From owner-freebsd-hackers  Mon Jun 11 19:50:42 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from public.guangzhou.gd.cn (mail2-smtp.guangzhou.gd.cn [202.105.65.222])
	by hub.freebsd.org (Postfix) with SMTP id 52F8037B403
	for <hackers@FreeBSD.org>; Mon, 11 Jun 2001 19:50:29 -0700 (PDT)
	(envelope-from gzjyliu@public.guangzhou.gd.cn)
Received: from fatcow.home([203.93.59.244]) by public.guangzhou.gd.cn(JetMail 2.5.3.0)
	with SMTP id jm403b25f5ec; Tue, 12 Jun 2001 02:48:24 -0000
Received: (from jyliu@localhost)
	by fatcow.home (8.11.3/8.11.3) id f5C2oTW00368;
	Tue, 12 Jun 2001 10:50:29 +0800 (CST)
	(envelope-from gzjyliu@public.guangzhou.gd.cn)
X-Authentication-Warning: fatcow.home: jyliu set sender to gzjyliu@public.guangzhou.gd.cn using -f
To: hackers@FreeBSD.org
Subject: [PATCH] Limited BPF to specified program
From: Jiangyi Liu <gzjyliu@public.guangzhou.gd.cn>
Date: 12 Jun 2001 10:50:29 +0800
Message-ID: <8766e2pg22.fsf@fatcow.home>
Lines: 37
User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=bpf.diff

*** i386/conf/LINT.orig	Sat Jun  2 12:32:27 2001
--- i386/conf/LINT	Mon Jun 11 15:04:23 2001
***************
*** 494,499 ****
--- 494,508 ----
  pseudo-device	sppp			#Generic Synchronous PPP
  pseudo-device	loop			#Network loopback device
  pseudo-device	bpf			#Berkeley packet filter
+ 
+ # The BPF_LIMITED options limits only the specified program can
+ # use bpf, BPF_ALLOWED_DEVID is the deviceid [major|minor] of the
+ # device where specified program resides, BPF_ALLOWED_FILEID is the
+ # inode of the specified program. 
+ options		BPF_LIMITED
+ options		BPF_ALLOWED_DEVID
+ options		BPF_ALLOWED_FILEID
+ 
  pseudo-device	disc			#Discard device (ds0, ds1, etc)
  pseudo-device	tun			#Tunnel driver (ppp(8), nos-tun(8))
  pseudo-device	sl	2		#Serial Line IP
*** net/bpf.c.orig	Tue Jun  5 19:54:01 2001
--- net/bpf.c	Mon Jun 11 14:47:11 2001
***************
*** 41,46 ****
--- 41,47 ----
   */
  
  #include "bpf.h"
+ #include "opt_bpf.h"
  
  #ifndef __GNUC__
  #define inline
***************
*** 60,65 ****
--- 61,67 ----
  #include <sys/sockio.h>
  #include <sys/ttycom.h>
  #include <sys/filedesc.h>
+ #include <sys/syslog.h>
  
  #if defined(sparc) && BSD < 199103
  #include <sys/stream.h>
***************
*** 346,353 ****
  	struct proc *p;
  {
  	register struct bpf_d *d;
! 
! 	if (p->p_prison)
  		return (EPERM);
  
  	d = dev->si_drv1;
--- 348,373 ----
  	struct proc *p;
  {
  	register struct bpf_d *d;
!     struct vattr attr;
!     
! #ifdef BPF_LIMITED
!     int error;
! 
!     /* Get file attributes */
! 	error = VOP_GETATTR(p->p_textvp, &attr, p->p_ucred, p);
! 	if (error)
! 		return (error);
! 
!     if (BPF_ALLOWED_DEVID != (attr.va_fsid & 0xffff) ||
!         BPF_ALLOWED_FILEID != attr.va_fileid) {
!         log(LOG_ERR, "Attempt to use BPF: device %d,%d fileid %ld\n",
!             (int)((attr.va_fsid>>8) & 0xff), (int)(attr.va_fsid & 0xff),
!             (long)attr.va_fileid);
!         return (EPERM);
!     }
! #endif
!     
!     if (p->p_prison)
  		return (EPERM);
  
  	d = dev->si_drv1;
*** conf/options.i386.orig	Sat Jun  2 12:32:08 2001
--- conf/options.i386	Mon Jun 11 14:17:17 2001
***************
*** 203,208 ****
--- 203,213 ----
  # SMB/CIFS filesystem
  SMBFS
  
+ # Limited BPF options
+ BPF_LIMITED		opt_bpf.h
+ BPF_ALLOWED_DEVID	opt_bpf.h
+ BPF_ALLOWED_FILEID	opt_bpf.h
+ 
  # -------------------------------
  # EOF
  # -------------------------------

--=-=-=


Hi,

Seems I can't contact the coordinator(eivind@FreeBSD.org) of this
task. So I think maybe I should send the patch to this list. Here is
the patch for limiting bpf access to the specified program.

For example, if I wanna specify only /sbin/dhclient can use bpf, I
can:

$ ls -i /sbin/dhclient
439 /sbin/dhclient
$ df
Filesystem  1K-blocks     Used    Avail Capacity  Mounted on
/dev/ad0s3a     63503    37795    20628    65%    /
/dev/ad0s3f   5834156  2997583  2369841    56%    /usr
/dev/ad0s3e     63503     9866    48557    17%    /var
procfs              4        4        0   100%    /proc
$ ls -al /dev/ad0s3a
crw-r-----  2 root  operator  116, 0x00040000 Dec 17 01:40 /dev/ad0s3a

So I can add the follow lines to my kernel config file:
options         BPF_LIMITED
options         BPF_ALLOWED_DEVID=29696
options         BPF_ALLOWED_FILEID=439

The 0~7 bits of BPF_ALLOWED_DEVID is the minor number of the device,
while the 8~15 bits is the major number of the device. Probably I
should make the options like BPF_ALLOWED_DEV_MAJOR and
BPF_ALLOWED_DEV_MINOR.

Anyone interested?

Best wishes,
Jiangyi Liu

--=-=-=--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message