diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-06-30 07:55:19 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-06-30 07:55:19 +0000 |
commit | b83ccf3fae10b911f3b875f37b8c1c800b44ba09 (patch) | |
tree | 3de64e84b916e240f5aa00b88f0dc15d87dc1b5b | |
parent | 9758e66106cb5332751bd0751069c99474c64ea5 (diff) | |
download | FreeBSD-src-b83ccf3fae10b911f3b875f37b8c1c800b44ba09.zip FreeBSD-src-b83ccf3fae10b911f3b875f37b8c1c800b44ba09.tar.gz |
o Unfold p31b_proc() into the individual posix4 system calls so as to
allow call-specific authorization.
o Modify the authorization model so that p_can() is used to check
scheduling get/set events, using P_CAN_SEE for gets, and P_CAN_SCHED
for sets. This brings the checks in line with get/setpriority().
Obtained from: TrustedBSD Project
-rw-r--r-- | sys/kern/p1003_1b.c | 126 | ||||
-rw-r--r-- | sys/posix4/p1003_1b.c | 126 |
2 files changed, 120 insertions, 132 deletions
diff --git a/sys/kern/p1003_1b.c b/sys/kern/p1003_1b.c index 4f7d339..5b9bee0 100644 --- a/sys/kern/p1003_1b.c +++ b/sys/kern/p1003_1b.c @@ -51,67 +51,6 @@ MALLOC_DEFINE(M_P31B, "p1003.1b", "Posix 1003.1B"); -/* p31b_proc: Return a proc struct corresponding to a pid to operate on. - * - * Enforce permission policy. - * - * The policy is the same as for sending signals except there - * is no notion of process groups. - * - * pid == 0 means my process. - * - * This is disabled until I've got a permission gate in again: - * only root can do this. - */ - -#if 0 -/* - * This is stolen from CANSIGNAL in kern_sig: - * - * Can process with credential cr1 do "write flavor" operations to credential - * cr2. This check needs to use generalized checks. - */ -#define CAN_AFFECT(cr1, cr2) \ - (!suser_xxx(cr1, NULL, PRISON_ROOT) || \ - (c1)->cr_ruid == (cr2)->cr_ruid || \ - (c1)->cr_uid == (cr2)->cr_ruid || \ - (c1)->cr_ruid == (cr2)->cr_uid || \ - (c1)->cr_uid == (cr2)->cr_uid) -#else -#define CAN_AFFECT(cr1, cr2) (!suser_xxx(cr1, NULL, PRISON_ROOT)) -#endif - -/* - * p31b_proc: Look up a proc from a PID. If proc is 0 it is - * my own proc. - */ -int p31b_proc(struct proc *p, pid_t pid, struct proc **pp) -{ - int ret = 0; - struct proc *other_proc = 0; - - if (pid == 0) { - other_proc = p; - PROC_LOCK(p); - } else - other_proc = pfind(pid); - - if (other_proc) - { - /* Enforce permission policy. - */ - if (CAN_AFFECT(p->p_ucred, other_proc->p_ucred)) - *pp = other_proc; - else - ret = EPERM; - PROC_UNLOCK(other_proc); - } - else - ret = ESRCH; - - return ret; -} - /* The system calls return ENOSYS if an entry is called that is * not run-time supported. I am also logging since some programs * start to use this when they shouldn't. That will be removed if annoying. @@ -174,9 +113,20 @@ int sched_setparam(struct proc *p, if (e) return (e); - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SCHED, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_setparam(&p->p_retval[0], ksched, targetp, (const struct sched_param *)&sched_param); return (e); @@ -189,9 +139,20 @@ int sched_getparam(struct proc *p, struct sched_param sched_param; struct proc *targetp; - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SEE, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_getparam(&p->p_retval[0], ksched, targetp, &sched_param); if (e) return (e); @@ -210,9 +171,20 @@ int sched_setscheduler(struct proc *p, if (e) return (e); - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SCHED, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_setscheduler(&p->p_retval[0], ksched, targetp, uap->policy, (const struct sched_param *)&sched_param); @@ -224,9 +196,20 @@ int sched_getscheduler(struct proc *p, int e; struct proc *targetp; - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SEE, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_getscheduler(&p->p_retval[0], ksched, targetp); return (e); @@ -254,9 +237,20 @@ int sched_rr_get_interval(struct proc *p, int e; struct proc *targetp; - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SEE, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_rr_get_interval(&p->p_retval[0], ksched, targetp, uap->interval); diff --git a/sys/posix4/p1003_1b.c b/sys/posix4/p1003_1b.c index 4f7d339..5b9bee0 100644 --- a/sys/posix4/p1003_1b.c +++ b/sys/posix4/p1003_1b.c @@ -51,67 +51,6 @@ MALLOC_DEFINE(M_P31B, "p1003.1b", "Posix 1003.1B"); -/* p31b_proc: Return a proc struct corresponding to a pid to operate on. - * - * Enforce permission policy. - * - * The policy is the same as for sending signals except there - * is no notion of process groups. - * - * pid == 0 means my process. - * - * This is disabled until I've got a permission gate in again: - * only root can do this. - */ - -#if 0 -/* - * This is stolen from CANSIGNAL in kern_sig: - * - * Can process with credential cr1 do "write flavor" operations to credential - * cr2. This check needs to use generalized checks. - */ -#define CAN_AFFECT(cr1, cr2) \ - (!suser_xxx(cr1, NULL, PRISON_ROOT) || \ - (c1)->cr_ruid == (cr2)->cr_ruid || \ - (c1)->cr_uid == (cr2)->cr_ruid || \ - (c1)->cr_ruid == (cr2)->cr_uid || \ - (c1)->cr_uid == (cr2)->cr_uid) -#else -#define CAN_AFFECT(cr1, cr2) (!suser_xxx(cr1, NULL, PRISON_ROOT)) -#endif - -/* - * p31b_proc: Look up a proc from a PID. If proc is 0 it is - * my own proc. - */ -int p31b_proc(struct proc *p, pid_t pid, struct proc **pp) -{ - int ret = 0; - struct proc *other_proc = 0; - - if (pid == 0) { - other_proc = p; - PROC_LOCK(p); - } else - other_proc = pfind(pid); - - if (other_proc) - { - /* Enforce permission policy. - */ - if (CAN_AFFECT(p->p_ucred, other_proc->p_ucred)) - *pp = other_proc; - else - ret = EPERM; - PROC_UNLOCK(other_proc); - } - else - ret = ESRCH; - - return ret; -} - /* The system calls return ENOSYS if an entry is called that is * not run-time supported. I am also logging since some programs * start to use this when they shouldn't. That will be removed if annoying. @@ -174,9 +113,20 @@ int sched_setparam(struct proc *p, if (e) return (e); - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SCHED, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_setparam(&p->p_retval[0], ksched, targetp, (const struct sched_param *)&sched_param); return (e); @@ -189,9 +139,20 @@ int sched_getparam(struct proc *p, struct sched_param sched_param; struct proc *targetp; - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SEE, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_getparam(&p->p_retval[0], ksched, targetp, &sched_param); if (e) return (e); @@ -210,9 +171,20 @@ int sched_setscheduler(struct proc *p, if (e) return (e); - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SCHED, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_setscheduler(&p->p_retval[0], ksched, targetp, uap->policy, (const struct sched_param *)&sched_param); @@ -224,9 +196,20 @@ int sched_getscheduler(struct proc *p, int e; struct proc *targetp; - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SEE, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_getscheduler(&p->p_retval[0], ksched, targetp); return (e); @@ -254,9 +237,20 @@ int sched_rr_get_interval(struct proc *p, int e; struct proc *targetp; - e = p31b_proc(p, uap->pid, &targetp); + if (uap->pid == 0) { + targetp = p; + PROC_LOCK(targetp); + } else { + targetp = pfind(uap->pid); + if (targetp == NULL) + return (ESRCH); + } + + e = p_can(p, targetp, P_CAN_SEE, NULL); + PROC_UNLOCK(targetp); if (e) return (e); + e = ksched_rr_get_interval(&p->p_retval[0], ksched, targetp, uap->interval); |