Subject: Re: systrace broken after socket versioning
To: Pavel Cahyna <pavel@netbsd.org>
From: Elad Efrat <elad@NetBSD.org>
List: tech-security
Date: 08/21/2006 01:21:05
This is a multi-part message in MIME format.
--Boundary_(ID_1mjNdE/77/aseDn75zC6Hw)
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7BIT
Pavel Cahyna wrote:
> Elad Efrat pointed out that the recent socket(2) versioning broke
> systrace. Here is an attempt to correct it, following the example of revs
> 1.14 and 1.17 . To be applied under src/bin/systrace.
the diff you sent didn't work for me. i've attached one that works,
including a fix from ray@openbsd for a disturbing issue discussed on
tech@openbsd:
http://marc.theaimsgroup.com/?l=openbsd-tech&m=115513754417683&w=2
> One question: what will happen if the kernel does not have COMPAT_30? Will
> systrace fail to register the compatibility syscall and break?
i don't know, but it didn't bother anyone so far (speaking of previous
fixes), so either it just works or nobody has a kernel without COMPAT_30
or nobody uses systrace. i'm afraid that at the moment i can't look into
which is correct, though. :)
note: although the attached diff fixes two important issues, systrace
imho should still be disabled by default until someone steps up to
maintain it and (a) does a full code sync with systrace 1.6d and the
openbsd version, (b) does a thorough audit of systrace (who knows what
lurks there!), and (c) writes regression tests
-e.
--
Elad Efrat
--Boundary_(ID_1mjNdE/77/aseDn75zC6Hw)
Content-type: text/plain; name=systrace.diff
Content-transfer-encoding: 7BIT
Content-disposition: inline; filename=systrace.diff
Index: register.c
===================================================================
RCS file: /usr/cvs/src/bin/systrace/register.c,v
retrieving revision 1.18
diff -u -p -r1.18 register.c
--- register.c 16 Apr 2006 05:19:02 -0000 1.18
+++ register.c 19 Aug 2006 22:09:36 -0000
@@ -113,7 +113,8 @@ systrace_initcb(void)
/* 57: symlink */
X(intercept_register_sccb("netbsd", "symlink", trans_cb, NULL));
intercept_register_transstring("netbsd", "symlink", 0);
- intercept_register_transfn("netbsd", "symlink", 1);
+ intercept_register_translation("netbsd", "symlink", 1,
+ &ic_translate_unlinkname);
/* 58: readlink [fsread] */
X(intercept_register_sccb("netbsd", "readlink", trans_cb, NULL));
@@ -143,10 +144,10 @@ systrace_initcb(void)
X(intercept_register_sccb("netbsd", "fcntl", trans_cb, NULL));
intercept_register_translation("netbsd", "fcntl", 1, &ic_fcntlcmd);
- /* 97: socket */
- X(intercept_register_sccb("netbsd", "socket", trans_cb, NULL));
- intercept_register_translation("netbsd", "socket", 0, &ic_sockdom);
- intercept_register_translation("netbsd", "socket", 1, &ic_socktype);
+ /* 97: compat_30_socket*/
+ X(intercept_register_sccb("netbsd", "compat_30_socket", trans_cb, NULL));
+ intercept_register_translation("netbsd", "compat_30_socket", 0, &ic_sockdom);
+ intercept_register_translation("netbsd", "compat_30_socket", 1, &ic_socktype);
/* 98: connect */
X(intercept_register_sccb("netbsd", "connect", trans_cb, NULL));
@@ -236,19 +237,25 @@ systrace_initcb(void)
intercept_register_translation("netbsd", "__posix_fchown", 0, &ic_fdt);
intercept_register_translation("netbsd", "__posix_fchown", 1, &ic_uidt);
intercept_register_translation("netbsd", "__posix_fchown", 2, &ic_gidt);
- /* __stat30 [fsread] */
+
+ /* 387: __stat30 [fsread] */
X(intercept_register_sccb("netbsd", "__stat30", trans_cb, NULL));
tl = intercept_register_transfn("netbsd", "__stat30", 0);
alias = systrace_new_alias("netbsd", "__stat30", "netbsd", "fsread");
systrace_alias_add_trans(alias, tl);
- /* __lstat30 [fsread] */
+ /* 389: __lstat30 [fsread] */
X(intercept_register_sccb("netbsd", "__lstat30", trans_cb, NULL));
tl = intercept_register_translation("netbsd", "__lstat30", 0,
&ic_translate_unlinkname);
alias = systrace_new_alias("netbsd", "__lstat30", "netbsd", "fsread");
systrace_alias_add_trans(alias, tl);
+ /* 394: __socket30 */
+ X(intercept_register_sccb("netbsd", "__socket30", trans_cb, NULL));
+ intercept_register_translation("netbsd", "__socket30", 0, &ic_sockdom);
+ intercept_register_translation("netbsd", "__socket30", 1, &ic_socktype);
+
#else
X(intercept_register_gencb(gen_cb, NULL));
@@ -318,7 +325,8 @@ systrace_initcb(void)
/* symlink */
X(intercept_register_sccb("native", "symlink", trans_cb, NULL));
intercept_register_transstring("native", "symlink", 0);
- intercept_register_transfn("native", "symlink", 1);
+ intercept_register_translation("native", "symlink", 1,
+ &ic_translate_unlinkname);
/* readlink [fsread] */
X(intercept_register_sccb("native", "readlink", trans_cb, NULL));
--Boundary_(ID_1mjNdE/77/aseDn75zC6Hw)--