From owner-p4-projects Wed Mar 12 12: 1:42 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id AF63237B404; Wed, 12 Mar 2003 12:01:35 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47DEA37B401 for ; Wed, 12 Mar 2003 12:01:35 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4F0F43FD7 for ; Wed, 12 Mar 2003 12:01:32 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h2CK1W0U023160 for ; Wed, 12 Mar 2003 12:01:32 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h2CK1WRr023154 for perforce@freebsd.org; Wed, 12 Mar 2003 12:01:32 -0800 (PST) Date: Wed, 12 Mar 2003 12:01:32 -0800 (PST) Message-Id: <200303122001.h2CK1WRr023154@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 26783 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=26783 Change 26783 by rwatson@rwatson_paprika on 2003/03/12 12:00:32 Flush minor patches from my flight on Sunday: permit policies to prevent use of wait4() (and related calls) to monitor inappropriate processes. Many policies will want to avoid limiting wait4() due to possible zombie-related side effects, but some policies will require it. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_exit.c#29 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#376 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#32 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#228 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#182 edit .. //depot/projects/trustedbsd/mac/sys/sys/proc.h#38 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exit.c#29 (text+ko) ==== @@ -585,6 +585,10 @@ PROC_UNLOCK(p); continue; } + if (p_canwait(td, p)) { + PROC_UNLOCK(p); + continue; + } /* * This special case handles a kthread spawned by linux_clone ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#376 (text+ko) ==== @@ -2516,6 +2516,21 @@ } int +mac_check_proc_wait(struct ucred *cred, struct proc *proc) +{ + int error; + + PROC_LOCK_ASSERT(proc, MA_OWNED); + + if (!mac_enforce_process) + return (0); + + MAC_CHECK(check_proc_wait, cred, proc); + + return (error); +} + +int mac_check_socket_bind(struct ucred *ucred, struct socket *socket, struct sockaddr *sockaddr) { ==== //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#32 (text+ko) ==== @@ -1670,6 +1670,37 @@ return (0); } +/*- + * Determine whether td can wait for the exit of p. + * Returns: 0 for permitted, an errno value otherwise + * Locks: Sufficient locks to protect various components of td and p + * must be held. td must be curthread, and a lock must + * be held for p. + * References: td and p must be valid for the lifetime of the call + + */ +int +p_canwait(struct thread *td, struct proc *p) +{ + int error; + + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); + if ((error = prison_check(td->td_ucred, p->p_ucred))) + return (error); +#ifdef MAC + if ((error = mac_check_proc_wait(td->td_ucred, p))) + return (error); +#endif +#if 0 + /* XXXMAC: This could have odd effects on some shells. */ + if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) + return (error); +#endif + + return (0); +} + /* * Allocate a zeroed cred structure. */ ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#228 (text+ko) ==== @@ -256,6 +256,7 @@ int mac_check_proc_sched(struct ucred *cred, struct proc *proc); int mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum); +int mac_check_proc_wait(struct ucred *cred, struct proc *proc); int mac_check_socket_bind(struct ucred *cred, struct socket *so, struct sockaddr *sockaddr); int mac_check_socket_connect(struct ucred *cred, struct socket *so, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#182 (text+ko) ==== @@ -303,6 +303,8 @@ struct proc *proc); int (*mpo_check_proc_signal)(struct ucred *cred, struct proc *proc, int signum); + int (*mpo_check_proc_wait)(struct ucred *cred, + struct proc *proc); int (*mpo_check_socket_bind)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct sockaddr *sockaddr); ==== //depot/projects/trustedbsd/mac/sys/sys/proc.h#38 (text+ko) ==== @@ -868,6 +868,7 @@ int p_cansee(struct thread *td, struct proc *p); int p_cansched(struct thread *td, struct proc *p); int p_cansignal(struct thread *td, struct proc *p, int signum); +int p_canwait(struct thread *td, struct proc *p); struct pargs *pargs_alloc(int len); void pargs_drop(struct pargs *pa); void pargs_free(struct pargs *pa); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message