Subject: Re: kern/35226: Problems with permissions in /usr/pkg/emul/linux/proc
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Elad Efrat <elad@NetBSD.org>
List: netbsd-bugs
Date: 12/24/2006 14:45:02
The following reply was made to PR kern/35226; it has been noted by GNATS.
From: Elad Efrat <elad@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/35226: Problems with permissions in /usr/pkg/emul/linux/proc
.
Date: Sun, 24 Dec 2006 16:40:28 +0200
This is a multi-part message in MIME format.
--------------040409020001060303040703
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
see attached diff.
-e.
Elad Efrat wrote:
> that's a known issue that I already have a fix for. I'm not sure what
> kind of semantics we want to have in procfs (ie., exclude cpuinfo from
> the kauth check, or do that depending on uio_rw, or put it in the
> secmodel) so I'm holding it for now.
--------------040409020001060303040703
Content-Type: text/plain;
name="pr35226.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="pr35226.diff"
Index: procfs_subr.c
===================================================================
RCS file: /usr/cvs/src/sys/miscfs/procfs/procfs_subr.c,v
retrieving revision 1.73
diff -u -p -r1.73 procfs_subr.c
--- procfs_subr.c 28 Nov 2006 17:27:09 -0000 1.73
+++ procfs_subr.c 23 Dec 2006 13:14:17 -0000
@@ -324,10 +324,26 @@ procfs_rw(v)
*/
#define M2K(m) ((m) == UIO_READ ? KAUTH_REQ_PROCESS_CANPROCFS_READ : \
KAUTH_REQ_PROCESS_CANPROCFS_WRITE)
- error = kauth_authorize_process(curl->l_cred, KAUTH_PROCESS_CANPROCFS,
- p, pfs, KAUTH_ARG(M2K(uio->uio_rw)), NULL);
- if (error)
- return (error);
+ switch (pfs->pfs_type) {
+ case PFScpuinfo:
+ case PFSdevices:
+ case PFSmeminfo:
+ case PFSmounts:
+ case PFSuptime:
+ /*
+ * XXX These are Linux emulation nodes. I think because they
+ * XXX are all read-only, it's okay to make an exception for
+ * XXX them here instead of the secmodel code.
+ */
+ break;
+ default:
+ error = kauth_authorize_process(curl->l_cred,
+ KAUTH_PROCESS_CANPROCFS, p, pfs,
+ KAUTH_ARG(M2K(uio->uio_rw)), NULL);
+ if (error)
+ return (error);
+ break;
+ }
#undef M2K
/* XXX NJWLWP
--------------040409020001060303040703--