Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move policies for KAUTH_PROCESS_{CANSEE,CORENAME,STOPFLAG,FORK} back to 

the subsystem.

Note: Consider killing the signal listener and sticking
      KAUTH_PROCESS_SIGNAL here as well.
This commit is contained in:
elad 2009-10-03 03:38:31 +00:00
parent e62043d705
commit 82ce55ed44
2 changed files with 94 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
sys/kern/kern_proc.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_proc.c,v 1.152 2009/05/23 18:28:06 ad Exp $ */ /* $NetBSD: kern_proc.c,v 1.153 2009/10/03 03:38:31 elad Exp $ */
/*- /*-
* Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. * Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@ -62,7 +62,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.152 2009/05/23 18:28:06 ad Exp $"); __KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.153 2009/10/03 03:38:31 elad Exp $");
#include "opt_kstack.h" #include "opt_kstack.h"
#include "opt_maxuprc.h" #include "opt_maxuprc.h"
@ -235,6 +235,80 @@ static specificdata_domain_t proc_specificdata_domain;
static pool_cache_t proc_cache; static pool_cache_t proc_cache;
static kauth_listener_t proc_listener;
static int
proc_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
void *arg0, void *arg1, void *arg2, void *arg3)
{
struct proc *p;
int result;
result = KAUTH_RESULT_DEFER;
p = arg0;
switch (action) {
case KAUTH_PROCESS_CANSEE: {
enum kauth_process_req req;
req = (enum kauth_process_req)arg1;
switch (req) {
case KAUTH_REQ_PROCESS_CANSEE_ARGS:
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
result = KAUTH_RESULT_ALLOW;
break;
case KAUTH_REQ_PROCESS_CANSEE_ENV:
if (kauth_cred_getuid(cred) !=
kauth_cred_getuid(p->p_cred) ||
kauth_cred_getuid(cred) !=
kauth_cred_getsvuid(p->p_cred))
break;
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}
break;
}
case KAUTH_PROCESS_FORK: {
int lnprocs = (int)(unsigned long)arg2;
/*
* Don't allow a nonprivileged user to use the last few
* processes. The variable lnprocs is the current number of
* processes, maxproc is the limit.
*/
if (__predict_false((lnprocs >= maxproc - 5)))
break;
result = KAUTH_RESULT_ALLOW;
break;
}
case KAUTH_PROCESS_CORENAME:
case KAUTH_PROCESS_STOPFLAG:
if (proc_uidmatch(cred, p->p_cred) == 0)
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}
return result;
}
/* /*
* Initialize global process hashing structures. * Initialize global process hashing structures.
*/ */
@ -272,6 +346,9 @@ procinit(void)
proc_cache = pool_cache_init(sizeof(struct proc), 0, 0, 0, proc_cache = pool_cache_init(sizeof(struct proc), 0, 0, 0,
"procpl", NULL, IPL_NONE, NULL, NULL, NULL); "procpl", NULL, IPL_NONE, NULL, NULL, NULL);
proc_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
proc_listener_cb, NULL);
} }
/* /*

56
sys/secmodel/suser/secmodel_suser.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: secmodel_suser.c,v 1.24 2009/10/03 03:02:55 elad Exp $ */ /* $NetBSD: secmodel_suser.c,v 1.25 2009/10/03 03:38:31 elad Exp $ */
/*- /*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* All rights reserved. * All rights reserved.
@ -38,7 +38,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.24 2009/10/03 03:02:55 elad Exp $"); __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.25 2009/10/03 03:38:31 elad Exp $");
#include <sys/types.h> #include <sys/types.h>
#include <sys/param.h> #include <sys/param.h>
@ -496,6 +496,9 @@ secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
case KAUTH_PROCESS_SETID: case KAUTH_PROCESS_SETID:
case KAUTH_PROCESS_KEVENT_FILTER: case KAUTH_PROCESS_KEVENT_FILTER:
case KAUTH_PROCESS_NICE: case KAUTH_PROCESS_NICE:
case KAUTH_PROCESS_FORK:
case KAUTH_PROCESS_CORENAME:
case KAUTH_PROCESS_STOPFLAG:
if (isroot) if (isroot)
result = KAUTH_RESULT_ALLOW; result = KAUTH_RESULT_ALLOW;
@ -510,20 +513,20 @@ secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
case KAUTH_REQ_PROCESS_CANSEE_ARGS: case KAUTH_REQ_PROCESS_CANSEE_ARGS:
case KAUTH_REQ_PROCESS_CANSEE_ENTRY: case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
if (!secmodel_suser_curtain) if (isroot) {
result = KAUTH_RESULT_ALLOW;
else if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
result = KAUTH_RESULT_ALLOW; result = KAUTH_RESULT_ALLOW;
break;
}
if (secmodel_suser_curtain) {
if (kauth_cred_uidmatch(cred, p->p_cred) != 0)
result = KAUTH_RESULT_DENY;
}
break; break;
case KAUTH_REQ_PROCESS_CANSEE_ENV: case KAUTH_REQ_PROCESS_CANSEE_ENV:
if (!isroot && if (isroot)
(kauth_cred_getuid(cred) !=
kauth_cred_getuid(p->p_cred) ||
kauth_cred_getuid(cred) !=
kauth_cred_getsvuid(p->p_cred)))
break;
else
result = KAUTH_RESULT_ALLOW; result = KAUTH_RESULT_ALLOW;
break; break;
@ -535,28 +538,6 @@ secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
break; break;
} }
case KAUTH_PROCESS_CORENAME:
if (isroot || proc_uidmatch(cred, p->p_cred) == 0)
result = KAUTH_RESULT_ALLOW;
break;
case KAUTH_PROCESS_FORK: {
int lnprocs = (int)(unsigned long)arg2;
/*
* Don't allow a nonprivileged user to use the last few
* processes. The variable lnprocs is the current number of
* processes, maxproc is the limit.
*/
if (__predict_false((lnprocs >= maxproc - 5) && !isroot))
break;
else
result = KAUTH_RESULT_ALLOW;
break;
}
case KAUTH_PROCESS_RLIMIT: { case KAUTH_PROCESS_RLIMIT: {
enum kauth_process_req req; enum kauth_process_req req;
@ -577,13 +558,6 @@ secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
break; break;
} }
case KAUTH_PROCESS_STOPFLAG:
if (isroot || proc_uidmatch(cred, p->p_cred) == 0) {
result = KAUTH_RESULT_ALLOW;
break;
}
break;
default: default:
break; break;
} }