Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/sys/kern Pull up revision 1.45 (requested by elad in tick...
details: https://anonhg.NetBSD.org/src/rev/131c177c9e67
branches: netbsd-3
changeset: 576424:131c177c9e67
user: tron <tron%NetBSD.org@localhost>
date: Sat Jul 02 17:54:05 2005 +0000
description:
Pull up revision 1.45 (requested by elad in ticket #487):
>From marius@openbsd:
Add an exec message so that whenever a set-uid/gid process executes a new
image which we may control, the exec does not go by unnoticed.
diffstat:
sys/kern/kern_systrace.c | 67 +++++++++++++++++++++++++++++++++++++++--------
1 files changed, 55 insertions(+), 12 deletions(-)
diffs (131 lines):
diff -r b25859762e72 -r 131c177c9e67 sys/kern/kern_systrace.c
--- a/sys/kern/kern_systrace.c Sat Jul 02 17:53:58 2005 +0000
+++ b/sys/kern/kern_systrace.c Sat Jul 02 17:54:05 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_systrace.c,v 1.44 2005/02/26 21:34:55 perry Exp $ */
+/* $NetBSD: kern_systrace.c,v 1.44.2.1 2005/07/02 17:54:05 tron Exp $ */
/*
* Copyright 2002, 2003 Niels Provos <provos%citi.umich.edu@localhost>
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.44 2005/02/26 21:34:55 perry Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.44.2.1 2005/07/02 17:54:05 tron Exp $");
#include "opt_systrace.h"
@@ -1242,6 +1242,42 @@
return (error);
}
+void
+systrace_execve(char *path, struct proc *p)
+{
+ struct str_process *strp;
+ struct fsystrace *fst;
+ struct str_message msg;
+ struct str_msg_execve *msg_execve;
+
+ do {
+ systrace_lock();
+ strp = p->p_systrace;
+ if (strp == NULL) {
+ systrace_unlock();
+ return;
+ }
+
+ msg_execve = &msg.msg_data.msg_execve;
+ fst = strp->parent;
+ SYSTRACE_LOCK(fst, curlwp);
+ systrace_unlock();
+
+ /*
+ * susers will get the execve call anyway. Also, if
+ * we're not allowed to control the process, escape.
+ */
+ if (fst->issuser ||
+ fst->p_ruid != p->p_cred->p_ruid ||
+ fst->p_rgid != p->p_cred->p_rgid) {
+ SYSTRACE_UNLOCK(fst, curlwp);
+ return;
+ }
+
+ strlcpy(msg_execve->path, path, sizeof(msg_execve->path));
+ } while (systrace_make_msg(strp, SYSTR_MSG_EXECVE, &msg) != 0);
+}
+
/* Prepare to replace arguments */
int
@@ -1348,7 +1384,6 @@
int
systrace_fname(struct str_process *strp, caddr_t kdata, size_t len)
{
-
if (strp->nfname >= SYSTR_MAXFNAME || len < 2)
return EINVAL;
@@ -1377,9 +1412,10 @@
systrace_namei(struct nameidata *ndp)
{
struct str_process *strp;
- struct fsystrace *fst;
+ struct fsystrace *fst = NULL; /* XXXGCC */
struct componentname *cnp = &ndp->ni_cnd;
size_t i;
+ int hamper = 0;
systrace_lock();
strp = cnp->cn_proc->p_systrace;
@@ -1388,18 +1424,21 @@
SYSTRACE_LOCK(fst, curlwp);
systrace_unlock();
- for (i = 0; i < strp->nfname; i++) {
+ for (i = 0; i < strp->nfname; i++)
if (strcmp(cnp->cn_pnbuf, strp->fname[i]) == 0) {
- /* ELOOP if namei() tries to readlink */
- ndp->ni_loopcnt = MAXSYMLINKS;
- cnp->cn_flags &= ~FOLLOW;
- cnp->cn_flags |= NOFOLLOW;
+ hamper = 1;
break;
}
- }
SYSTRACE_UNLOCK(fst, curlwp);
} else
systrace_unlock();
+
+ if (hamper) {
+ /* ELOOP if namei() tries to readlink */
+ ndp->ni_loopcnt = MAXSYMLINKS;
+ cnp->cn_flags &= ~FOLLOW;
+ cnp->cn_flags |= NOFOLLOW;
+ }
}
struct str_process *
@@ -1614,7 +1653,11 @@
struct str_msgcontainer *cont;
struct str_message *msg;
struct fsystrace *fst = strp->parent;
- int st;
+ int st, pri;
+
+ pri = PWAIT|PCATCH;
+ if (type == SYSTR_MSG_EXECVE)
+ pri &= ~PCATCH;
cont = pool_get(&systr_msgcontainer_pl, PR_WAITOK);
memset(cont, 0, sizeof(struct str_msgcontainer));
@@ -1651,7 +1694,7 @@
int f;
f = curlwp->l_flag & L_SA;
curlwp->l_flag &= ~L_SA;
- st = tsleep(strp, PWAIT | PCATCH, "systrmsg", 0);
+ st = tsleep(strp, pri, "systrmsg", 0);
curlwp->l_flag |= f;
if (st != 0)
return (ERESTART);
Home |
Main Index |
Thread Index |
Old Index