Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-3]: src/sys/dev Pull up revision 1.17 (requested by elad in ticke...



details:   https://anonhg.NetBSD.org/src/rev/34f2b21f32db
branches:  netbsd-3
changeset: 576386:34f2b21f32db
user:      tron <tron%NetBSD.org@localhost>
date:      Sat Jul 02 15:58:23 2005 +0000

description:
Pull up revision 1.17 (requested by elad in ticket #487):
- Use more calls to veriexec_report() where possible.
- Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add
sysctl(3) bits.
- Simplify access type conflict handling during load. This depends on
the values of access type defines to be ordered from least to most
'strict'.

diffstat:

 sys/dev/verified_exec.c |  59 +++++++++++++++++++++++-------------------------
 1 files changed, 28 insertions(+), 31 deletions(-)

diffs (98 lines):

diff -r f972ef42eab9 -r 34f2b21f32db sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c   Sat Jul 02 15:58:17 2005 +0000
+++ b/sys/dev/verified_exec.c   Sat Jul 02 15:58:23 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: verified_exec.c,v 1.5.2.10 2005/07/02 15:53:46 tron Exp $      */
+/*     $NetBSD: verified_exec.c,v 1.5.2.11 2005/07/02 15:58:23 tron Exp $      */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -31,9 +31,9 @@
 
 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.10 2005/07/02 15:53:46 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.11 2005/07/02 15:58:23 tron Exp $");
 #else
-__RCSID("$Id: verified_exec.c,v 1.5.2.10 2005/07/02 15:53:46 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.10 2005/07/02 15:53:46 tron Exp $");
+__RCSID("$Id: verified_exec.c,v 1.5.2.11 2005/07/02 15:58:23 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.11 2005/07/02 15:58:23 tron Exp $");
 #endif
 
 #include <sys/param.h>
@@ -121,11 +121,11 @@
 veriexecopen(dev_t dev __unused, int flags __unused,
                 int fmt __unused, struct proc *p __unused)
 {
-#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
-       printf("Veriexec: veriexecopen: Veriexec load device open attempt by "
-              "uid=%u, pid=%u. (dev=%d)\n", p->p_ucred->cr_uid,
-              p->p_pid, dev);
-#endif
+       if (veriexec_verbose >= 2) {
+               printf("Veriexec: veriexecopen: Veriexec load device "
+                      "open attempt by uid=%u, pid=%u. (dev=%d)\n",
+                      p->p_ucred->cr_uid, p->p_pid, dev);
+       }
 
        if (suser(p->p_ucred, &p->p_acflag) != 0)
                return (EPERM);
@@ -207,6 +207,7 @@
                error = namei(&nid);
                if (error)
                        return (error);
+
                /* Add only regular files. */
                if (nid.ni_vp->v_type != VREG) {
                        printf("Veriexec: veriexecioctl: Not adding \"%s\": "
@@ -232,32 +233,28 @@
                hh = veriexec_lookup(va.va_fsid, va.va_fileid);
                if (hh != NULL) {
                        /*
-                        * Duplicate entry. Still check the type to
-                        * ensure enforcement of a stricter policy.
-                        * i.e. if orignal entry was direct exec but
-                        * the new params flag the file as indirect or
-                        * file then update the hash entry to the new
-                        * type to ensure duplicate entries do not
-                        * degrade the security policy...
+                        * Duplicate entry; handle access type conflict
+                        * and enforce 'FILE' over 'INDIRECT' over
+                        * 'DIRECT'.
                         */
-                       
-                       if ((hh->type != params->type) &&
-                           ((params->type == VERIEXEC_INDIRECT) ||
-                            (params->type == VERIEXEC_FILE))) {
+                       if (hh->type < params->type) {
                                hh->type = params->type;
-                               printf("Veriexec: veriexecioctl: Duplicate "
-                                      "entry for %s, (dev=%ld, inode=%ld) "
-                                      "but type mismatched.  "
-                                      "Updating type to stricter one\n",
-                                      params->file, va.va_fsid, va.va_fileid);
+
+                               veriexec_report("Duplicate entry with "
+                                               "access type mismatch. "
+                                               "Updating to stricter "
+                                               "type.", params->file,
+                                               &va, NULL,
+                                               REPORT_NOVERBOSE,
+                                               REPORT_NOALARM,
+                                               REPORT_NOPANIC);
+                       } else {
+                               veriexec_report("Duplicate entry.",
+                                               params->file, &va, NULL,
+                                               REPORT_VERBOSE_HIGH,
+                                               REPORT_NOALARM,
+                                               REPORT_NOPANIC);
                        }
-                       
-#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
-                       printf("Veriexec: veriexecioctl: Duplicate "
-                              "entry for %s. (dev=%ld, inode=%ld) "
-                              "Ignoring.\n", params->file,
-                              va.va_fsid, va.va_fileid);
-#endif
 
                        return (0);
                }



Home | Main Index | Thread Index | Old Index