summaryrefslogtreecommitdiffstats
path: root/sys/compat
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-08-15 20:55:08 +0000
committerrwatson <rwatson@FreeBSD.org>2002-08-15 20:55:08 +0000
commit44404e4547aee87b255582d4e6395551869e29b1 (patch)
tree09f20587d6bc57d661c96f87771a6081e65d834f /sys/compat
parent54a3d67ad2855b152e05f56266188e6214dbcfa1 (diff)
downloadFreeBSD-src-44404e4547aee87b255582d4e6395551869e29b1.zip
FreeBSD-src-44404e4547aee87b255582d4e6395551869e29b1.tar.gz
In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating to file read and write operations to cliarfy which credential is used for what: - Change fo_read() and fo_write() to accept "active_cred" instead of "cred", and change the semantics of consumers of fo_read() and fo_write() to pass the active credential of the thread requesting an operation rather than the cached file cred. The cached file cred is still available in fo_read() and fo_write() consumers via fp->f_cred. These changes largely in sys_generic.c. For each implementation of fo_read() and fo_write(), update cred usage to reflect this change and maintain current semantics: - badfo_readwrite() unchanged - kqueue_read/write() unchanged pipe_read/write() now authorize MAC using active_cred rather than td->td_ucred - soo_read/write() unchanged - vn_read/write() now authorize MAC using active_cred but VOP_READ/WRITE() with fp->f_cred Modify vn_rdwr() to accept two credential arguments instead of a single credential: active_cred and file_cred. Use active_cred for MAC authorization, and select a credential for use in VOP_READ/WRITE() based on whether file_cred is NULL or not. If file_cred is provided, authorize the VOP using that cred, otherwise the active credential, matching current semantics. Modify current vn_rdwr() consumers to pass a file_cred if used in the context of a struct file, and to always pass active_cred. When vn_rdwr() is used without a file_cred, pass NOCRED. These changes should maintain current semantics for read/write, but avoid a redundant passing of fp->f_cred, as well as making it more clear what the origin of each credential is in file descriptor read/write operations. Follow-up commits will make similar changes to other file descriptor operations, and modify the MAC framework to pass both credentials to MAC policy modules so they can implement either semantic for revocation. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/compat')
-rw-r--r--sys/compat/pecoff/imgact_pecoff.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/compat/pecoff/imgact_pecoff.c b/sys/compat/pecoff/imgact_pecoff.c
index f7b540c..66d0d7f 100644
--- a/sys/compat/pecoff/imgact_pecoff.c
+++ b/sys/compat/pecoff/imgact_pecoff.c
@@ -192,14 +192,14 @@ pecoff_coredump(register struct thread * td, register struct vnode * vp,
error = vn_rdwr_inchunks(UIO_WRITE, vp, vm->vm_daddr,
(int)ctob(vm->vm_dsize),
(off_t)ctob((UAREA_PAGES+KSTACK_PAGES)),
- UIO_USERSPACE, IO_UNIT, cred, (int *)NULL, td);
+ UIO_USERSPACE, IO_UNIT, cred, NOCRED, (int *)NULL, td);
if (error == 0)
error = vn_rdwr_inchunks(UIO_WRITE, vp,
(caddr_t)trunc_page(USRSTACK - ctob(vm->vm_ssize)),
round_page(ctob(vm->vm_ssize)),
(off_t)ctob((UAREA_PAGES+KSTACK_PAGES)) +
ctob(vm->vm_dsize),
- UIO_USERSPACE, IO_UNIT, cred, (int *)NULL, td);
+ UIO_USERSPACE, IO_UNIT, cred, NOCRED, (int *)NULL, td);
return (error);
}
@@ -608,7 +608,7 @@ pecoff_read_from(td, vp, pos, buf, siz)
size_t resid;
error = vn_rdwr(UIO_READ, vp, buf, siz, pos,
- UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred,
+ UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
&resid, td);
if (error)
return error;
OpenPOWER on IntegriCloud