Date: Thu, 31 May 2007 14:05:56 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 120663 for review Message-ID: <200705311405.l4VE5uR5002193@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=120663 Change 120663 by rwatson@rwatson_zoo on 2007/05/31 14:05:34 Start process of removing SUSER_ALLOWJAIL flag. Affected files ... .. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#14 edit .. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#5 edit .. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#6 edit .. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#7 edit .. //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_vnops.c#9 edit .. //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vnops.c#9 edit .. //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#10 edit .. //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vnops.c#6 edit .. //depot/projects/trustedbsd/priv/sys/kern/kern_exec.c#8 edit .. //depot/projects/trustedbsd/priv/sys/kern/kern_fork.c#10 edit .. //depot/projects/trustedbsd/priv/sys/kern/kern_ktrace.c#9 edit .. //depot/projects/trustedbsd/priv/sys/kern/kern_prot.c#8 edit .. //depot/projects/trustedbsd/priv/sys/kern/kern_resource.c#12 edit .. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#7 edit .. //depot/projects/trustedbsd/priv/sys/kern/subr_acl_posix1e.c#4 edit .. //depot/projects/trustedbsd/priv/sys/kern/sysv_ipc.c#6 edit .. //depot/projects/trustedbsd/priv/sys/kern/sysv_msg.c#10 edit .. //depot/projects/trustedbsd/priv/sys/kern/uipc_mqueue.c#12 edit .. //depot/projects/trustedbsd/priv/sys/kern/vfs_mount.c#14 edit .. //depot/projects/trustedbsd/priv/sys/kern/vfs_subr.c#13 edit .. //depot/projects/trustedbsd/priv/sys/kern/vfs_syscalls.c#13 edit .. //depot/projects/trustedbsd/priv/sys/netinet/in_pcb.c#10 edit .. //depot/projects/trustedbsd/priv/sys/netinet/raw_ip.c#10 edit .. //depot/projects/trustedbsd/priv/sys/netinet/sctp_pcb.c#8 edit .. //depot/projects/trustedbsd/priv/sys/netinet/sctp_usrreq.c#8 edit .. //depot/projects/trustedbsd/priv/sys/netinet/tcp_subr.c#13 edit .. //depot/projects/trustedbsd/priv/sys/netinet/udp_usrreq.c#9 edit .. //depot/projects/trustedbsd/priv/sys/netinet6/in6_pcb.c#6 edit .. //depot/projects/trustedbsd/priv/sys/netinet6/in6_src.c#8 edit .. //depot/projects/trustedbsd/priv/sys/security/mac_portacl/mac_portacl.c#10 edit .. //depot/projects/trustedbsd/priv/sys/security/mac_seeotheruids/mac_seeotheruids.c#10 edit .. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_alloc.c#7 edit .. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vnops.c#9 edit .. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#10 edit .. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_vnops.c#9 edit Differences ... ==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#14 (text+ko) ==== @@ -1077,8 +1077,7 @@ * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, - SUSER_ALLOWJAIL)) != 0) { + if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); ==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#5 (text+ko) ==== @@ -124,8 +124,7 @@ * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, - SUSER_ALLOWJAIL)) != 0) { + if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); ==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#6 (text+ko) ==== @@ -281,8 +281,7 @@ goto out; if (td->td_ucred->cr_uid != vattr.va_uid && - (error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check(td, PRIV_VFS_ADMIN)) != 0) goto out; if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) ==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#7 (text+ko) ==== @@ -612,8 +612,7 @@ struct file *fp; int error, vfslocked; - if ((error = priv_check_cred(td->td_ucred, PRIV_VFS_FCHROOT, - SUSER_ALLOWJAIL)) != 0) + if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0) return error; if ((error = getvnode(fdp, uap->fd, &fp)) != 0) return error; ==== //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_vnops.c#9 (text+ko) ==== @@ -1168,7 +1168,7 @@ if ((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid || (gid != de->de_gid && !groupmember(gid, ap->a_cred))) { error = priv_check_cred(ap->a_td->td_ucred, - PRIV_VFS_CHOWN, SUSER_ALLOWJAIL); + PRIV_VFS_CHOWN, 0); if (error) return (error); } @@ -1180,7 +1180,7 @@ if (vap->va_mode != (mode_t)VNOVAL) { if (ap->a_cred->cr_uid != de->de_uid) { error = priv_check_cred(ap->a_td->td_ucred, - PRIV_VFS_ADMIN, SUSER_ALLOWJAIL); + PRIV_VFS_ADMIN, 0); if (error) return (error); } ==== //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vnops.c#9 (text+ko) ==== @@ -408,8 +408,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid) { - error = priv_check_cred(cred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); if (error) return (error); } @@ -426,8 +425,7 @@ * sensible filesystem attempts it a lot. */ if (vap->va_flags & SF_SETTABLE) { - error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0); if (error) return (error); } @@ -454,8 +452,7 @@ gid = pmp->pm_gid; if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid || (gid != pmp->pm_gid && !groupmember(gid, cred))) { - error = priv_check_cred(cred, PRIV_VFS_CHOWN, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0); if (error) return (error); } @@ -520,8 +517,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid) { - error = priv_check_cred(cred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); if (error) return (error); } ==== //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#10 (text+ko) ==== @@ -115,7 +115,7 @@ * are missing. */ error = priv_check_cred(td->td_ucred, - PRIV_DEBUG_SUGID, SUSER_ALLOWJAIL); + PRIV_DEBUG_SUGID, 0); if (error) break; } ==== //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vnops.c#6 (text+ko) ==== @@ -415,8 +415,7 @@ * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, - SUSER_ALLOWJAIL)) { + if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -535,14 +534,12 @@ * process is not a member of. */ if (vp->v_type != VDIR && (mode & S_ISTXT)) { - error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0); if (error) return (EFTYPE); } if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { - error = priv_check_cred(cred, PRIV_VFS_SETGID, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); if (error) return (error); } @@ -586,8 +583,7 @@ */ if (uid != ip->i_uid || (gid != ip->i_gid && !groupmember(gid, cred))) { - error = priv_check_cred(cred, PRIV_VFS_CHOWN, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0); if (error) return (error); } @@ -597,8 +593,7 @@ ip->i_uid = uid; ip->i_flag |= IN_CHANGE; if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { - if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL) != 0) + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0) != 0) ip->i_mode &= ~(ISUID | ISGID); } return (0); @@ -1648,8 +1643,7 @@ tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) { - if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL)) + if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, 0)) ip->i_mode &= ~ISGID; } ==== //depot/projects/trustedbsd/priv/sys/kern/kern_exec.c#8 (text+ko) ==== @@ -567,8 +567,7 @@ #ifdef KTRACE if (p->p_tracevp != NULL && - priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED, - SUSER_ALLOWJAIL)) { + priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED, 0)) { mtx_lock(&ktrace_mtx); p->p_traceflag = 0; tracevp = p->p_tracevp; ==== //depot/projects/trustedbsd/priv/sys/kern/kern_fork.c#10 (text+ko) ==== @@ -309,8 +309,7 @@ * * XXXRW: Can we avoid privilege here if it's not needed? */ - error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID | - SUSER_ALLOWJAIL); + error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID); if (error == 0) ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0); else { ==== //depot/projects/trustedbsd/priv/sys/kern/kern_ktrace.c#9 (text+ko) ==== @@ -793,8 +793,7 @@ p->p_tracecred = crhold(td->td_ucred); } p->p_traceflag |= facs; - if (priv_check_cred(td->td_ucred, PRIV_KTRACE, - SUSER_ALLOWJAIL) == 0) + if (priv_check(td, PRIV_KTRACE) == 0) p->p_traceflag |= KTRFAC_ROOT; } else { /* KTROP_CLEAR */ @@ -1000,7 +999,7 @@ PROC_LOCK_ASSERT(targetp, MA_OWNED); if (targetp->p_traceflag & KTRFAC_ROOT && - priv_check_cred(td->td_ucred, PRIV_KTRACE, SUSER_ALLOWJAIL)) + priv_check(td, PRIV_KTRACE)) return (0); if (p_candebug(td, targetp) != 0) ==== //depot/projects/trustedbsd/priv/sys/kern/kern_prot.c#8 (text+ko) ==== @@ -511,8 +511,7 @@ #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ uid != oldcred->cr_uid && /* allow setuid(geteuid()) */ #endif - (error = priv_check_cred(oldcred, PRIV_CRED_SETUID, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETUID, 0)) != 0) goto fail; /* @@ -529,7 +528,7 @@ uid == oldcred->cr_uid || #endif /* We are using privs. */ - priv_check_cred(oldcred, PRIV_CRED_SETUID, SUSER_ALLOWJAIL) == 0) + priv_check_cred(oldcred, PRIV_CRED_SETUID, 0) == 0) #endif { /* @@ -602,8 +601,7 @@ if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ - (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0) goto fail; /* @@ -672,8 +670,7 @@ #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ #endif - (error = priv_check_cred(oldcred, PRIV_CRED_SETGID, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0) goto fail; crcopy(newcred, oldcred); @@ -687,7 +684,7 @@ gid == oldcred->cr_groups[0] || #endif /* We are using privs. */ - priv_check_cred(oldcred, PRIV_CRED_SETGID, SUSER_ALLOWJAIL) == 0) + priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0) #endif { /* @@ -756,8 +753,7 @@ if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ - (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0) goto fail; crcopy(newcred, oldcred); @@ -817,8 +813,7 @@ goto fail; #endif - error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, - SUSER_ALLOWJAIL); + error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0); if (error) goto fail; @@ -887,8 +882,7 @@ ruid != oldcred->cr_svuid) || (euid != (uid_t)-1 && euid != oldcred->cr_uid && euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && - (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID, 0)) != 0) goto fail; crcopy(newcred, oldcred); @@ -953,8 +947,7 @@ rgid != oldcred->cr_svgid) || (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && - (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0) goto fail; crcopy(newcred, oldcred); @@ -1030,8 +1023,7 @@ (suid != (uid_t)-1 && suid != oldcred->cr_ruid && suid != oldcred->cr_svuid && suid != oldcred->cr_uid)) && - (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID, 0)) != 0) goto fail; crcopy(newcred, oldcred); @@ -1108,8 +1100,7 @@ (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && sgid != oldcred->cr_svgid && sgid != oldcred->cr_groups[0])) && - (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0) goto fail; crcopy(newcred, oldcred); @@ -1317,8 +1308,7 @@ { if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { - if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL) - != 0) + if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) != 0) return (ESRCH); } return (0); @@ -1357,8 +1347,7 @@ break; } if (!match) { - if (priv_check_cred(u1, PRIV_SEEOTHERGIDS, - SUSER_ALLOWJAIL) != 0) + if (priv_check_cred(u1, PRIV_SEEOTHERGIDS, 0) != 0) return (ESRCH); } } @@ -1475,8 +1464,7 @@ break; default: /* Not permitted without privilege. */ - error = priv_check_cred(cred, PRIV_SIGNAL_SUGID, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_SIGNAL_SUGID, 0); if (error) return (error); } @@ -1490,9 +1478,7 @@ cred->cr_ruid != proc->p_ucred->cr_svuid && cred->cr_uid != proc->p_ucred->cr_ruid && cred->cr_uid != proc->p_ucred->cr_svuid) { - /* Not permitted without privilege. */ - error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED, 0); if (error) return (error); } @@ -1570,8 +1556,7 @@ return (error); if (td->td_ucred->cr_ruid != p->p_ucred->cr_ruid && td->td_ucred->cr_uid != p->p_ucred->cr_ruid) { - error = priv_check_cred(td->td_ucred, PRIV_SCHED_DIFFCRED, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_SCHED_DIFFCRED); if (error) return (error); } @@ -1610,8 +1595,7 @@ KASSERT(td == curthread, ("%s: td not curthread", __func__)); PROC_LOCK_ASSERT(p, MA_OWNED); if (!unprivileged_proc_debug) { - error = priv_check_cred(td->td_ucred, PRIV_DEBUG_UNPRIV, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_DEBUG_UNPRIV); if (error) return (error); } @@ -1662,15 +1646,13 @@ * for td to debug p. */ if (!grpsubset || !uidsubset) { - error = priv_check_cred(td->td_ucred, PRIV_DEBUG_DIFFCRED, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_DEBUG_DIFFCRED); if (error) return (error); } if (credentialchanged) { - error = priv_check_cred(td->td_ucred, PRIV_DEBUG_SUGID, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_DEBUG_SUGID); if (error) return (error); } @@ -1931,8 +1913,7 @@ int error; char logintmp[MAXLOGNAME]; - error = priv_check_cred(td->td_ucred, PRIV_PROC_SETLOGIN, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_PROC_SETLOGIN); if (error) return (error); error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL); ==== //depot/projects/trustedbsd/priv/sys/kern/kern_resource.c#12 (text+ko) ==== @@ -650,8 +650,7 @@ alimp = &oldlim->pl_rlimit[which]; if (limp->rlim_cur > alimp->rlim_max || limp->rlim_max > alimp->rlim_max) - if ((error = priv_check_cred(td->td_ucred, - PRIV_PROC_SETRLIMIT, SUSER_ALLOWJAIL))) { + if ((error = priv_check(td, PRIV_PROC_SETRLIMIT))) { PROC_UNLOCK(p); lim_free(newlim); return (error); ==== //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#7 (text+ko) ==== @@ -1255,8 +1255,7 @@ /* Is this sysctl writable by only privileged users? */ if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { if (oid->oid_kind & CTLFLAG_PRISON) - error = priv_check_cred(req->td->td_ucred, - PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL); + error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL); else error = priv_check(req->td, PRIV_SYSCTL_WRITE); if (error) ==== //depot/projects/trustedbsd/priv/sys/kern/subr_acl_posix1e.c#4 (text+ko) ==== @@ -82,24 +82,22 @@ if (type == VDIR) { if ((acc_mode & VEXEC) && !priv_check_cred(cred, - PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL)) + PRIV_VFS_LOOKUP, 0)) priv_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && !priv_check_cred(cred, - PRIV_VFS_EXEC, SUSER_ALLOWJAIL)) + PRIV_VFS_EXEC, 0)) priv_granted |= VEXEC; } - if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, - SUSER_ALLOWJAIL)) + if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0)) priv_granted |= VREAD; if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) && - !priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL)) + !priv_check_cred(cred, PRIV_VFS_WRITE, 0)) priv_granted |= (VWRITE | VAPPEND); - if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL)) + if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0)) priv_granted |= VADMIN; /* ==== //depot/projects/trustedbsd/priv/sys/kern/sysv_ipc.c#6 (text+ko) ==== @@ -125,22 +125,19 @@ */ priv_granted = 0; if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) { - error = priv_check_cred(td->td_ucred, PRIV_IPC_ADMIN, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_IPC_ADMIN); if (error == 0) priv_granted |= IPC_M; } if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) { - error = priv_check_cred(td->td_ucred, PRIV_IPC_READ, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_IPC_READ); if (error == 0) priv_granted |= IPC_R; } if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) { - error = priv_check_cred(td->td_ucred, PRIV_IPC_WRITE, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_IPC_WRITE); if (error == 0) priv_granted |= IPC_W; } ==== //depot/projects/trustedbsd/priv/sys/kern/sysv_msg.c#10 (text+ko) ==== @@ -502,8 +502,7 @@ if ((error = ipcperm(td, &msqkptr->u.msg_perm, IPC_M))) goto done2; if (msqbuf->msg_qbytes > msqkptr->u.msg_qbytes) { - error = priv_check_cred(td->td_ucred, - PRIV_IPC_MSGSIZE, SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_IPC_MSGSIZE); if (error) goto done2; } ==== //depot/projects/trustedbsd/priv/sys/kern/uipc_mqueue.c#12 (text+ko) ==== @@ -961,8 +961,7 @@ sx_assert(&pn->mn_info->mi_lock, SX_LOCKED); if (ucred->cr_uid != pn->mn_uid && - (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0) error = EACCES; else if (!pn->mn_deleted) { parent = pn->mn_parent; @@ -1221,8 +1220,7 @@ */ if (((ap->a_cred->cr_uid != pn->mn_uid) || uid != pn->mn_uid || (gid != pn->mn_gid && !groupmember(gid, ap->a_cred))) && - (error = priv_check_cred(ap->a_td->td_ucred, - PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)) != 0) + (error = priv_check(ap->a_td, PRIV_MQ_ADMIN)) != 0) return (error); pn->mn_uid = uid; pn->mn_gid = gid; @@ -1231,8 +1229,7 @@ if (vap->va_mode != (mode_t)VNOVAL) { if ((ap->a_cred->cr_uid != pn->mn_uid) && - (error = priv_check_cred(ap->a_td->td_ucred, - PRIV_MQ_ADMIN, SUSER_ALLOWJAIL))) + (error = priv_check(ap->a_td, PRIV_MQ_ADMIN))) return (error); pn->mn_mode = vap->va_mode; c = 1; ==== //depot/projects/trustedbsd/priv/sys/kern/vfs_mount.c#14 (text+ko) ==== @@ -918,7 +918,7 @@ } if (va.va_uid != td->td_ucred->cr_uid) { error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL); + 0); if (error) { vput(vp); return (error); ==== //depot/projects/trustedbsd/priv/sys/kern/vfs_subr.c#13 (text+ko) ==== @@ -3300,24 +3300,24 @@ * requests, instead of PRIV_VFS_EXEC. */ if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && - !priv_check_cred(cred, PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL)) + !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0)) priv_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && - !priv_check_cred(cred, PRIV_VFS_EXEC, SUSER_ALLOWJAIL)) + !priv_check_cred(cred, PRIV_VFS_EXEC, 0)) priv_granted |= VEXEC; } if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) && - !priv_check_cred(cred, PRIV_VFS_READ, SUSER_ALLOWJAIL)) + !priv_check_cred(cred, PRIV_VFS_READ, 0)) priv_granted |= VREAD; if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) && - !priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL)) + !priv_check_cred(cred, PRIV_VFS_WRITE, 0)) priv_granted |= (VWRITE | VAPPEND); if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) && - !priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL)) + !priv_check_cred(cred, PRIV_VFS_ADMIN, 0)) priv_granted |= VADMIN; if ((acc_mode & (priv_granted | dac_granted)) == acc_mode) { ==== //depot/projects/trustedbsd/priv/sys/kern/vfs_syscalls.c#13 (text+ko) ==== @@ -837,8 +837,7 @@ struct nameidata nd; int vfslocked; - error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_VFS_CHROOT); if (error) return (error); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, @@ -1379,15 +1378,13 @@ return (error); if (hardlink_check_uid && cred->cr_uid != va.va_uid) { - error = priv_check_cred(cred, PRIV_VFS_LINK, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_LINK, 0); if (error) return (error); } if (hardlink_check_gid && !groupmember(va.va_gid, cred)) { - error = priv_check_cred(cred, PRIV_VFS_LINK, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_LINK, 0); if (error) return (error); } @@ -2349,8 +2346,7 @@ * chown can't fail when done as root. */ if (vp->v_type == VCHR || vp->v_type == VBLK) { - error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_VFS_CHFLAGS_DEV); if (error) return (error); } @@ -3852,8 +3848,7 @@ if (error) goto out; if (td->td_ucred->cr_uid != vattr.va_uid) { - error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_VFS_ADMIN); if (error) goto out; } ==== //depot/projects/trustedbsd/priv/sys/netinet/in_pcb.c#10 (text+ko) ==== @@ -340,13 +340,13 @@ if (ntohs(lport) <= ipport_reservedhigh && ntohs(lport) >= ipport_reservedlow && priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, - SUSER_ALLOWJAIL)) + 0)) return (EACCES); if (jailed(cred)) prison = 1; if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) && priv_check_cred(so->so_cred, - PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) { + PRIV_NETINET_REUSEPORT, 0) != 0) { t = in_pcblookup_local(inp->inp_pcbinfo, sin->sin_addr, lport, prison ? 0 : INPLOOKUP_WILDCARD); @@ -411,7 +411,7 @@ lastport = &pcbinfo->ipi_lasthi; } else if (inp->inp_flags & INP_LOWPORT) { error = priv_check_cred(cred, - PRIV_NETINET_RESERVEDPORT, SUSER_ALLOWJAIL); + PRIV_NETINET_RESERVEDPORT, 0); if (error) return error; first = ipport_lowfirstauto; /* 1023 */ ==== //depot/projects/trustedbsd/priv/sys/netinet/raw_ip.c#10 (text+ko) ==== @@ -607,13 +607,8 @@ inp = sotoinpcb(so); KASSERT(inp == NULL, ("rip_attach: inp != NULL")); - /* - * XXXRW: Centralize privilege decision in kern_jail.c. - */ - if (jailed(td->td_ucred) && !jail_allow_raw_sockets) - return (EPERM); - error = priv_check_cred(td->td_ucred, PRIV_NETINET_RAW, - SUSER_ALLOWJAIL); + + error = priv_check(td, PRIV_NETINET_RAW); if (error) return error; if (proto >= IPPROTO_MAX || proto < 0) ==== //depot/projects/trustedbsd/priv/sys/netinet/sctp_pcb.c#8 (text+ko) ==== @@ -2120,10 +2120,7 @@ /* got to be root to get at low ports */ if (ntohs(lport) < IPPORT_RESERVED) { if (p && (error = - priv_check_cred(p->td_ucred, - PRIV_NETINET_RESERVEDPORT, - SUSER_ALLOWJAIL - ) + priv_check(p, PRIV_NETINET_RESERVEDPORT) )) { SCTP_INP_DECR_REF(inp); SCTP_INP_WUNLOCK(inp); ==== //depot/projects/trustedbsd/priv/sys/netinet/sctp_usrreq.c#8 (text+ko) ==== @@ -385,13 +385,8 @@ /* FIX, for non-bsd is this right? */ vrf_id = SCTP_DEFAULT_VRFID; - /* - * XXXRW: Other instances of getcred use SUSER_ALLOWJAIL, as socket - * visibility is scoped using cr_canseesocket(), which it is not - * here. - */ - error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED, - SUSER_ALLOWJAIL); + error = priv_check(req->td, PRIV_NETINET_GETCRED); + if (error) return (error); @@ -3302,9 +3297,8 @@ { union sctp_sockstore *ss; - error = priv_check_cred(curthread->td_ucred, - PRIV_NETINET_RESERVEDPORT, - SUSER_ALLOWJAIL); + error = priv_check(curthread, + PRIV_NETINET_RESERVEDPORT); if (error) break; ==== //depot/projects/trustedbsd/priv/sys/netinet/tcp_subr.c#13 (text+ko) ==== @@ -1019,8 +1019,7 @@ struct inpcb *inp; int error; - error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED, - SUSER_ALLOWJAIL); + error = priv_check(req->td, PRIV_NETINET_GETCRED); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -1064,8 +1063,7 @@ struct inpcb *inp; int error, mapped = 0; - error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED, - SUSER_ALLOWJAIL); + error = priv_check(req->td, PRIV_NETINET_GETCRED); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); ==== //depot/projects/trustedbsd/priv/sys/netinet/udp_usrreq.c#9 (text+ko) ==== @@ -696,8 +696,7 @@ struct inpcb *inp; int error; - error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED, - SUSER_ALLOWJAIL); + error = priv_check(req->td, PRIV_NETINET_GETCRED); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); ==== //depot/projects/trustedbsd/priv/sys/netinet6/in6_pcb.c#6 (text+ko) ==== @@ -192,11 +192,11 @@ if (ntohs(lport) <= ipport_reservedhigh && ntohs(lport) >= ipport_reservedlow && priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, - SUSER_ALLOWJAIL)) + 0)) return (EACCES); if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) && priv_check_cred(so->so_cred, - PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) { + PRIV_NETINET_REUSEPORT, 0) != 0) { t = in6_pcblookup_local(pcbinfo, &sin6->sin6_addr, lport, INPLOOKUP_WILDCARD); ==== //depot/projects/trustedbsd/priv/sys/netinet6/in6_src.c#8 (text+ko) ==== @@ -775,8 +775,7 @@ last = ipport_hilastauto; lastport = &pcbinfo->ipi_lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0); if (error) return error; first = ipport_lowfirstauto; /* 1023 */ ==== //depot/projects/trustedbsd/priv/sys/security/mac_portacl/mac_portacl.c#10 (text+ko) ==== @@ -419,8 +419,7 @@ mtx_unlock(&rule_mtx); if (error != 0 && mac_portacl_suser_exempt != 0) - error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0); return (error); } ==== //depot/projects/trustedbsd/priv/sys/security/mac_seeotheruids/mac_seeotheruids.c#10 (text+ko) ==== @@ -114,8 +114,7 @@ return (0); if (suser_privileged) { - if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL) - == 0) + if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, 0) == 0) return (0); } ==== //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_alloc.c#7 (text+ko) ==== @@ -173,7 +173,7 @@ #endif if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0) goto nospace; - if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) && + if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) && freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0) goto nospace; if (bpref >= fs->fs_size) @@ -268,7 +268,7 @@ #endif /* DIAGNOSTIC */ reclaimed = 0; retry: - if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) && + if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) && freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) { goto nospace; } ==== //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vnops.c#9 (text+ko) ==== @@ -790,8 +790,7 @@ */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ap->a_cred) { - if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL)) { + if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0)) { ip->i_mode &= ~(ISUID | ISGID); DIP_SET(ip, i_mode, ip->i_mode); } @@ -1121,8 +1120,7 @@ * tampering. */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) { - if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL)) { + if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, 0)) { ip->i_mode &= ~(ISUID | ISGID); dp->di_mode = ip->i_mode; } ==== //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#10 (text+ko) ==== @@ -515,7 +515,7 @@ int error, flags, vfslocked; struct nameidata nd; - error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, 0); + error = priv_check(td, PRIV_UFS_QUOTAON); if (error) return (error); @@ -747,10 +747,7 @@ struct ufsmount *ump; int error; - /* - * XXXRW: This also seems wrong to allow in a jail? - */ - error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, 0); + error = priv_check(td, PRIV_UFS_QUOTAOFF); if (error) return (error); @@ -783,8 +780,7 @@ switch (type) { case USRQUOTA: if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) { - error = priv_check_cred(td->td_ucred, - PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_VFS_GETQUOTA); if (error) return (error); } @@ -793,8 +789,7 @@ case GRPQUOTA: if (!groupmember(id, td->td_ucred) && !unprivileged_get_quota) { - error = priv_check_cred(td->td_ucred, - PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_VFS_GETQUOTA); if (error) return (error); } @@ -830,8 +825,7 @@ struct dqblk newlim; int error; - error = priv_check_cred(td->td_ucred, PRIV_VFS_SETQUOTA, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_VFS_SETQUOTA); if (error) return (error); @@ -901,7 +895,7 @@ struct dqblk usage; int error; - error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, 0); + error = priv_check(td, PRIV_UFS_SETUSE); if (error) return (error); >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705311405.l4VE5uR5002193>