diff options
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/init_main.c | 5 | ||||
-rw-r--r-- | sys/kern/init_sysent.c | 3 | ||||
-rw-r--r-- | sys/kern/kern_exit.c | 9 | ||||
-rw-r--r-- | sys/kern/kern_fork.c | 8 | ||||
-rw-r--r-- | sys/kern/kern_jail.c | 114 | ||||
-rw-r--r-- | sys/kern/kern_ktrace.c | 4 | ||||
-rw-r--r-- | sys/kern/kern_mib.c | 26 | ||||
-rw-r--r-- | sys/kern/kern_proc.c | 7 | ||||
-rw-r--r-- | sys/kern/kern_prot.c | 46 | ||||
-rw-r--r-- | sys/kern/kern_resource.c | 4 | ||||
-rw-r--r-- | sys/kern/kern_sig.c | 6 | ||||
-rw-r--r-- | sys/kern/kern_sysctl.c | 5 | ||||
-rw-r--r-- | sys/kern/kern_xxx.c | 4 | ||||
-rw-r--r-- | sys/kern/sys_process.c | 4 | ||||
-rw-r--r-- | sys/kern/syscalls.c | 3 | ||||
-rw-r--r-- | sys/kern/uipc_usrreq.c | 15 | ||||
-rw-r--r-- | sys/kern/vfs_extattr.c | 30 | ||||
-rw-r--r-- | sys/kern/vfs_syscalls.c | 30 | ||||
-rw-r--r-- | sys/kern/vfs_vnops.c | 4 |
19 files changed, 270 insertions, 57 deletions
diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c index bf6ec7f..ed93f6f 100644 --- a/sys/kern/init_main.c +++ b/sys/kern/init_main.c @@ -39,7 +39,7 @@ * SUCH DAMAGE. * * @(#)init_main.c 8.9 (Berkeley) 1/21/94 - * $Id: init_main.c,v 1.113 1999/04/24 18:50:48 dt Exp $ + * $Id: init_main.c,v 1.114 1999/04/28 01:04:25 luoqi Exp $ */ #include "opt_devfs.h" @@ -409,6 +409,9 @@ proc0_init(dummy) p->p_ucred = crget(); p->p_ucred->cr_ngroups = 1; /* group 0 */ + /* Don't jail it */ + p->p_prison = 0; + /* Create procsig. */ p->p_procsig = &procsig0; p->p_procsig->ps_refcnt = 1; diff --git a/sys/kern/init_sysent.c b/sys/kern/init_sysent.c index 3a8b931..43b325d 100644 --- a/sys/kern/init_sysent.c +++ b/sys/kern/init_sysent.c @@ -2,7 +2,7 @@ * System call switch table. * * DO NOT EDIT-- this file is automatically generated. - * created from Id: syscalls.master,v 1.57 1999/04/04 21:41:16 dt Exp + * created from Id: syscalls.master,v 1.58 1999/04/28 11:28:49 phk Exp */ #include "opt_compat.h" @@ -357,4 +357,5 @@ struct sysent sysent[] = { { 2, (sy_call_t *)utrace }, /* 335 = utrace */ { 8, (sy_call_t *)sendfile }, /* 336 = sendfile */ { 3, (sy_call_t *)kldsym }, /* 337 = kldsym */ + { 1, (sy_call_t *)jail }, /* 338 = jail */ }; diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c index 0e97656..fd66be8 100644 --- a/sys/kern/kern_exit.c +++ b/sys/kern/kern_exit.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)kern_exit.c 8.7 (Berkeley) 2/12/94 - * $Id: kern_exit.c,v 1.78 1999/04/17 08:36:04 peter Exp $ + * $Id: kern_exit.c,v 1.79 1999/04/28 01:04:26 luoqi Exp $ */ #include "opt_compat.h" @@ -60,6 +60,7 @@ #include <sys/shm.h> #include <sys/sem.h> #include <sys/aio.h> +#include <sys/jail.h> #ifdef COMPAT_43 #include <machine/reg.h> @@ -508,6 +509,12 @@ loop: } /* + * Destroy empty prisons + */ + if (p->p_prison && !--p->p_prison->pr_ref) + FREE(p->p_prison, M_PRISON); + + /* * Finally finished with old proc entry. * Unlink it from its process group and free it. */ diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c index d3f40ea..d5870b5 100644 --- a/sys/kern/kern_fork.c +++ b/sys/kern/kern_fork.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)kern_fork.c 8.6 (Berkeley) 4/8/94 - * $Id: kern_fork.c,v 1.59 1999/04/24 11:25:01 dt Exp $ + * $Id: kern_fork.c,v 1.60 1999/04/28 01:04:27 luoqi Exp $ */ #include "opt_ktrace.h" @@ -54,6 +54,7 @@ #include <sys/acct.h> #include <sys/ktrace.h> #include <sys/unistd.h> +#include <sys/jail.h> #include <vm/vm.h> #include <sys/lock.h> @@ -308,6 +309,11 @@ again: p2->p_cred->p_refcnt = 1; crhold(p1->p_ucred); + if (p2->p_prison) { + p2->p_prison->pr_ref++; + p2->p_flag |= P_JAILED; + } + if (flags & RFSIGSHARE) { p2->p_procsig = p1->p_procsig; p2->p_procsig->ps_refcnt++; diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c new file mode 100644 index 0000000..20cb8941 --- /dev/null +++ b/sys/kern/kern_jail.c @@ -0,0 +1,114 @@ + +#include <sys/param.h> +#include <sys/types.h> +#include <sys/kernel.h> +#include <sys/systm.h> +#include <sys/errno.h> +#include <sys/sysproto.h> +#include <sys/malloc.h> +#include <sys/proc.h> +#include <sys/jail.h> +#include <sys/socket.h> +#include <net/if.h> +#include <netinet/in.h> + +MALLOC_DEFINE(M_PRISON, "prison", "Prison structures"); + +int +jail(p, uap) + struct proc *p; + struct jail_args /* { + syscallarg(struct jail *) jail; + } */ *uap; +{ + int error; + struct prison *pr; + struct jail j; + struct chroot_args ca; + + error = suser(p); + if (error) + return (error); + error = copyin(uap->jail, &j, sizeof j); + if (error) + return (error); + MALLOC(pr, struct prison *, sizeof *pr , M_PRISON, M_WAITOK); + bzero((caddr_t)pr, sizeof *pr); + error = copyinstr(j.hostname, &pr->pr_host, sizeof pr->pr_host, 0); + if (error) + goto bail; + pr->pr_ip = j.ip_number; + + ca.path = j.path; + error = chroot(p, &ca); + if (error) + goto bail; + + pr->pr_ref++; + p->p_prison = pr; + p->p_flag |= P_JAILED; + return (0); + +bail: + FREE(pr, M_PRISON); + return (error); +} + +int +prison_ip(struct proc *p, int flag, u_int32_t *ip) +{ + u_int32_t tmp; + + if (!p->p_prison) + return (0); + if (flag) + tmp = *ip; + else + tmp = ntohl(*ip); + if (tmp == INADDR_ANY) { + if (flag) + *ip = p->p_prison->pr_ip; + else + *ip = htonl(p->p_prison->pr_ip); + return (0); + } + if (p->p_prison->pr_ip != tmp) + return (1); + return (0); +} + +void +prison_remote_ip(struct proc *p, int flag, u_int32_t *ip) +{ + u_int32_t tmp; + + if (!p->p_prison) + return; + if (flag) + tmp = *ip; + else + tmp = ntohl(*ip); + if (tmp == 0x7f000001) { + if (flag) + *ip = p->p_prison->pr_ip; + else + *ip = htonl(p->p_prison->pr_ip); + return; + } + return; +} + +int +prison_if(struct proc *p, struct sockaddr *sa) +{ + struct sockaddr_in *sai = (struct sockaddr_in*) sa; + int ok; + + if (sai->sin_family != AF_INET) + ok = 0; + else if (p->p_prison->pr_ip != ntohl(sai->sin_addr.s_addr)) + ok = 1; + else + ok = 0; + return (ok); +} diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 7a6d237..86579cb 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)kern_ktrace.c 8.2 (Berkeley) 9/23/93 - * $Id: kern_ktrace.c,v 1.24 1998/11/10 09:16:29 peter Exp $ + * $Id: kern_ktrace.c,v 1.25 1998/12/10 01:47:41 rvb Exp $ */ #include "opt_ktrace.h" @@ -515,6 +515,8 @@ ktrcanset(callp, targetp) register struct pcred *caller = callp->p_cred; register struct pcred *target = targetp->p_cred; + if (!PRISON_CHECK(callp, targetp)) + return (0); if ((caller->pc_ucred->cr_uid == target->p_ruid && target->p_ruid == target->p_svuid && caller->p_rgid == target->p_rgid && /* XXX */ diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index 9a8f65c..90afa9f 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -37,7 +37,7 @@ * SUCH DAMAGE. * * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 - * $Id: kern_mib.c,v 1.17 1999/01/25 18:26:09 dillon Exp $ + * $Id: kern_mib.c,v 1.18 1999/01/26 07:37:11 dillon Exp $ */ #include <sys/param.h> @@ -45,6 +45,7 @@ #include <sys/systm.h> #include <sys/sysctl.h> #include <sys/proc.h> +#include <sys/jail.h> #include <sys/unistd.h> #if defined(SMP) @@ -73,6 +74,9 @@ SYSCTL_NODE(, CTL_USER, user, CTLFLAG_RW, 0, SYSCTL_NODE(, CTL_P1003_1B, p1003_1b, CTLFLAG_RW, 0, "p1003_1b, (see p1003_1b.h)"); +SYSCTL_NODE(_kern, OID_AUTO, prison, CTLFLAG_RW, 0, + "Prison rules"); + SYSCTL_STRING(_kern, KERN_OSRELEASE, osrelease, CTLFLAG_RD, osrelease, 0, ""); SYSCTL_INT(_kern, KERN_OSREV, osrevision, CTLFLAG_RD, 0, BSD, ""); @@ -124,8 +128,24 @@ SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD, char hostname[MAXHOSTNAMELEN]; -SYSCTL_STRING(_kern, KERN_HOSTNAME, hostname, CTLFLAG_RW, - hostname, sizeof(hostname), ""); +static int +sysctl_hostname SYSCTL_HANDLER_ARGS +{ + int error; + + if (req->p->p_prison) + error = sysctl_handle_string(oidp, + req->p->p_prison->pr_host, + sizeof req->p->p_prison->pr_host, req); + else + error = sysctl_handle_string(oidp, + hostname, sizeof hostname, req); + return (error); +} + +SYSCTL_PROC(_kern, KERN_HOSTNAME, hostname, + CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON, + 0, 0, sysctl_hostname, "A", ""); int securelevel = -1; diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index bfb7df9..3dfbfab 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)kern_proc.c 8.7 (Berkeley) 2/14/95 - * $Id: kern_proc.c,v 1.45 1999/01/28 00:57:47 dillon Exp $ + * $Id: kern_proc.c,v 1.46 1999/02/19 14:25:34 luoqi Exp $ */ #include <sys/param.h> @@ -500,6 +500,8 @@ sysctl_kern_proc SYSCTL_HANDLER_ARGS p = pfind((pid_t)name[0]); if (!p) return (0); + if (!PRISON_CHECK(curproc, p)) + return (0); error = sysctl_out_proc(p, req, 0); return (error); } @@ -561,6 +563,9 @@ sysctl_kern_proc SYSCTL_HANDLER_ARGS break; } + if (!PRISON_CHECK(curproc, p)) + continue; + error = sysctl_out_proc(p, req, doingzomb); if (error) return (error); diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 56606f4..e4ad6f5 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94 - * $Id: kern_prot.c,v 1.45 1999/04/27 11:16:01 phk Exp $ + * $Id: kern_prot.c,v 1.46 1999/04/27 12:21:06 phk Exp $ */ /* @@ -395,7 +395,7 @@ setuid(p, uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ uid != pc->pc_ucred->cr_uid && /* allow setuid(geteuid()) */ #endif - (error = suser(p))) + (error = suser_xxx(0, p, PRISON_ROOT))) return (error); #ifdef _POSIX_SAVED_IDS @@ -407,7 +407,7 @@ setuid(p, uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */ uid == pc->pc_ucred->cr_uid || #endif - suser(p) == 0) /* we are using privs */ + suser_xxx(0, p, PRISON_ROOT) == 0) /* we are using privs */ #endif { /* @@ -467,7 +467,7 @@ seteuid(p, uap) euid = uap->euid; if (euid != pc->p_ruid && /* allow seteuid(getuid()) */ euid != pc->p_svuid && /* allow seteuid(saved uid) */ - (error = suser(p))) + (error = suser_xxx(0, p, PRISON_ROOT))) return (error); /* * Everything's okay, do it. Copy credentials so other references do @@ -515,7 +515,7 @@ setgid(p, uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ gid != pc->pc_ucred->cr_groups[0] && /* allow setgid(getegid()) */ #endif - (error = suser(p))) + (error = suser_xxx(0, p, PRISON_ROOT))) return (error); #ifdef _POSIX_SAVED_IDS @@ -527,7 +527,7 @@ setgid(p, uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ gid == pc->pc_ucred->cr_groups[0] || #endif - suser(p) == 0) /* we are using privs */ + suser_xxx(0, p, PRISON_ROOT) == 0) /* we are using privs */ #endif { /* @@ -579,7 +579,7 @@ setegid(p, uap) egid = uap->egid; if (egid != pc->p_rgid && /* allow setegid(getgid()) */ egid != pc->p_svgid && /* allow setegid(saved gid) */ - (error = suser(p))) + (error = suser_xxx(0, p, PRISON_ROOT))) return (error); if (pc->pc_ucred->cr_groups[0] != egid) { pc->pc_ucred = crcopy(pc->pc_ucred); @@ -605,7 +605,7 @@ setgroups(p, uap) register u_int ngrp; int error; - if ((error = suser(p))) + if ((error = suser_xxx(0, p, PRISON_ROOT))) return (error); ngrp = uap->gidsetsize; if (ngrp > NGROUPS) @@ -654,7 +654,7 @@ setreuid(p, uap) if (((ruid != (uid_t)-1 && ruid != pc->p_ruid && ruid != pc->p_svuid) || (euid != (uid_t)-1 && euid != pc->pc_ucred->cr_uid && euid != pc->p_ruid && euid != pc->p_svuid)) && - (error = suser(p)) != 0) + (error = suser_xxx(0, p, PRISON_ROOT)) != 0) return (error); if (euid != (uid_t)-1 && pc->pc_ucred->cr_uid != euid) { @@ -697,7 +697,7 @@ setregid(p, uap) if (((rgid != (gid_t)-1 && rgid != pc->p_rgid && rgid != pc->p_svgid) || (egid != (gid_t)-1 && egid != pc->pc_ucred->cr_groups[0] && egid != pc->p_rgid && egid != pc->p_svgid)) && - (error = suser(p)) != 0) + (error = suser_xxx(0, p, PRISON_ROOT)) != 0) return (error); if (egid != (gid_t)-1 && pc->pc_ucred->cr_groups[0] != egid) { @@ -769,20 +769,28 @@ int suser(p) struct proc *p; { - return suser_xxx(p->p_ucred, &p->p_acflag); + return suser_xxx(0, p, 0); } int -suser_xxx(cred, acflag) +suser_xxx(cred, proc, flag) struct ucred *cred; - u_short *acflag; + struct proc *proc; + int flag; { - if (cred->cr_uid == 0) { - if (acflag) - *acflag |= ASU; - return (0); + if (!cred && !proc) { + printf("suser_xxx(): THINK!\n"); + return (EPERM); } - return (EPERM); + if (!cred) + cred = proc->p_ucred; + if (cred->cr_uid != 0) + return (EPERM); + if (proc && proc->p_prison && !(flag & PRISON_ROOT)) + return (EPERM); + if (proc) + proc->p_acflag |= ASU; + return (0); } /* @@ -883,7 +891,7 @@ setlogin(p, uap) int error; char logintmp[MAXLOGNAME]; - if ((error = suser(p))) + if ((error = suser_xxx(0, p, PRISON_ROOT))) return (error); error = copyinstr((caddr_t) uap->namebuf, (caddr_t) logintmp, sizeof(logintmp), (size_t *)0); diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index bd07411..811ccf4 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)kern_resource.c 8.5 (Berkeley) 1/21/94 - * $Id: kern_resource.c,v 1.46 1999/04/27 11:16:02 phk Exp $ + * $Id: kern_resource.c,v 1.47 1999/04/27 12:21:07 phk Exp $ */ #include "opt_compat.h" @@ -387,7 +387,7 @@ dosetrlimit(p, which, limp) if (limp->rlim_cur > alimp->rlim_max || limp->rlim_max > alimp->rlim_max) - if ((error = suser(p))) + if ((error = suser_xxx(0, p, PRISON_ROOT))) return (error); if (limp->rlim_cur > limp->rlim_max) limp->rlim_cur = limp->rlim_max; diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 5da4725..6749e76 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)kern_sig.c 8.7 (Berkeley) 4/18/94 - * $Id: kern_sig.c,v 1.53 1999/01/10 01:58:24 eivind Exp $ + * $Id: kern_sig.c,v 1.54 1999/01/26 02:38:10 julian Exp $ */ #include "opt_compat.h" @@ -79,12 +79,12 @@ SYSCTL_INT(_kern, KERN_LOGSIGEXIT, logsigexit, CTLFLAG_RW, &kern_logsigexit, 0, * Can process p, with pcred pc, send the signal signum to process q? */ #define CANSIGNAL(p, pc, q, signum) \ - ((pc)->pc_ucred->cr_uid == 0 || \ + (PRISON_CHECK(p, q) && ((pc)->pc_ucred->cr_uid == 0 || \ (pc)->p_ruid == (q)->p_cred->p_ruid || \ (pc)->pc_ucred->cr_uid == (q)->p_cred->p_ruid || \ (pc)->p_ruid == (q)->p_ucred->cr_uid || \ (pc)->pc_ucred->cr_uid == (q)->p_ucred->cr_uid || \ - ((signum) == SIGCONT && (q)->p_session == (p)->p_session)) + ((signum) == SIGCONT && (q)->p_session == (p)->p_session))) /* * Policy -- Can real uid ruid with ucred uc send a signal to process q? diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index fc0a204..15f5359 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -37,7 +37,7 @@ * SUCH DAMAGE. * * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 - * $Id: kern_sysctl.c,v 1.86 1999/03/30 09:00:45 phk Exp $ + * $Id: kern_sysctl.c,v 1.87 1999/04/27 11:16:05 phk Exp $ */ #include "opt_compat.h" @@ -764,7 +764,8 @@ found: /* Most likely only root can write */ if (!(oid->oid_kind & CTLFLAG_ANYBODY) && req->newptr && req->p && - (i = suser(req->p))) + (i = suser_xxx(0, req->p, + (oid->oid_kind & CTLFLAG_PRISON) ? PRISON_ROOT : 0))) return (i); if (!oid->oid_handler) diff --git a/sys/kern/kern_xxx.c b/sys/kern/kern_xxx.c index 42b563f..92b26ce 100644 --- a/sys/kern/kern_xxx.c +++ b/sys/kern/kern_xxx.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)kern_xxx.c 8.2 (Berkeley) 11/14/93 - * $Id: kern_xxx.c,v 1.28 1998/08/24 08:39:38 dfr Exp $ + * $Id: kern_xxx.c,v 1.29 1999/04/27 11:16:09 phk Exp $ */ #include "opt_compat.h" @@ -85,7 +85,7 @@ osethostname(p, uap) name[0] = CTL_KERN; name[1] = KERN_HOSTNAME; - if ((error = suser(p))) + if ((error = suser_xxx(0, p, PRISON_ROOT))) return (error); return (userland_sysctl(p, name, 2, 0, 0, 0, uap->hostname, uap->len, 0)); diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 62e6736..6ed8ef1 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -28,7 +28,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: sys_process.c,v 1.43 1999/03/29 08:29:22 dfr Exp $ + * $Id: sys_process.c,v 1.44 1999/04/27 11:16:13 phk Exp $ */ #include <sys/param.h> @@ -218,6 +218,8 @@ ptrace(curp, uap) if ((p = pfind(uap->pid)) == NULL) return ESRCH; } + if (!PRISON_CHECK(curp, p)) + return (ESRCH); /* * Permissions check diff --git a/sys/kern/syscalls.c b/sys/kern/syscalls.c index bd49409..1359833 100644 --- a/sys/kern/syscalls.c +++ b/sys/kern/syscalls.c @@ -2,7 +2,7 @@ * System call names. * * DO NOT EDIT-- this file is automatically generated. - * created from Id: syscalls.master,v 1.57 1999/04/04 21:41:16 dt Exp + * created from Id: syscalls.master,v 1.58 1999/04/28 11:28:49 phk Exp */ char *syscallnames[] = { @@ -344,4 +344,5 @@ char *syscallnames[] = { "utrace", /* 335 = utrace */ "sendfile", /* 336 = sendfile */ "kldsym", /* 337 = kldsym */ + "jail", /* 338 = jail */ }; diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 292ce70..52823be 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * From: @(#)uipc_usrreq.c 8.3 (Berkeley) 1/4/94 - * $Id: uipc_usrreq.c,v 1.41 1999/04/11 02:17:47 eivind Exp $ + * $Id: uipc_usrreq.c,v 1.42 1999/04/12 14:34:52 eivind Exp $ */ #include <sys/param.h> @@ -490,6 +490,7 @@ unp_attach(so) unp_count++; LIST_INIT(&unp->unp_refs); unp->unp_socket = so; + unp->unp_rvnode = curproc->p_fd->fd_rdir; LIST_INSERT_HEAD(so->so_type == SOCK_DGRAM ? &unp_dhead : &unp_shead, unp, unp_link); so->so_pcb = (caddr_t)unp; @@ -710,6 +711,16 @@ unp_abort(unp) #endif static int +prison_unpcb(struct proc *p, struct unpcb *unp) +{ + if (!p->p_prison) + return (0); + if (p->p_fd->fd_rdir == unp->unp_rvnode) + return (0); + return (1); +} + +static int unp_pcblist SYSCTL_HANDLER_ARGS { int error, i, n; @@ -754,7 +765,7 @@ unp_pcblist SYSCTL_HANDLER_ARGS for (unp = head->lh_first, i = 0; unp && i < n; unp = unp->unp_link.le_next) { - if (unp->unp_gencnt <= gencnt) + if (unp->unp_gencnt <= gencnt && !prison_unpcb(req->p, unp)) unp_list[i++] = unp; } n = i; /* in case we lost some during malloc */ diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index 43c0bcc..dd464d7 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 - * $Id: vfs_syscalls.c,v 1.121 1999/03/23 14:26:40 phk Exp $ + * $Id: vfs_syscalls.c,v 1.122 1999/04/27 11:16:25 phk Exp $ */ /* For 4.3 integer FS ID compatibility */ @@ -132,7 +132,7 @@ mount(p, uap) /* * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users */ - if (suser_xxx(p->p_ucred, (u_short *)NULL)) + if (suser_xxx(p->p_ucred, 0, 0)) SCARG(uap, flags) |= MNT_NOSUID | MNT_NODEV; /* * Get vnode to be covered @@ -562,6 +562,12 @@ sync(p, uap) return (0); } +/* XXX PRISON: could be per prison flag */ +static int prison_quotas; +#if 0 +SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, ""); +#endif + /* * Change filesystem quotas. */ @@ -588,6 +594,8 @@ quotactl(p, uap) int error; struct nameidata nd; + if (p->p_prison && !prison_quotas) + return (EPERM); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); if ((error = namei(&nd)) != 0) return (error); @@ -631,7 +639,7 @@ statfs(p, uap) if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(p->p_ucred, (u_short *)NULL)) { + if (suser_xxx(p->p_ucred, 0, 0)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -671,7 +679,7 @@ fstatfs(p, uap) if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(p->p_ucred, (u_short *)NULL)) { + if (suser_xxx(p->p_ucred, 0, 0)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -886,7 +894,7 @@ chroot(p, uap) int error; struct nameidata nd; - error = suser(p); + error = suser_xxx(0, p, PRISON_ROOT); if (error) return (error); if (chroot_allow_open_directories == 0 || @@ -1076,7 +1084,15 @@ mknod(p, uap) int whiteout = 0; struct nameidata nd; - error = suser(p); + switch (SCARG(uap, mode) & S_IFMT) { + case S_IFCHR: + case S_IFBLK: + error = suser(p); + break; + default: + error = suser_xxx(0, p, PRISON_ROOT); + break; + } if (error) return (error); NDINIT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, SCARG(uap, path), p); @@ -2977,7 +2993,7 @@ revoke(p, uap) if ((error = VOP_GETATTR(vp, &vattr, p->p_ucred, p)) != 0) goto out; if (p->p_ucred->cr_uid != vattr.va_uid && - (error = suser(p))) + (error = suser_xxx(0, p, PRISON_ROOT))) goto out; if (vp->v_usecount > 1 || (vp->v_flag & VALIASED)) VOP_REVOKE(vp, REVOKEALL); diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 43c0bcc..dd464d7 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 - * $Id: vfs_syscalls.c,v 1.121 1999/03/23 14:26:40 phk Exp $ + * $Id: vfs_syscalls.c,v 1.122 1999/04/27 11:16:25 phk Exp $ */ /* For 4.3 integer FS ID compatibility */ @@ -132,7 +132,7 @@ mount(p, uap) /* * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users */ - if (suser_xxx(p->p_ucred, (u_short *)NULL)) + if (suser_xxx(p->p_ucred, 0, 0)) SCARG(uap, flags) |= MNT_NOSUID | MNT_NODEV; /* * Get vnode to be covered @@ -562,6 +562,12 @@ sync(p, uap) return (0); } +/* XXX PRISON: could be per prison flag */ +static int prison_quotas; +#if 0 +SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, ""); +#endif + /* * Change filesystem quotas. */ @@ -588,6 +594,8 @@ quotactl(p, uap) int error; struct nameidata nd; + if (p->p_prison && !prison_quotas) + return (EPERM); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); if ((error = namei(&nd)) != 0) return (error); @@ -631,7 +639,7 @@ statfs(p, uap) if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(p->p_ucred, (u_short *)NULL)) { + if (suser_xxx(p->p_ucred, 0, 0)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -671,7 +679,7 @@ fstatfs(p, uap) if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(p->p_ucred, (u_short *)NULL)) { + if (suser_xxx(p->p_ucred, 0, 0)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -886,7 +894,7 @@ chroot(p, uap) int error; struct nameidata nd; - error = suser(p); + error = suser_xxx(0, p, PRISON_ROOT); if (error) return (error); if (chroot_allow_open_directories == 0 || @@ -1076,7 +1084,15 @@ mknod(p, uap) int whiteout = 0; struct nameidata nd; - error = suser(p); + switch (SCARG(uap, mode) & S_IFMT) { + case S_IFCHR: + case S_IFBLK: + error = suser(p); + break; + default: + error = suser_xxx(0, p, PRISON_ROOT); + break; + } if (error) return (error); NDINIT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, SCARG(uap, path), p); @@ -2977,7 +2993,7 @@ revoke(p, uap) if ((error = VOP_GETATTR(vp, &vattr, p->p_ucred, p)) != 0) goto out; if (p->p_ucred->cr_uid != vattr.va_uid && - (error = suser(p))) + (error = suser_xxx(0, p, PRISON_ROOT))) goto out; if (vp->v_usecount > 1 || (vp->v_flag & VALIASED)) VOP_REVOKE(vp, REVOKEALL); diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 802c437..0300ba5 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_vnops.c 8.2 (Berkeley) 1/21/94 - * $Id: vfs_vnops.c,v 1.66 1999/04/21 05:56:45 alc Exp $ + * $Id: vfs_vnops.c,v 1.67 1999/04/27 11:16:27 phk Exp $ */ #include <sys/param.h> @@ -422,7 +422,7 @@ vn_stat(vp, sb, p) sb->st_ctimespec = vap->va_ctime; sb->st_blksize = vap->va_blocksize; sb->st_flags = vap->va_flags; - if (suser_xxx(p->p_ucred, (u_short *)NULL)) + if (suser_xxx(p->p_ucred, 0, 0)) sb->st_gen = 0; else sb->st_gen = vap->va_gen; |