diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-01 14:31:58 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-01 14:31:58 +0000 |
commit | d267bbc6cae03d2263872111708186e38133343e (patch) | |
tree | 439d8849baf98bb2272fec17d9f9f573c3116064 /sys/kern/kern_exec.c | |
parent | 20339d90c0b7226efe93e701419e8ae60cfbef6a (diff) | |
download | FreeBSD-src-d267bbc6cae03d2263872111708186e38133343e.zip FreeBSD-src-d267bbc6cae03d2263872111708186e38133343e.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke an appropriate MAC entry point to authorize execution of
a file by a process. The check is placed slightly differently
than it appears in the trustedbsd_mac tree so that it prevents
a little more information leakage about the target of the execve()
operation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/kern_exec.c')
-rw-r--r-- | sys/kern/kern_exec.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 14f5bad..0d6689f 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -27,6 +27,7 @@ */ #include "opt_ktrace.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -35,6 +36,7 @@ #include <sys/sysproto.h> #include <sys/signalvar.h> #include <sys/kernel.h> +#include <sys/mac.h> #include <sys/mount.h> #include <sys/filedesc.h> #include <sys/fcntl.h> @@ -909,6 +911,13 @@ exec_check_permissions(imgp) int error; td = curthread; /* XXXKSE */ + +#ifdef MAC + error = mac_check_vnode_exec(td->td_ucred, imgp->vp); + if (error) + return (error); +#endif + /* Get file attributes */ error = VOP_GETATTR(vp, attr, td->td_ucred, td); if (error) |