Date: Tue, 13 Jan 2009 21:59:52 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 156116 for review Message-ID: <200901132159.n0DLxqoa015400@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=156116 Change 156116 by rwatson@rwatson_freebsd_capabilities on 2009/01/13 21:59:41 Add CAP_SOCK_ALL, a mask of all capabilities that may be used with sockets, and use it when a socket gets used by the NFS server. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/nfsserver/nfs_srvkrpc.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/sys/nfsserver/nfs_syscalls.c#6 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#18 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/nfsserver/nfs_srvkrpc.c#2 (text+ko) ==== @@ -39,6 +39,7 @@ #include "opt_kgssapi.h" #include <sys/param.h> +#include <sys/capability.h> #include <sys/systm.h> #include <sys/sysproto.h> #include <sys/kernel.h> @@ -187,7 +188,8 @@ sizeof(addsockarg)); if (error) return (error); - if ((error = fget(td, addsockarg.sock, &fp)) != 0) + if ((error = fget(td, addsockarg.sock, CAP_SOCK_ALL, &fp)) + != 0) return (error); if (fp->f_type != DTYPE_SOCKET) { fdrop(fp, td); ==== //depot/projects/trustedbsd/capabilities/src/sys/nfsserver/nfs_syscalls.c#6 (text+ko) ==== @@ -152,12 +152,7 @@ error = copyin(uap->argp, (caddr_t)&nfsdarg, sizeof(nfsdarg)); if (error) return (error); - /* - * XXXRW: Really want CAP_SOCK_ALL? - */ - if ((error = fget(td, nfsdarg.sock, CAP_READ | CAP_WRITE | - CAP_GETSOCKNAME | CAP_BIND | CAP_CONNECT | CAP_EVENT, - &fp)) != 0) + if ((error = fget(td, nfsdarg.sock, CAP_SOCK_ALL, &fp)) != 0) return (error); if (fp->f_type != DTYPE_SOCKET) { fdrop(fp, td); ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#18 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2008 Robert N. M. Watson + * Copyright (c) 2008-2009 Robert N. M. Watson * All rights reserved. * * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#17 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#18 $ */ /* @@ -116,6 +116,18 @@ * Socket checks don't generally pass CAP_SEEK but perhaps should? */ +/* + * A mask of multiple capabilities useful for situation where a socket will + * be used in a general-purpose way by the kernel, such as a socket used by + * the NFS server. + */ +#define CAP_SOCK_ALL (CAP_READ | CAP_WRITE | CAP_SEEK | CAP_GETPEERNAME | \ + CAP_GETSOCKNAME | CAP_IOCTL | CAP_FSTAT | \ + CAP_FCNTL | CAP_EVENT | CAP_ACCEPT | \ + CAP_CONNECT | CAP_BIND | CAP_GETSOCKOPT | \ + CAP_SETSOCKOPT | CAP_LISTEN | CAP_SHUTDOWN | \ + CAP_PEELOFF) + #ifdef _KERNEL struct file;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901132159.n0DLxqoa015400>