Date: Tue, 1 Mar 2011 13:35:48 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r219134 - in head/sys: amd64/amd64 arm/arm i386/i386 Message-ID: <201103011335.p21DZmJ7028579@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Tue Mar 1 13:35:48 2011 New Revision: 219134 URL: http://svn.freebsd.org/changeset/base/219134 Log: Continue to introduce Capsicum capability mode: White list sysarch calls allowed in capability mode; arguably, there should be some link between the capability mode model and the privilege model here. Sysarch is a morass similar to ioctl, in many senses. Submitted by: anderson Discussed with: benl, kris, pjd Sponsored by: Google, Inc. Obtained from: Capsicum Project MFC after: 3 months Modified: head/sys/amd64/amd64/sys_machdep.c head/sys/arm/arm/sys_machdep.c head/sys/i386/i386/sys_machdep.c Modified: head/sys/amd64/amd64/sys_machdep.c ============================================================================== --- head/sys/amd64/amd64/sys_machdep.c Tue Mar 1 13:32:07 2011 (r219133) +++ head/sys/amd64/amd64/sys_machdep.c Tue Mar 1 13:35:48 2011 (r219134) @@ -33,8 +33,11 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include "opt_capabilities.h" + #include <sys/param.h> #include <sys/systm.h> +#include <sys/capability.h> #include <sys/kernel.h> #include <sys/lock.h> #include <sys/malloc.h> @@ -177,6 +180,32 @@ sysarch(td, uap) uint64_t a64base; struct i386_ioperm_args iargs; +#ifdef CAPABILITIES + /* + * Whitelist of operations which are safe enough for capability mode. + */ + if (IN_CAPABILITY_MODE(td)) { + switch (uap->op) { + case I386_GET_LDT: + case I386_SET_LDT: + case I386_GET_IOPERM: + case I386_GET_FSBASE: + case I386_SET_FSBASE: + case I386_GET_GSBASE: + case I386_SET_GSBASE: + case AMD64_GET_FSBASE: + case AMD64_SET_FSBASE: + case AMD64_GET_GSBASE: + case AMD64_SET_GSBASE: + break; + + case I386_SET_IOPERM: + default: + return (ECAPMODE); + } + } +#endif + if (uap->op == I386_GET_LDT || uap->op == I386_SET_LDT) return (sysarch_ldt(td, uap, UIO_USERSPACE)); /* Modified: head/sys/arm/arm/sys_machdep.c ============================================================================== --- head/sys/arm/arm/sys_machdep.c Tue Mar 1 13:32:07 2011 (r219133) +++ head/sys/arm/arm/sys_machdep.c Tue Mar 1 13:35:48 2011 (r219134) @@ -36,8 +36,11 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include "opt_capabilities.h" + #include <sys/param.h> #include <sys/systm.h> +#include <sys/capability.h> #include <sys/proc.h> #include <sys/sysproto.h> #include <sys/syscall.h> @@ -104,6 +107,24 @@ sysarch(td, uap) { int error; +#ifdef CAPABILITIES + /* + * Whitelist of operations which are safe enough for capability mode. + */ + if (IN_CAPABILITY_MODE(td)) { + switch (uap->op) { + case ARM_SYNC_ICACHE: + case ARM_DRAIN_WRITEBUF: + case ARM_SET_TP: + case ARM_GET_TP: + break; + + default: + return (ECAPMODE); + } + } +#endif + switch (uap->op) { case ARM_SYNC_ICACHE : error = arm32_sync_icache(td, uap->parms); Modified: head/sys/i386/i386/sys_machdep.c ============================================================================== --- head/sys/i386/i386/sys_machdep.c Tue Mar 1 13:32:07 2011 (r219133) +++ head/sys/i386/i386/sys_machdep.c Tue Mar 1 13:35:48 2011 (r219134) @@ -32,9 +32,11 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include "opt_capabilities.h" #include "opt_kstack_pages.h" #include <sys/param.h> +#include <sys/capability.h> #include <sys/systm.h> #include <sys/lock.h> #include <sys/malloc.h> @@ -108,6 +110,29 @@ sysarch(td, uap) struct segment_descriptor sd, *sdp; AUDIT_ARG_CMD(uap->op); + +#ifdef CAPABILITIES + /* + * Whitelist of operations which are safe enough for capability mode. + */ + if (IN_CAPABILITY_MODE(td)) { + switch (uap->op) { + case I386_GET_LDT: + case I386_SET_LDT: + case I386_GET_IOPERM: + case I386_GET_FSBASE: + case I386_SET_FSBASE: + case I386_GET_GSBASE: + case I386_SET_GSBASE: + break; + + case I386_SET_IOPERM: + default: + return (ECAPMODE); + } + } +#endif + switch (uap->op) { case I386_GET_IOPERM: case I386_SET_IOPERM:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103011335.p21DZmJ7028579>