Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add destination file vnode to rename checking.

This commit is contained in:
blymn 2006-07-19 12:45:19 +00:00
parent ee551118c6
commit 36c3e07ffa
2 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sys/kern/kern_verifiedexec.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_verifiedexec.c,v 1.57 2006/07/15 20:07:36 elad Exp $ */
/* $NetBSD: kern_verifiedexec.c,v 1.58 2006/07/19 12:45:20 blymn Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad@NetBSD.org>
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.57 2006/07/15 20:07:36 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.58 2006/07/19 12:45:20 blymn Exp $");
#include "opt_verified_exec.h"
@ -612,10 +612,10 @@ veriexec_removechk(struct lwp *l, struct vnode *vp, const char *pathbuf)
* Veriexe rename policy.
*/
int
veriexec_renamechk(struct vnode *vp, const char *from, const char *to,
struct lwp *l)
veriexec_renamechk(struct vnode *vp, struct vnode *tvp, const char *from,
const char *to, struct lwp *l)
{
struct veriexec_file_entry *vfe;
struct veriexec_file_entry *vfe, *tvfe;
if (veriexec_strict >= 3) {
log(LOG_ALERT, "Veriexec: Preventing rename of `%s' to "
@ -625,7 +625,11 @@ veriexec_renamechk(struct vnode *vp, const char *from, const char *to,
}
vfe = veriexec_lookup(vp);
if (vfe != NULL) {
tvfe = NULL;
if (tvp != NULL)
tvfe = veriexec_lookup(tvp);
if ((vfe != NULL) || (tvfe != NULL)) {
if (veriexec_strict >= 2) {
log(LOG_ALERT, "Veriexec: Preventing rename of `%s' "
"to `%s', uid=%u, pid=%u: IPS mode, file "

9
sys/kern/vfs_syscalls.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_syscalls.c,v 1.253 2006/07/17 19:05:36 elad Exp $ */
/* $NetBSD: vfs_syscalls.c,v 1.254 2006/07/19 12:45:19 blymn Exp $ */
/*
* Copyright (c) 1989, 1993
@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.253 2006/07/17 19:05:36 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.254 2006/07/19 12:45:19 blymn Exp $");
#include "opt_compat_netbsd.h"
#include "opt_compat_43.h"
@ -2035,7 +2035,7 @@ restart:
goto out;
}
#endif /* VERIFIED_EXEC */
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == vp)
@ -3357,7 +3357,8 @@ rename_files(const char *from, const char *to, struct lwp *l, int retain)
#ifdef VERIFIED_EXEC
if (!error)
error = veriexec_renamechk(fvp, fromnd.ni_dirp, tond.ni_dirp, l);
error = veriexec_renamechk(fvp, tvp, fromnd.ni_dirp,
tond.ni_dirp, l);
#endif /* VERIFIED_EXEC */
out: