From owner-freebsd-bugs Sat Sep 5 11:40:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA29460 for freebsd-bugs-outgoing; Sat, 5 Sep 1998 11:40:11 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA29453 for ; Sat, 5 Sep 1998 11:40:08 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id LAA18462; Sat, 5 Sep 1998 11:40:01 -0700 (PDT) Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA28873 for ; Sat, 5 Sep 1998 11:34:20 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: (from robert@localhost) by fledge.watson.org (8.8.8/8.8.8) id OAA02133; Sat, 5 Sep 1998 14:33:08 -0400 (EDT) Message-Id: <199809051833.OAA02133@fledge.watson.org> Date: Sat, 5 Sep 1998 14:33:08 -0400 (EDT) From: robert@fledge.watson.org Reply-To: robert+freebsd@cyrus.watson.org To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: kern/7837: patches to add a p_auth extension pointer to the proc structure Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 7837 >Category: kern >Synopsis: patches to add a p_auth extension pointer to the proc structure >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Sep 5 11:40:01 PDT 1998 >Last-Modified: >Originator: Robert Watson >Organization: >Release: FreeBSD 3.0-CURRENT >Environment: 3.0-CURRENT >Description: This patch adds an extra pointer to the proc structure (p_authext). This pointer is zero'd for each new process at creation time. The intent of this patch is to allow lkm's and kernel modifications to hook additional authenticatoin and authorization data into the proc structure as needed. Example uses include: FreeBSD Kernel Tokens (http://www.freebsd.org/fbsd-hardening/tokens/) POSIX Capabilities (http://www.computer.org/) Sandboxing support process auditing information The authext information would most likely be set in an at_fork() lkm hook, or by hooking the exec code. >How-To-Repeat: >Fix: Patch: diff -ur /usr/src/sys/kern/init_main.c sys/kern/init_main.c --- /usr/src/sys/kern/init_main.c Thu Jun 25 08:31:39 1998 +++ sys/kern/init_main.c Fri Jul 3 15:01:37 1998 @@ -355,6 +355,8 @@ p->p_ucred = crget(); p->p_ucred->cr_ngroups = 1; /* group 0 */ + p->p_authext = 0; + /* Create the file descriptor table. */ fdp = &filedesc0; p->p_fd = &fdp->fd_fd; diff -ur /usr/src/sys/sys/proc.h sys/sys/proc.h --- /usr/src/sys/sys/proc.h Thu Jun 25 08:32:19 1998 +++ sys/sys/proc.h Fri Jul 3 15:17:55 1998 @@ -121,6 +121,7 @@ pid_t p_oppid; /* Save parent pid during ptrace. XXX */ int p_dupfd; /* Sideways return value from fdopen. XXX */ + void *p_authext; /* authentication extensions */ struct vmspace *p_vmspace; /* Address space. */ >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message