diff options
| author | des <des@FreeBSD.org> | 2001-10-01 04:22:20 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2001-10-01 04:22:20 +0000 |
| commit | e1b05f5687fbe0556cfab55517800169bc5da426 (patch) | |
| tree | 62268de8821a9da6754d96e01ebfdc5653ef7674 /sys/fs/pseudofs/pseudofs.h | |
| parent | d6dca2e412b6f853bdfed2ddcf74bd5d060e8d67 (diff) | |
| download | FreeBSD-src-e1b05f5687fbe0556cfab55517800169bc5da426.zip FreeBSD-src-e1b05f5687fbe0556cfab55517800169bc5da426.tar.gz | |
YA pseudofs megacommit, part 1:
- Add a third callback to the pfs_node structure. This one simply returns
non-zero if the specified requesting process is allowed to access the
specified node for the specified target process. This is used in
addition to the usual permission checks, e.g. when certain files don't
make sense for certain (system) processes.
- Make sure that pfs_lookup() and pfs_readdir() don't yap about files
which aren't pfs_visible(). Also check pfs_visible() before performing
reads and writes, to prevent the kind of races reported in SA-00:77 and
SA-01:55 (fork a child, open /proc/child/ctl, have that child fork a
setuid binary, and assume control of it).
- Add some more trace points.
Diffstat (limited to 'sys/fs/pseudofs/pseudofs.h')
| -rw-r--r-- | sys/fs/pseudofs/pseudofs.h | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/sys/fs/pseudofs/pseudofs.h b/sys/fs/pseudofs/pseudofs.h index 8bff258..e925d92 100644 --- a/sys/fs/pseudofs/pseudofs.h +++ b/sys/fs/pseudofs/pseudofs.h @@ -89,6 +89,15 @@ typedef int (*pfs_attr_t)(PFS_ATTR_ARGS); struct pfs_bitmap; /* opaque */ /* + * Visibility callback + */ +#define PFS_VIS_ARGS \ + struct thread *td, struct proc *p, struct pfs_node *pn +#define PFS_VIS_PROTO(name) \ + int name(PFS_VIS_ARGS); +typedef int (*pfs_vis_t)(PFS_VIS_ARGS); + +/* * pfs_info: describes a pseudofs instance */ struct pfs_info { @@ -114,6 +123,7 @@ struct pfs_node { #define pn_func u1._pn_func #define pn_nodes u1._pn_nodes pfs_attr_t pn_attr; + pfs_vis_t pn_vis; void *pn_data; int pn_flags; /* members below this line aren't initialized */ @@ -121,24 +131,24 @@ struct pfs_node { u_int32_t pn_fileno; }; -#define PFS_NODE(name, type, fill, attr, data, flags) \ - { (name), (type), { (fill) }, (attr), (data), (flags) } -#define PFS_DIR(name, nodes, attr, data, flags) \ - PFS_NODE(name, pfstype_dir, nodes, attr, data, flags) +#define PFS_NODE(name, type, fill, attr, vis, data, flags) \ + { (name), (type), { (fill) }, (attr), (vis), (data), (flags) } +#define PFS_DIR(name, nodes, attr, vis, data, flags) \ + PFS_NODE(name, pfstype_dir, nodes, attr, vis, data, flags) #define PFS_ROOT(nodes) \ - PFS_NODE("/", pfstype_root, nodes, NULL, NULL, 0) + PFS_NODE("/", pfstype_root, nodes, NULL, NULL, NULL, 0) #define PFS_THIS \ - PFS_NODE(".", pfstype_this, NULL, NULL, NULL, 0) + PFS_NODE(".", pfstype_this, NULL, NULL, NULL, NULL, 0) #define PFS_PARENT \ - PFS_NODE("..", pfstype_parent, NULL, NULL, NULL, 0) -#define PFS_FILE(name, func, attr, data, flags) \ - PFS_NODE(name, pfstype_file, func, attr, data, flags) -#define PFS_SYMLINK(name, func, attr, data, flags) \ - PFS_NODE(name, pfstype_symlink, func, attr, data, flags) -#define PFS_PROCDIR(nodes, attr, data, flags) \ - PFS_NODE("", pfstype_procdir, nodes, attr, data, flags) + PFS_NODE("..", pfstype_parent, NULL, NULL, NULL, NULL, 0) +#define PFS_FILE(name, func, attr, vis, data, flags) \ + PFS_NODE(name, pfstype_file, func, attr, vis, data, flags) +#define PFS_SYMLINK(name, func, attr, vis, data, flags) \ + PFS_NODE(name, pfstype_symlink, func, attr, vis, data, flags) +#define PFS_PROCDIR(nodes, attr, vis, data, flags) \ + PFS_NODE("", pfstype_procdir, nodes, attr, vis, data, flags) #define PFS_LASTNODE \ - PFS_NODE("", pfstype_none, NULL, NULL, NULL, 0) + PFS_NODE("", pfstype_none, NULL, NULL, NULL, NULL, 0) /* * VFS interface |
