diff options
| author | rwatson <rwatson@FreeBSD.org> | 2000-06-04 04:28:31 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2000-06-04 04:28:31 +0000 |
| commit | e08a87a21b5ed1bf4a066c22e2928b92fe31e4af (patch) | |
| tree | c6932963e6e68891531394b83370c1f675af2c8a | |
| parent | aa01bf29bde9e8389bb998fc87d752c6a2cfb018 (diff) | |
| download | FreeBSD-src-e08a87a21b5ed1bf4a066c22e2928b92fe31e4af.zip FreeBSD-src-e08a87a21b5ed1bf4a066c22e2928b92fe31e4af.tar.gz | |
o Modify jail to limit creation of sockets to UNIX domain sockets,
TCP/IP (v4) sockets, and routing sockets. Previously, interaction
with IPv6 was not well-defined, and might be inappropriate for some
environments. Similarly, sysctl MIB entries providing interface
information also give out only addresses from those protocol domains.
For the time being, this functionality is enabled by default, and
toggleable using the sysctl variable jail.socket_unixiproute_only.
In the future, protocol domains will be able to determine whether or
not they are ``jail aware''.
o Further limitations on process use of getpriority() and setpriority()
by jailed processes. Addresses problem described in kern/17878.
Reviewed by: phk, jmg
| -rw-r--r-- | sys/kern/kern_jail.c | 9 | ||||
| -rw-r--r-- | sys/kern/kern_resource.c | 18 | ||||
| -rw-r--r-- | sys/kern/uipc_socket.c | 9 | ||||
| -rw-r--r-- | sys/sys/jail.h | 1 |
4 files changed, 31 insertions, 6 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 90c9aa8..af18a5e 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -34,6 +34,11 @@ SYSCTL_INT(_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW, &jail_set_hostname_allowed, 0, "Processes in jail can set their hostnames"); +int jail_socket_unixiproute_only = 1; +SYSCTL_INT(_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW, + &jail_socket_unixiproute_only, 0, + "Processes in jail are limited to creating UNIX/IPv4/route sockets only"); + int jail(p, uap) struct proc *p; @@ -126,7 +131,9 @@ prison_if(struct proc *p, struct sockaddr *sa) struct sockaddr_in *sai = (struct sockaddr_in*) sa; int ok; - if (sai->sin_family != AF_INET) + if ((sai->sin_family != AF_INET) && jail_socket_unixiproute_only) + ok = 1; + else if (sai->sin_family != AF_INET) ok = 0; else if (p->p_prison->pr_ip != ntohl(sai->sin_addr.s_addr)) ok = 1; diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index 2c6478d..11039ad 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -88,6 +88,8 @@ getpriority(curp, uap) p = pfind(uap->who); if (p == 0) break; + if (!PRISON_CHECK(curp, p)) + break; low = p->p_nice; break; @@ -99,7 +101,7 @@ getpriority(curp, uap) else if ((pg = pgfind(uap->who)) == NULL) break; LIST_FOREACH(p, &pg->pg_members, p_pglist) { - if (p->p_nice < low) + if ((PRISON_CHECK(curp, p) && p->p_nice < low)) low = p->p_nice; } break; @@ -109,7 +111,8 @@ getpriority(curp, uap) if (uap->who == 0) uap->who = curp->p_ucred->cr_uid; LIST_FOREACH(p, &allproc, p_list) - if (p->p_ucred->cr_uid == uap->who && + if (PRISON_CHECK(curp, p) && + p->p_ucred->cr_uid == uap->who && p->p_nice < low) low = p->p_nice; break; @@ -148,6 +151,8 @@ setpriority(curp, uap) p = pfind(uap->who); if (p == 0) break; + if (!PRISON_CHECK(curp, p)) + break; error = donice(curp, p, uap->prio); found++; break; @@ -160,8 +165,10 @@ setpriority(curp, uap) else if ((pg = pgfind(uap->who)) == NULL) break; LIST_FOREACH(p, &pg->pg_members, p_pglist) { - error = donice(curp, p, uap->prio); - found++; + if (PRISON_CHECK(curp, p)) { + error = donice(curp, p, uap->prio); + found++; + } } break; } @@ -170,7 +177,8 @@ setpriority(curp, uap) if (uap->who == 0) uap->who = curp->p_ucred->cr_uid; LIST_FOREACH(p, &allproc, p_list) - if (p->p_ucred->cr_uid == uap->who) { + if (p->p_ucred->cr_uid == uap->who && + PRISON_CHECK(curp, p)) { error = donice(curp, p, uap->prio); found++; } diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 76495e1..7313811 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -53,6 +53,7 @@ #include <sys/signalvar.h> #include <sys/sysctl.h> #include <sys/uio.h> +#include <sys/jail.h> #include <vm/vm_zone.h> #include <machine/limits.h> @@ -133,6 +134,14 @@ socreate(dom, aso, type, proto, p) prp = pffindproto(dom, proto, type); else prp = pffindtype(dom, type); + + if (p->p_prison && jail_socket_unixiproute_only && + prp->pr_domain->dom_family != PF_LOCAL && + prp->pr_domain->dom_family != PF_INET && + prp->pr_domain->dom_family != PF_ROUTE) { + return (EPROTONOSUPPORT); + } + if (prp == 0 || prp->pr_usrreqs->pru_attach == 0) return (EPROTONOSUPPORT); if (prp->pr_type != type) diff --git a/sys/sys/jail.h b/sys/sys/jail.h index a9e9861..0d07b6c 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -47,6 +47,7 @@ struct prison { * Sysctl-set variables that determine global jail policy */ extern int jail_set_hostname_allowed; +extern int jail_socket_unixiproute_only; #endif /* !_KERNEL */ #endif /* !_SYS_JAIL_H_ */ |
