Date: Wed, 30 Aug 2000 20:20:06 +0900 From: "Akinori -Aki- MUSHA" <knu@idaemons.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: des@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/sys vnode.h src/sys/kern vfs_subr.c src/sys/fs/devfs devfs_vnops.c src/sys/fs/hpfs hpfs_vnops.c src/sys/isofs/cd9660 cd9660_vnops.c src/sys/miscfs/kernfs kernfs_vnops.c src/sys/msdosfs msdosfs_vnops.c src/sys/ntfs ... Message-ID: <86hf83572x.wl@archon.local.idaemons.org> In-Reply-To: In your message of "Tue, 29 Aug 2000 07:45:50 -0700 (PDT)" <200008291445.HAA33366@freefall.freebsd.org> References: <200008291445.HAA33366@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At Tue, 29 Aug 2000 07:45:50 -0700 (PDT),
Robert Watson wrote:
> rwatson 2000/08/29 07:45:50 PDT
>
> Modified files:
> sys/sys vnode.h
> sys/kern vfs_subr.c
> sys/fs/devfs devfs_vnops.c
> sys/fs/hpfs hpfs_vnops.c
> sys/isofs/cd9660 cd9660_vnops.c
> sys/miscfs/kernfs kernfs_vnops.c
> sys/msdosfs msdosfs_vnops.c
> sys/ntfs ntfs_vnops.c
> sys/ufs/ufs ufs_vnops.c
> Log:
> o Restructure vaccess() so as to check for DAC permission to modify the
> object before falling back on privilege. Make vaccess() accept an
> additional optional argument, privused, to determine whether
> privilege was required for vaccess() to return 0. Add commented
> out capability checks for reference. Rename some variables to make
> it more clear which modes/uids/etc are associated with the object,
> and which with the access mode.
> o Update file system use of vaccess() to pass NULL as the optional
> privused argument. Once additional patches are applied, suser()
> will no longer set ASU, so privused will permit passing of
> privilege information up the stack to the caller.
>
> Reviewed by: bde, green, phk, -security, others
> Obtained from: TrustedBSD Project
Somehow sys/i386/linux/linprocfs/linprocfs_vnops.c seems forgotten.
I've cooked up a patch as attached, but I'm not sure if it's
correct. (It's working as far as I test, though)
Please unbreak linprocfs soon, thanks.
--
/
/__ __
/ ) ) ) ) /
Akinori -Aki- MUSHA aka / (_ / ( (__( @ idaemons.org / FreeBSD.org
"We're only at home when we're on the run, on the wing, on the fly"
Index: linprocfs_vnops.c
===================================================================
RCS file: /home/ncvs/src/sys/i386/linux/linprocfs/linprocfs_vnops.c,v
retrieving revision 1.3
diff -u -r1.3 linprocfs_vnops.c
--- linprocfs_vnops.c 2000/05/24 07:37:02 1.3
+++ linprocfs_vnops.c 2000/08/30 11:05:48
@@ -129,7 +129,7 @@
p2 = PFIND(pfs->pfs_pid);
if (p2 == NULL)
return (ENOENT);
- if (pfs->pfs_pid && !PRISON_CHECK(ap->a_p, p2))
+ if (pfs->pfs_pid && p_can(ap->a_p, p2, P_CAN_SEE, NULL))
return (ENOENT);
switch (pfs->pfs_type) {
@@ -139,7 +139,7 @@
return (EBUSY);
p1 = ap->a_p;
- if (p_trespass(p1, p2) &&
+ if (p_can(p1, p2, P_CAN_DEBUG, NULL) &&
!procfs_kmemaccess(p1))
return (EPERM);
@@ -231,8 +231,11 @@
return ENOTTY;
}
- if (p_trespass(p, procp))
- return EPERM;
+ if ((error = p_can(p, procp, P_CAN_DEBUG, NULL))) {
+ if (error == ESRCH)
+ error = ENOENT;
+ return (error);
+ }
switch (ap->a_command) {
case PIOCBIS:
@@ -431,6 +434,9 @@
if (procp == 0 || procp->p_cred == NULL ||
procp->p_ucred == NULL)
return (ENOENT);
+
+ if (p_can(ap->a_p, procp, P_CAN_SEE, NULL))
+ return (ENOENT);
}
error = 0;
@@ -599,16 +605,22 @@
struct proc *a_p;
} */ *ap;
{
+ struct pfsnode *pfs = VTOPFS(ap->a_vp);
+ struct proc *procp;
struct vattr *vap;
struct vattr vattr;
int error;
- /*
- * If you're the super-user,
- * you always get access.
- */
- if (ap->a_cred->cr_uid == 0)
- return (0);
+ switch (pfs->pfs_type) {
+ case Proot:
+ break;
+ default:
+ procp = PFIND(pfs->pfs_pid);
+ if (procp == NULL)
+ return (ENOENT);
+ if (p_can(ap->a_p, procp, P_CAN_SEE, NULL))
+ return (ENOENT);
+ }
vap = &vattr;
error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p);
@@ -661,6 +673,7 @@
struct vnode **vpp = ap->a_vpp;
struct vnode *dvp = ap->a_dvp;
char *pname = cnp->cn_nameptr;
+ struct proc *curp = cnp->cn_proc;
struct proc_target *pt;
pid_t pid;
struct pfsnode *pfs;
@@ -669,7 +682,8 @@
*vpp = NULL;
- if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)
+ if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME ||
+ cnp->cn_nameiop == CREATE)
return (EROFS);
if (cnp->cn_namelen == 1 && *pname == '.') {
@@ -700,6 +714,9 @@
if (p == 0)
break;
+ if (p_can(curp, p, P_CAN_SEE, NULL))
+ break;
+
return (linprocfs_allocvp(dvp->v_mount, vpp, pid, Pproc));
case Pproc:
@@ -794,7 +811,7 @@
p = PFIND(pfs->pfs_pid);
if (p == NULL)
break;
- if (!PRISON_CHECK(curproc, p))
+ if (p_can(curproc, p, P_CAN_SEE, NULL))
break;
for (pt = &proc_targets[i];
@@ -829,7 +846,7 @@
int doingzomb = 0;
#endif
int pcnt = 0;
- volatile struct proc *p = allproc.lh_first;
+ struct proc *p = allproc.lh_first;
for (; p && uio->uio_resid >= delen; i++, pcnt++) {
bzero((char *) dp, delen);
@@ -871,11 +888,11 @@
p = p->p_list.le_next;
if (!p)
goto done;
- if (!PRISON_CHECK(curproc, p))
+ if (p_can(curproc, p, P_CAN_SEE, NULL))
continue;
pcnt++;
}
- while (!PRISON_CHECK(curproc, p)) {
+ while (p_can(curproc, p, P_CAN_SEE, NULL)) {
p = p->p_list.le_next;
if (!p)
goto done;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86hf83572x.wl>