From owner-freebsd-hackers@FreeBSD.ORG  Tue Dec 28 13:40:07 2010
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C0BF71065670
	for <freebsd-hackers@freebsd.org>; Tue, 28 Dec 2010 13:40:07 +0000 (UTC)
	(envelope-from gleb.kurtsou@gmail.com)
Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com
	[209.85.215.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 418F28FC0C
	for <freebsd-hackers@freebsd.org>; Tue, 28 Dec 2010 13:40:06 +0000 (UTC)
Received: by eyf6 with SMTP id 6so4405883eyf.13
	for <freebsd-hackers@freebsd.org>; Tue, 28 Dec 2010 05:40:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:date:from:to:cc:subject
	:message-id:references:mime-version:content-type:content-disposition
	:content-transfer-encoding:in-reply-to:user-agent;
	bh=SPUeCzW7+SENpEVV9Dq09JXchLVbTA6KoFujIllhqzo=;
	b=OuMpVA11gZsdKBWdGZ9W6droz6qb95owTwuMFyuoJsTwVDtcYmPTLebmk0/u0M9yJH
	7M3tZ/ctGwPF294htV6+NKYMUTEuP1UqOfmnQ7bbAwMWUJFjkF3wwKqhZISLCc+kvTO2
	P8n7DmpPMwgdX+mdtPUCTABYE/W10FxCxQ/QU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:content-transfer-encoding
	:in-reply-to:user-agent;
	b=u8cFuiZw2BfsTQ9qFuQxLs0gXE68z01hk0wrn8vHFJziEg/Ji8TlZ8ozI7/shY2lNA
	3QzKrY4yTja+u4eNPt/0NFYRJSszfLIQMSTj8tPyIlhbbl/EmHI1LTYM1IOanPFN9p2j
	xp/og9yAob97KBMSX4gkA/wlxRSXCzCkUDpWU=
Received: by 10.14.119.1 with SMTP id m1mr7881250eeh.28.1293543606082;
	Tue, 28 Dec 2010 05:40:06 -0800 (PST)
Received: from localhost ([212.98.186.134])
	by mx.google.com with ESMTPS id t5sm9717291eeh.20.2010.12.28.05.40.05
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Tue, 28 Dec 2010 05:40:05 -0800 (PST)
Date: Tue, 28 Dec 2010 15:39:29 +0200
From: Gleb Kurtsou <gleb.kurtsou@gmail.com>
To: Jakub =?utf-8?Q?Szafra=C5=84ski?= <s@samu.pl>
Message-ID: <20101228133928.GA3986@tops>
References: <610581cbf67aec26205e429adc2c42b1@samu.pl>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <610581cbf67aec26205e429adc2c42b1@samu.pl>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-hackers@freebsd.org
Subject: Re: Getting full binary path in MAC Framework
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Dec 2010 13:40:07 -0000

On (28/12/2010 14:03), Jakub Szafrański wrote:
> Hi,
> At first sory for my bad english and for my behaviour - english is not my
> native language, and I am new to mail lists.
> 
> I'm trying to get the *FULL* path to a binary launched by the user, so
> that I could use it later. I've managed to get just the binary name, OR get
> the binary name from /proc, but I'd like it to be better (and don't require
> /proc).
Due to VFS design there is no reliable way of getting full path to
vnode. In some cases getting full path is impossible, e.g. file may be
deleted but still open.

It looks like you are working on a security policy to verify executable
before running it, I'd suggest you attach signature to executable itself
or use extended attributes. Among other issues path-based security
solutions are inherently race-prone and thus generally not as secure as
advertised.

> 
> This is what I've already written:
> 
> #include <sys/types.h>
> #include <sys/param.h>
> #include <sys/extattr.h>
> #include <sys/kernel.h>
> #include <sys/mount.h>
> #include <sys/systm.h>
> #include <sys/sysctl.h>
> #include <sys/sysproto.h>
> #include <sys/syslog.h>
> #include <sys/imgact.h>
> #include <sys/proc.h>
> 
> #include <security/mac/mac_policy.h>
> 
> 
> SYSCTL_DECL(_security_mac);
> 
> SYSCTL_NODE(_security_mac, OID_AUTO, veriexec, CTLFLAG_RW, 0,
> "MAC veriexec implementation");
> 
> 
> static int veriexec_enabled = 0;
> SYSCTL_INT(_security_mac_veriexec, OID_AUTO, enabled, CTLFLAG_RW,
> &veriexec_enabled, 0, "Enforce mac_veriexec policy");
> 
> static int veriexec_level = 0;
> SYSCTL_INT(_security_mac_veriexec, OID_AUTO, level, CTLFLAG_RW,
> &veriexec_level, 0, "Veriexec security level");
> 
> static int veriexec_vnode_check_exec(struct ucred *cred, struct vnode *vp,
> struct label *vplabel, struct image_params *imgp,
> struct label *execlabel)
> {
> if (veriexec_enabled) {
> if (cred && imgp && imgp->execpath) {
> log(LOG_NOTICE, "UID %d launched PID %d, veriexec_level: %d %s\n",
> cred->cr_uid, imgp->proc->p_pid, veriexec_level, imgp->execpath);
> }
> }
> return 0;
> }
> 
> static struct mac_policy_ops veriexec_ops =
> {
> .mpo_vnode_check_exec = veriexec_vnode_check_exec,
> };
> 
> MAC_POLICY_SET(&veriexec_ops, mac_veriexec, "MAC veriexec implementation",
> MPC_LOADTIME_FLAG_UNLOADOK, NULL);
> 
> I'll be glad for any help
> 
> Jakub 'samu' Szafrański
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"