp, + struct label *label, struct label *execlabel); #if 0 int (*mpo_check_vnode_deleteacl)(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type); - int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp, - struct label *execlabel); int (*mpo_check_vnode_getacl)(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type); #endif ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/vfs/vfs_syscalls.c#12 (text+ko) ==== @@ -998,7 +998,13 @@ if (vp->v_type != VDIR) error = ENOTDIR; else + { +#ifdef MAC + error = mac_check_vnode_chdir (p->p_ucred, ndp->ni_vp); + if (0 == error) +#endif error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p); + } if (error) vput(vp); else ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#19 (text+ko) ==== @@ -1528,10 +1528,9 @@ } #endif -#ifdef HAS_IMAGE_PARAMS static int sebsd_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp, struct label *execlabel) + struct label *label, struct label *execlabel) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -1590,7 +1589,6 @@ return (0); } -#endif #ifdef HAS_ACLS static int @@ -2203,12 +2201,11 @@ .mpo_check_vnode_access = sebsd_check_vnode_access, .mpo_check_vnode_chdir = sebsd_check_vnode_chdir, .mpo_check_vnode_chroot = sebsd_check_vnode_chroot, - //.mpo_check_vnode_create = sebsd_check_vnode_create, + .mpo_check_vnode_create = sebsd_check_vnode_create, .mpo_check_vnode_delete = sebsd_check_vnode_delete, + .mpo_check_vnode_exec = sebsd_check_vnode_exec, #ifdef EXTATTR - .mpo_check_vnode_exec = sebsd_check_vnode_exec, - .mpo_check_vnode_getextattr = sebsd_check_vnode_getextattr, .mpo_check_vnode_listextattr = NOT_IMPLEMENTED, .mpo_check_vnode_deleteextattr = NOT_IMPLEMENTED,