From owner-freebsd-bugs@FreeBSD.ORG Thu Feb 19 16:40:23 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0A4E16A4D4 for ; Thu, 19 Feb 2004 16:40:23 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94B4843D1F for ; Thu, 19 Feb 2004 16:40:23 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i1K0eNbv090734 for ; Thu, 19 Feb 2004 16:40:23 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i1K0eNKf090733; Thu, 19 Feb 2004 16:40:23 -0800 (PST) (envelope-from gnats) Resent-Date: Thu, 19 Feb 2004 16:40:23 -0800 (PST) Resent-Message-Id: <200402200040.i1K0eNKf090733@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Christian S.J.Peron" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F0C216A4CE for ; Thu, 19 Feb 2004 16:36:55 -0800 (PST) Received: from staff.seccuris.com (staff.seccuris.com [204.112.0.40]) by mx1.FreeBSD.org (Postfix) with SMTP id C113743D1D for ; Thu, 19 Feb 2004 16:36:54 -0800 (PST) (envelope-from maneo@staff.seccuris.com) Received: (qmail 78057 invoked by uid 1006); 20 Feb 2004 00:36:53 -0000 Message-Id: <20040220003653.78056.qmail@staff.seccuris.com> Date: 20 Feb 2004 00:36:53 -0000 From: "Christian S.J.Peron" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: trustedbsd-discuss@watson.org Subject: kern/63096: [patch] MAC entry point for route manipulation X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Christian S.J.Peron" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2004 00:40:24 -0000 >Number: 63096 >Category: kern >Synopsis: [patch] MAC entry point for route manipulation >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Feb 19 16:40:23 PST 2004 >Closed-Date: >Last-Modified: >Originator: Christian S.J. Peron >Release: FreeBSD 5.2-CURRENT i386 >Organization: >Environment: System: FreeBSD 5.2-CURRENT FreeBSD 5.2-CURRENT #11: Thu Feb 19 05:26:09 GMT 2004 cperon@:/usr/src/sys/i386/compile/ROUTER i386 >Description: Currently there is no way to restrict routing table manipulation from userspace using the MAC framework. I think it would be beneficial to have this functionality I have tested this is a static environment, meaning the routes on this box did not change on a regular basis. The following patch(s) define a hook which is invoked by rt_output() in rtsock.c for the MAC framework. How-To-Repeat: N/A >How-To-Repeat: >Fix: --- sys/sys/mac.h.bak Thu Feb 19 03:44:47 2004 +++ sys/sys/mac.h Thu Feb 19 03:44:02 2004 @@ -278,6 +278,7 @@ int mac_check_system_acct(struct ucred *cred, struct vnode *vp); int mac_check_system_nfsd(struct ucred *cred); int mac_check_system_reboot(struct ucred *cred, int howto); +int mac_check_system_route_alter(struct ucred *cred); int mac_check_system_settime(struct ucred *cred); int mac_check_system_swapon(struct ucred *cred, struct vnode *vp); int mac_check_system_swapoff(struct ucred *cred, struct vnode *vp); --- sys/sys/mac_policy.h.bak Thu Feb 19 03:45:32 2004 +++ sys/sys/mac_policy.h Thu Feb 19 16:35:12 2004 @@ -356,6 +356,7 @@ struct vnode *vp, struct label *vlabel); int (*mpo_check_system_nfsd)(struct ucred *cred); int (*mpo_check_system_reboot)(struct ucred *cred, int howto); + int (*mpo_check_system_route_alter)(struct ucred *cred); int (*mpo_check_system_settime)(struct ucred *cred); int (*mpo_check_system_swapon)(struct ucred *cred, struct vnode *vp, struct label *label); --- sys/security/mac/mac_system.c.bak Thu Feb 19 01:17:26 2004 +++ sys/security/mac/mac_system.c Thu Feb 19 16:31:13 2004 @@ -152,6 +152,19 @@ } int +mac_check_system_route_alter(struct ucred *cred) +{ + int error; + + if (!mac_enforce_system) + return (0); + + MAC_CHECK(check_system_route_alter, cred); + + return(error); +} + +int mac_check_sysarch_ioperm(struct ucred *cred) { int error; --- sys/net/rtsock.c.orig Thu Nov 20 20:07:37 2003 +++ sys/net/rtsock.c Thu Feb 19 16:33:10 2004 @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include @@ -52,6 +53,8 @@ #include #include +#include "opt_mac.h" + MALLOC_DEFINE(M_RTABLE, "routetbl", "routing tables"); /* NB: these are not modified */ @@ -343,6 +346,12 @@ */ if (rtm->rtm_type != RTM_GET && (error = suser(curthread)) != 0) senderr(error); + +#ifdef MAC + error = mac_check_system_route_alter(curthread->td_ucred); + if (error) + return(error); +#endif switch (rtm->rtm_type) { struct rtentry *saved_nrt; >Release-Note: >Audit-Trail: >Unformatted: