Date: Sun, 15 Dec 2013 23:09:06 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r259434 - head/usr.bin/kdump Message-ID: <201312152309.rBFN96Z9032127@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Sun Dec 15 23:09:05 2013 New Revision: 259434 URL: http://svnweb.freebsd.org/changeset/base/259434 Log: Make use of Casper's system.pwd and system.grp services when the -r option is given to convert uids and gids to user names and group names even when running in capability mode sandbox. While here log on stderr when we successfully enter the sandbox. Sponsored by: The FreeBSD Foundation Modified: head/usr.bin/kdump/Makefile head/usr.bin/kdump/kdump.c Modified: head/usr.bin/kdump/Makefile ============================================================================== --- head/usr.bin/kdump/Makefile Sun Dec 15 23:05:19 2013 (r259433) +++ head/usr.bin/kdump/Makefile Sun Dec 15 23:09:05 2013 (r259434) @@ -12,6 +12,12 @@ SRCS= kdump_subr.c kdump.c ioctl.c subr DPSRCS= kdump_subr.h CFLAGS+= -I${.CURDIR}/../ktrace -I${.CURDIR} -I${.CURDIR}/../.. -I. +.if ${MK_CASPER} != "no" +DPADD+= ${LIBCAPSICUM} ${LIBNV} +LDADD+= -lcapsicum -lnv +CFLAGS+=-DHAVE_LIBCAPSICUM +.endif + .if ${MACHINE_ARCH} == "amd64" || ${MACHINE_ARCH} == "i386" SRCS+= linux_syscalls.c .endif Modified: head/usr.bin/kdump/kdump.c ============================================================================== --- head/usr.bin/kdump/kdump.c Sun Dec 15 23:05:19 2013 (r259433) +++ head/usr.bin/kdump/kdump.c Sun Dec 15 23:09:05 2013 (r259434) @@ -74,9 +74,18 @@ extern int errno; #include <err.h> #include <grp.h> #include <inttypes.h> +#ifdef HAVE_LIBCAPSICUM +#include <libcapsicum.h> +#include <libcapsicum_grp.h> +#include <libcapsicum_pwd.h> +#include <libcapsicum_service.h> +#endif #include <locale.h> #include <netdb.h> #include <nl_types.h> +#ifdef HAVE_LIBCAPSICUM +#include <nv.h> +#endif #include <pwd.h> #include <stdio.h> #include <stdlib.h> @@ -167,6 +176,10 @@ struct proc_info TAILQ_HEAD(trace_procs, proc_info) trace_procs; +#ifdef HAVE_LIBCAPSICUM +static cap_channel_t *cappwd, *capgrp; +#endif + static void strerror_init(void) { @@ -192,6 +205,64 @@ localtime_init(void) (void)localtime(<ime); } +#ifdef HAVE_LIBCAPSICUM +static int +cappwdgrp_setup(cap_channel_t **cappwdp, cap_channel_t **capgrpp) +{ + cap_channel_t *capcas, *cappwdloc, *capgrploc; + const char *cmds[1], *fields[1]; + + capcas = cap_init(); + if (capcas == NULL) { + warn("unable to contact casperd"); + return (NULL); + } + cappwdloc = cap_service_open(capcas, "system.pwd"); + capgrploc = cap_service_open(capcas, "system.grp"); + /* Casper capability no longer needed. */ + cap_close(capcas); + if (cappwdloc == NULL || capgrploc == NULL) { + if (cappwdloc == NULL) + warn("unable to open system.pwd service"); + if (capgrploc == NULL) + warn("unable to open system.grp service"); + goto fail; + } + /* Limit system.pwd to only getpwuid() function and pw_name field. */ + cmds[0] = "getpwuid"; + if (cap_pwd_limit_cmds(cappwdloc, cmds, 1) < 0) { + warn("unable to limit access to system.pwd service"); + goto fail; + } + fields[0] = "pw_name"; + if (cap_pwd_limit_fields(cappwdloc, fields, 1) < 0) { + warn("unable to limit access to system.pwd service"); + goto fail; + } + /* Limit system.grp to only getgrgid() function and gr_name field. */ + cmds[0] = "getgrgid"; + if (cap_grp_limit_cmds(capgrploc, cmds, 1) < 0) { + warn("unable to limit access to system.grp service"); + goto fail; + } + fields[0] = "gr_name"; + if (cap_grp_limit_fields(capgrploc, fields, 1) < 0) { + warn("unable to limit access to system.grp service"); + goto fail; + } + + *cappwdp = cappwdloc; + *capgrpp = capgrploc; + return (0); +fail: + if (capgrploc == NULL) + cap_close(cappwdloc); + if (capgrploc == NULL) + cap_close(capgrploc); + return (-1); +} +#endif /* HAVE_LIBCAPSICUM */ + int main(int argc, char *argv[]) { @@ -265,14 +336,28 @@ main(int argc, char *argv[]) strerror_init(); localtime_init(); - +#ifdef HAVE_LIBCAPSICUM + if (resolv != 0) { + if (cappwdgrp_setup(&cappwd, &capgrp) < 0) { + cappwd = NULL; + capgrp = NULL; + } + } + if (resolv == 0 || (cappwd != NULL && capgrp != NULL)) { + if (cap_enter() < 0 && errno != ENOSYS) + err(1, "unable to enter capability mode"); + } +#else if (resolv == 0) { if (cap_enter() < 0 && errno != ENOSYS) err(1, "unable to enter capability mode"); } +#endif limitfd(STDIN_FILENO); limitfd(STDOUT_FILENO); limitfd(STDERR_FILENO); + if (cap_sandboxed()) + fprintf(stderr, "capability mode sandbox enabled\n"); TAILQ_INIT(&trace_procs); drop_logged = 0; @@ -1664,11 +1749,31 @@ ktrstat(struct stat *statp) printf("mode=%s, ", mode); } printf("nlink=%ju, ", (uintmax_t)statp->st_nlink); - if (resolv == 0 || (pwd = getpwuid(statp->st_uid)) == NULL) + if (resolv == 0) { + pwd = NULL; + } else { +#ifdef HAVE_LIBCAPSICUM + if (cappwd != NULL) + pwd = cap_getpwuid(cappwd, statp->st_uid); + else +#endif + pwd = getpwuid(statp->st_uid); + } + if (pwd == NULL) printf("uid=%ju, ", (uintmax_t)statp->st_uid); else printf("uid=\"%s\", ", pwd->pw_name); - if (resolv == 0 || (grp = getgrgid(statp->st_gid)) == NULL) + if (resolv == 0) { + grp = NULL; + } else { +#ifdef HAVE_LIBCAPSICUM + if (capgrp != NULL) + grp = cap_getgrgid(capgrp, statp->st_gid); + else +#endif + grp = getgrgid(statp->st_gid); + } + if (grp == NULL) printf("gid=%ju, ", (uintmax_t)statp->st_gid); else printf("gid=\"%s\", ", grp->gr_name);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312152309.rBFN96Z9032127>