Date: Fri, 24 May 2019 19:43:38 +0000 (UTC) From: "Simon J. Gerraty" <sjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r348249 - in head/stand: . ficl libsa Message-ID: <201905241943.x4OJhcWP082851@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sjg Date: Fri May 24 19:43:38 2019 New Revision: 348249 URL: https://svnweb.freebsd.org/changeset/base/348249 Log: ficl pfopen: verify file If the file is verified - do not allow write otherwise do not allow read. Add O_ACCMODE to stand.h Reviewed by: stevek, mindal_semihalf.com MFC after: 3 days Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D20387 Modified: head/stand/ficl.mk head/stand/ficl/loader.c head/stand/libsa/stand.h Modified: head/stand/ficl.mk ============================================================================== --- head/stand/ficl.mk Fri May 24 18:41:31 2019 (r348248) +++ head/stand/ficl.mk Fri May 24 19:43:38 2019 (r348249) @@ -16,3 +16,7 @@ CFLAGS+= -fPIC CFLAGS+= -I${FICLSRC} -I${FICLSRC}/${FICL_CPUARCH} -I${LDRSRC} CFLAGS+= -DBF_DICTSIZE=15000 + +.if ${MK_LOADER_VERIEXEC} != "no" +CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libsecureboot/h +.endif Modified: head/stand/ficl/loader.c ============================================================================== --- head/stand/ficl/loader.c Fri May 24 18:41:31 2019 (r348248) +++ head/stand/ficl/loader.c Fri May 24 19:43:38 2019 (r348249) @@ -502,6 +502,23 @@ static void pfopen(FICL_VM *pVM) /* open the file */ fd = open(name, mode); +#ifdef LOADER_VERIEXEC + if (fd >= 0) { + if (verify_file(fd, name, 0, VE_GUESS) < 0) { + /* not verified writing ok but reading is not */ + if ((mode & O_ACCMODE) != O_WRONLY) { + close(fd); + fd = -1; + } + } else { + /* verified reading ok but writing is not */ + if ((mode & O_ACCMODE) != O_RDONLY) { + close(fd); + fd = -1; + } + } + } +#endif free(name); stackPushINT(pVM->pStack, fd); return; Modified: head/stand/libsa/stand.h ============================================================================== --- head/stand/libsa/stand.h Fri May 24 18:41:31 2019 (r348248) +++ head/stand/libsa/stand.h Fri May 24 19:43:38 2019 (r348249) @@ -286,6 +286,7 @@ extern int open(const char *, int); #define O_RDONLY 0x0 #define O_WRONLY 0x1 #define O_RDWR 0x2 +#define O_ACCMODE 0x3 /* NOT IMPLEMENTED */ #define O_CREAT 0x0200 /* create if nonexistent */ #define O_TRUNC 0x0400 /* truncate to zero length */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905241943.x4OJhcWP082851>