Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

implement a security.setid_core node as discussed on tech-kern@ and 

tech-security@.
This commit is contained in:
elad 2006-02-02 17:48:51 +00:00
parent 36bb4dfe7d
commit 4a302fa004
3 changed files with 121 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
sys/kern/init_sysctl.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: init_sysctl.c,v 1.60 2006/01/27 03:14:56 elad Exp $ */
/* $NetBSD: init_sysctl.c,v 1.61 2006/02/02 17:48:51 elad Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.60 2006/01/27 03:14:56 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.61 2006/02/02 17:48:51 elad Exp $");
#include "opt_sysv.h"
#include "opt_multiprocessor.h"
@ -74,6 +74,7 @@ __KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.60 2006/01/27 03:14:56 elad Exp $"
#define VERIEXEC_NEED_NODE
#include <sys/verified_exec.h>
#endif /* VERIFIED_EXEC */
#include <sys/stat.h>
#if defined(SYSVMSG) || defined(SYSVSEM) || defined(SYSVSHM)
#include <sys/ipc.h>
@ -92,6 +93,11 @@ __KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.60 2006/01/27 03:14:56 elad Exp $"
/* XXX this should not be here */
int security_curtain = 0;
int security_setidcore_dump;
char security_setidcore_path[MAXPATHLEN] = "/var/crash/%n.core";
uid_t security_setidcore_owner = 0;
gid_t security_setidcore_group = 0;
mode_t security_setidcore_mode = (S_IRUSR|S_IWUSR);
/*
* try over estimating by 5 procs/lwps
@ -147,6 +153,8 @@ static int sysctl_kern_file2(SYSCTLFN_PROTO);
#ifdef VERIFIED_EXEC
static int sysctl_kern_veriexec(SYSCTLFN_PROTO);
#endif
static int sysctl_security_setidcore(SYSCTLFN_PROTO);
static int sysctl_security_setidcorename(SYSCTLFN_PROTO);
static int sysctl_kern_cpid(SYSCTLFN_PROTO);
static int sysctl_doeproc(SYSCTLFN_PROTO);
static int sysctl_kern_proc_args(SYSCTLFN_PROTO);
@ -1036,6 +1044,49 @@ SYSCTL_SETUP(sysctl_security_setup, "sysctl security subtree setup")
" to users not owning them."),
NULL, 0, &security_curtain, 0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, &rnode,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "setid_core",
SYSCTL_DESCR("Set-id processes' coredump settings."),
NULL, 0, NULL, 0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "dump",
SYSCTL_DESCR("Allow set-id processes to dump core."),
sysctl_security_setidcore, 0, &security_setidcore_dump,
sizeof(security_setidcore_dump),
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_STRING, "path",
SYSCTL_DESCR("Path pattern for set-id coredumps."),
sysctl_security_setidcorename, 0,
&security_setidcore_path,
sizeof(security_setidcore_path),
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "owner",
SYSCTL_DESCR("Owner id for set-id processes' cores."),
sysctl_security_setidcore, 0, &security_setidcore_owner,
0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "group",
SYSCTL_DESCR("Group id for set-id processes' cores."),
sysctl_security_setidcore, 0, &security_setidcore_group,
0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "mode",
SYSCTL_DESCR("Mode for set-id processes' cores."),
sysctl_security_setidcore, 0, &security_setidcore_mode,
0,
CTL_CREATE, CTL_EOL);
}
/*
@ -2522,6 +2573,52 @@ sysctl_kern_veriexec(SYSCTLFN_ARGS)
}
#endif /* VERIFIED_EXEC */
static int
sysctl_security_setidcore(SYSCTLFN_ARGS)
{
int newsize, error;
struct sysctlnode node;
node = *rnode;
node.sysctl_data = &newsize;
newsize = *(int *)rnode->sysctl_data;
error = sysctl_lookup(SYSCTLFN_CALL(&node));
if (error || newp == NULL)
return error;
if (securelevel > 0)
return (EPERM);
*(int *)rnode->sysctl_data = newsize;
return 0;
}
static int
sysctl_security_setidcorename(SYSCTLFN_ARGS)
{
int error;
char newsetidcorename[MAXPATHLEN];
struct sysctlnode node;
node = *rnode;
node.sysctl_data = &newsetidcorename[0];
memcpy(node.sysctl_data, rnode->sysctl_data, MAXPATHLEN);
error = sysctl_lookup(SYSCTLFN_CALL(&node));
if (error || newp == NULL)
return (error);
if (securelevel > 0)
return (EPERM);
if (strlen(newsetidcorename) == 0)
return (EINVAL);
memcpy(rnode->sysctl_data, node.sysctl_data, MAXPATHLEN);
return (0);
}
/*
* sysctl helper routine for kern.cp_id node. maps cpus to their
* cpuids.

20
sys/kern/kern_sig.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_sig.c,v 1.213 2005/12/24 19:12:23 perry Exp $ */
/* $NetBSD: kern_sig.c,v 1.214 2006/02/02 17:48:51 elad Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1991, 1993
@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.213 2005/12/24 19:12:23 perry Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.214 2006/02/02 17:48:51 elad Exp $");
#include "opt_ktrace.h"
#include "opt_compat_sunos.h"
@ -70,6 +70,7 @@ __KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.213 2005/12/24 19:12:23 perry Exp $")
#include <sys/sa.h>
#include <sys/savar.h>
#include <sys/exec.h>
#include <sys/sysctl.h>
#include <sys/mount.h>
#include <sys/syscallargs.h>
@ -2101,9 +2102,10 @@ coredump(struct lwp *l, const char *pattern)
cred = p->p_cred->pc_ucred;
/*
* Make sure the process has not set-id, to prevent data leaks.
* Make sure the process has not set-id, to prevent data leaks,
* unless it was specifically requested to allow set-id coredumps.
*/
if (p->p_flag & P_SUGID)
if ((p->p_flag & P_SUGID) && !security_setidcore_dump)
return (EPERM);
/*
@ -2126,6 +2128,9 @@ restart:
(vp->v_mount->mnt_flag & MNT_NOCOREDUMP) != 0)
return (EPERM);
if (p->p_flag & P_SUGID && security_setidcore_dump)
pattern = security_setidcore_path;
if (pattern == NULL)
pattern = p->p_limit->pl_corename;
if ((error = build_corename(p, name, pattern, sizeof(name))) != 0)
@ -2155,6 +2160,13 @@ restart:
}
VATTR_NULL(&vattr);
vattr.va_size = 0;
if (p->p_flag & P_SUGID && security_setidcore_dump) {
vattr.va_uid = security_setidcore_owner;
vattr.va_gid = security_setidcore_group;
vattr.va_mode = security_setidcore_mode;
}
VOP_LEASE(vp, l, cred, LEASE_WRITE);
VOP_SETATTR(vp, &vattr, cred, l);
p->p_acflag |= ACORE;

7
sys/sys/sysctl.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: sysctl.h,v 1.147 2006/01/27 03:14:56 elad Exp $ */
/* $NetBSD: sysctl.h,v 1.148 2006/02/02 17:48:51 elad Exp $ */
/*
* Copyright (c) 1989, 1993
@ -909,6 +909,11 @@ extern struct sysctlnode sysctl_root;
/* XXX this should not be here */
extern int security_curtain;
extern int security_setidcore_dump;
extern char security_setidcore_path[];
extern uid_t security_setidcore_owner;
extern gid_t security_setidcore_group;
extern mode_t security_setidcore_mode;
/*
* A log of nodes created by a setup function or set of setup