effcf1af5c
check_console, veriexecclose, veriexec_delete, veriexec_file_add, emul_find_root, coff_load_shlib (sh3 version), coff_load_shlib, compat_20_sys_statfs, compat_20_netbsd32_statfs, ELFNAME2(netbsd32,probe_noteless), darwin_sys_statfs, ibcs2_sys_statfs, ibcs2_sys_statvfs, linux_sys_uselib, osf1_sys_statfs, sunos_sys_statfs, sunos32_sys_statfs, ultrix_sys_statfs, do_sys_mount, fss_create_files (3 of 4), adosfs_mount, cd9660_mount, coda_ioctl, coda_mount, ext2fs_mount, ffs_mount, filecore_mount, hfs_mount, lfs_mount, msdosfs_mount, ntfs_mount, sysvbfs_mount, udf_mount, union_mount, sys_chflags, sys_lchflags, sys_chmod, sys_lchmod, sys_chown, sys_lchown, sys___posix_chown, sys___posix_lchown, sys_link, do_sys_pstatvfs, sys_quotactl, sys_revoke, sys_truncate, do_sys_utimes, sys_extattrctl, sys_extattr_set_file, sys_extattr_set_link, sys_extattr_get_file, sys_extattr_get_link, sys_extattr_delete_file, sys_extattr_delete_link, sys_extattr_list_file, sys_extattr_list_link, sys_setxattr, sys_lsetxattr, sys_getxattr, sys_lgetxattr, sys_listxattr, sys_llistxattr, sys_removexattr, sys_lremovexattr All have been scrutinized (several times, in fact) and compile-tested, but not all have been explicitly tested in action. XXX: While I haven't (intentionally) changed the use or nonuse of XXX: TRYEMULROOT in any of these places, I'm not convinced all the XXX: uses are correct; an audit might be desirable.
306 lines
6.7 KiB
C
306 lines
6.7 KiB
C
/* $NetBSD: verified_exec.c,v 1.66 2009/06/29 05:08:17 dholland Exp $ */
|
|
|
|
/*-
|
|
* Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
|
|
* Copyright (c) 2005, 2006 Brett Lymn <blymn@NetBSD.org>
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. The name of the authors may not be used to endorse or promote products
|
|
* derived from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <sys/cdefs.h>
|
|
__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.66 2009/06/29 05:08:17 dholland Exp $");
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/errno.h>
|
|
#include <sys/conf.h>
|
|
#include <sys/vnode.h>
|
|
#include <sys/fcntl.h>
|
|
#include <sys/namei.h>
|
|
#include <sys/verified_exec.h>
|
|
#include <sys/kauth.h>
|
|
#include <sys/syslog.h>
|
|
#include <sys/proc.h>
|
|
|
|
#ifdef __FreeBSD__
|
|
#include <sys/kernel.h>
|
|
#include <sys/device_port.h>
|
|
#include <sys/ioccom.h>
|
|
#else
|
|
#include <sys/ioctl.h>
|
|
#include <sys/device.h>
|
|
#define DEVPORT_DEVICE struct device
|
|
#endif
|
|
|
|
#include <prop/proplib.h>
|
|
|
|
void veriexecattach(device_t, device_t, void *);
|
|
static dev_type_open(veriexecopen);
|
|
static dev_type_close(veriexecclose);
|
|
static dev_type_ioctl(veriexecioctl);
|
|
|
|
struct veriexec_softc {
|
|
DEVPORT_DEVICE veriexec_dev;
|
|
};
|
|
|
|
#if defined(__FreeBSD__)
|
|
# define CDEV_MAJOR 216
|
|
# define BDEV_MAJOR -1
|
|
#endif
|
|
|
|
const struct cdevsw veriexec_cdevsw = {
|
|
veriexecopen,
|
|
veriexecclose,
|
|
noread,
|
|
nowrite,
|
|
veriexecioctl,
|
|
#ifdef __NetBSD__
|
|
nostop,
|
|
notty,
|
|
#endif
|
|
nopoll,
|
|
nommap,
|
|
#if defined(__NetBSD__)
|
|
nokqfilter,
|
|
D_OTHER,
|
|
#elif defined(__FreeBSD__)
|
|
nostrategy,
|
|
"veriexec",
|
|
CDEV_MAJOR,
|
|
nodump,
|
|
nopsize,
|
|
0, /* flags */
|
|
BDEV_MAJOR
|
|
#endif
|
|
};
|
|
|
|
/* count of number of times device is open (we really only allow one open) */
|
|
static unsigned int veriexec_dev_usage = 0;
|
|
|
|
void
|
|
veriexecattach(DEVPORT_DEVICE *parent, DEVPORT_DEVICE *self, void *aux)
|
|
{
|
|
veriexec_dev_usage = 0;
|
|
}
|
|
|
|
static int
|
|
veriexecopen(dev_t dev, int flags, int fmt, struct lwp *l)
|
|
{
|
|
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL))
|
|
return (EPERM);
|
|
|
|
if (veriexec_dev_usage > 0)
|
|
return(EBUSY);
|
|
|
|
veriexec_dev_usage++;
|
|
return (0);
|
|
}
|
|
|
|
static int
|
|
veriexecclose(dev_t dev, int flags, int fmt, struct lwp *l)
|
|
{
|
|
if (veriexec_dev_usage > 0)
|
|
veriexec_dev_usage--;
|
|
return (0);
|
|
}
|
|
|
|
static int
|
|
veriexec_delete(prop_dictionary_t dict, struct lwp *l)
|
|
{
|
|
struct vnode *vp;
|
|
const char *file;
|
|
int error;
|
|
|
|
if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file))
|
|
return (EINVAL);
|
|
|
|
error = namei_simple_kernel(file, NSM_FOLLOW_NOEMULROOT, &vp);
|
|
if (error)
|
|
return (error);
|
|
|
|
/* XXX this should be done differently... */
|
|
if (vp->v_type == VREG)
|
|
error = veriexec_file_delete(l, vp);
|
|
else if (vp->v_type == VDIR)
|
|
error = veriexec_table_delete(l, vp->v_mount);
|
|
|
|
vrele(vp);
|
|
|
|
return (error);
|
|
}
|
|
|
|
static int
|
|
veriexec_query(prop_dictionary_t dict, prop_dictionary_t rdict, struct lwp *l)
|
|
{
|
|
struct vnode *vp;
|
|
const char *file;
|
|
int error;
|
|
|
|
if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file))
|
|
return (EINVAL);
|
|
|
|
error = namei_simple_kernel(file, NSM_FOLLOW_NOEMULROOT, &vp);
|
|
if (error)
|
|
return (error);
|
|
|
|
error = veriexec_convert(vp, rdict);
|
|
|
|
vrele(vp);
|
|
|
|
return (error);
|
|
}
|
|
|
|
int
|
|
veriexecioctl(dev_t dev, u_long cmd, void *data, int flags, struct lwp *l)
|
|
{
|
|
extern int veriexec_strict;
|
|
struct plistref *plistref;
|
|
prop_dictionary_t dict;
|
|
int error = 0;
|
|
|
|
/* XXX This should be replaced with a kauth(9) request. */
|
|
switch (cmd) {
|
|
case VERIEXEC_TABLESIZE:
|
|
case VERIEXEC_LOAD:
|
|
case VERIEXEC_DELETE:
|
|
case VERIEXEC_FLUSH:
|
|
if (!(flags & FWRITE))
|
|
return (EPERM);
|
|
|
|
if (veriexec_strict > VERIEXEC_LEARNING) {
|
|
log(LOG_WARNING, "Veriexec: Strict mode, modifying "
|
|
"tables not permitted.\n");
|
|
|
|
return (EPERM);
|
|
}
|
|
|
|
break;
|
|
|
|
case VERIEXEC_QUERY:
|
|
case VERIEXEC_DUMP:
|
|
if (!(flags & FREAD))
|
|
return (EPERM);
|
|
|
|
break;
|
|
|
|
default:
|
|
/* Invalid operation. */
|
|
return (ENODEV);
|
|
}
|
|
|
|
plistref = (struct plistref *)data;
|
|
|
|
switch (cmd) {
|
|
case VERIEXEC_TABLESIZE:
|
|
/* Do nothing. Kept for binary compatibility. */
|
|
break;
|
|
|
|
case VERIEXEC_LOAD:
|
|
error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
|
|
if (error)
|
|
break;
|
|
|
|
error = veriexec_file_add(l, dict);
|
|
prop_object_release(dict);
|
|
break;
|
|
|
|
case VERIEXEC_DELETE:
|
|
error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
|
|
if (error)
|
|
break;
|
|
|
|
error = veriexec_delete(dict, l);
|
|
prop_object_release(dict);
|
|
break;
|
|
|
|
case VERIEXEC_QUERY: {
|
|
prop_dictionary_t rdict;
|
|
|
|
error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
|
|
if (error)
|
|
return (error);
|
|
|
|
rdict = prop_dictionary_create();
|
|
if (rdict == NULL) {
|
|
prop_object_release(dict);
|
|
error = ENOMEM;
|
|
break;
|
|
}
|
|
|
|
error = veriexec_query(dict, rdict, l);
|
|
if (error == 0) {
|
|
error = prop_dictionary_copyout_ioctl(plistref, cmd,
|
|
rdict);
|
|
}
|
|
|
|
prop_object_release(rdict);
|
|
prop_object_release(dict);
|
|
|
|
break;
|
|
}
|
|
|
|
case VERIEXEC_DUMP: {
|
|
prop_array_t rarray;
|
|
|
|
rarray = prop_array_create();
|
|
if (rarray == NULL) {
|
|
error = ENOMEM;
|
|
break;
|
|
}
|
|
|
|
error = veriexec_dump(l, rarray);
|
|
if (error == 0) {
|
|
error = prop_array_copyout_ioctl(plistref, cmd,
|
|
rarray);
|
|
}
|
|
|
|
prop_object_release(rarray);
|
|
|
|
break;
|
|
}
|
|
|
|
case VERIEXEC_FLUSH:
|
|
error = veriexec_flush(l);
|
|
break;
|
|
|
|
default:
|
|
/* Invalid operation. */
|
|
error = ENODEV;
|
|
break;
|
|
}
|
|
|
|
return (error);
|
|
}
|
|
|
|
#if defined(__FreeBSD__)
|
|
static void
|
|
veriexec_drvinit(void *unused)
|
|
{
|
|
make_dev(&verifiedexec_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600,
|
|
"veriexec");
|
|
verifiedexecattach(0, 0, 0);
|
|
}
|
|
|
|
SYSINIT(veriexec, SI_SUB_PSEUDO, SI_ORDER_ANY, veriexec_drvinit, NULL);
|
|
#endif
|