diff options
author | des <des@FreeBSD.org> | 2011-10-18 07:28:58 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2011-10-18 07:28:58 +0000 |
commit | 1b405df8baa78dedceda6da24510b9597aad726d (patch) | |
tree | a66a1f7a0cad9c0bdb1b03d06f7f48c643033aca /sys/kern/sys_capability.c | |
parent | 6876e3d9c139cd8d3dbaaaaf463d9a1ff2103a5e (diff) | |
download | FreeBSD-src-1b405df8baa78dedceda6da24510b9597aad726d.zip FreeBSD-src-1b405df8baa78dedceda6da24510b9597aad726d.tar.gz |
Revisit the capability failure trace points. The initial implementation
only logged instances where an operation on a file descriptor required
capabilities which the file descriptor did not have. By adding a type enum
to struct ktr_cap_fail, we can catch other types of capability failures as
well, such as disallowed system calls or attempts to wrap a file descriptor
with more capabilities than it had to begin with.
Diffstat (limited to 'sys/kern/sys_capability.c')
-rw-r--r-- | sys/kern/sys_capability.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/kern/sys_capability.c b/sys/kern/sys_capability.c index b22cfb2..f1fb1b1 100644 --- a/sys/kern/sys_capability.c +++ b/sys/kern/sys_capability.c @@ -218,7 +218,7 @@ cap_check(struct capability *c, cap_rights_t rights) if ((c->cap_rights | rights) != c->cap_rights) { #ifdef KTRACE if (KTRPOINT(curthread, KTR_CAPFAIL)) - ktrcapfail(rights, c->cap_rights); + ktrcapfail(CAPFAIL_NOTCAPABLE, rights, c->cap_rights); #endif return (ENOTCAPABLE); } @@ -314,8 +314,14 @@ kern_capwrap(struct thread *td, struct file *fp, cap_rights_t rights, */ if (fp->f_type == DTYPE_CAPABILITY) { cp_old = fp->f_data; - if ((cp_old->cap_rights | rights) != cp_old->cap_rights) + if ((cp_old->cap_rights | rights) != cp_old->cap_rights) { +#ifdef KTRACE + if (KTRPOINT(curthread, KTR_CAPFAIL)) + ktrcapfail(CAPFAIL_INCREASE, + rights, cp_old->cap_rights); +#endif return (ENOTCAPABLE); + } } /* |