Re: Addition to kauth(9) framework

[Aleksey Cheusov <cheusov%tut.by@localhost>]

Sorry. Attachment is here.

Index: share/man/man9/kauth.9
===================================================================
RCS file: /cvsroot/src/share/man/man9/kauth.9,v
retrieving revision 1.91
diff -u -r1.91 kauth.9
--- share/man/man9/kauth.9      28 Apr 2011 12:22:35 -0000      1.91
+++ share/man/man9/kauth.9      23 Jul 2011 11:06:41 -0000
@@ -1087,6 +1087,19 @@
 are both
 .Ft struct proc *
 of the parent and child processes, respectively.
+.It Dv KAUTH_CRED_CHROOT
+The credentials are being initialized during
+.Xr chroot 2
+or
+.Xr fchroot 2
+syscalls.
+.Pp
+.Ar cred
+are the credentials of the proc context doing the chroot, and
+.Ar arg0
+is a
+.Ft struct cwdinfo *
+of the process.
 .It Dv KAUTH_CRED_FREE
 The credentials in
 .Ar cred
Index: sys/kern/kern_auth.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_auth.c,v
retrieving revision 1.65
diff -u -r1.65 kern_auth.c
--- sys/kern/kern_auth.c        31 Dec 2009 02:20:36 -0000      1.65
+++ sys/kern/kern_auth.c        23 Jul 2011 11:06:52 -0000
@@ -286,6 +286,12 @@
            child);
 }
 
+void
+kauth_proc_chroot(kauth_cred_t cred, struct cwdinfo *cwdi)
+{
+       kauth_cred_hook(cred, KAUTH_CRED_CHROOT, cwdi, NULL);
+}
+
 uid_t
 kauth_cred_getuid(kauth_cred_t cred)
 {
Index: sys/kern/vfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.431
diff -u -r1.431 vfs_syscalls.c
--- sys/kern/vfs_syscalls.c     3 Jul 2011 15:25:09 -0000       1.431
+++ sys/kern/vfs_syscalls.c     23 Jul 2011 11:06:53 -0000
@@ -1035,6 +1035,10 @@
 void
 change_root(struct cwdinfo *cwdi, struct vnode *vp, struct lwp *l)
 {
+       struct proc *p = l->l_proc;
+       kauth_cred_t ncred;
+
+       ncred = kauth_cred_alloc();
 
        rw_enter(&cwdi->cwdi_lock, RW_WRITER);
        if (cwdi->cwdi_rdir != NULL)
@@ -1056,6 +1060,15 @@
                cwdi->cwdi_cdir = vp;
        }
        rw_exit(&cwdi->cwdi_lock);
+
+       /* Get a write lock on the process credential. */
+       proc_crmod_enter();
+
+       kauth_cred_clone(p->p_cred, ncred);
+       kauth_proc_chroot(ncred, p->p_cwdi);
+
+       /* Broadcast our credentials to the process and other LWPs. */
+       proc_crmod_leave(ncred, p->p_cred, true);
 }
 
 /*
Index: sys/sys/kauth.h
===================================================================
RCS file: /cvsroot/src/sys/sys/kauth.h,v
retrieving revision 1.64
diff -u -r1.64 kauth.h
--- sys/sys/kauth.h     24 Dec 2009 19:02:07 -0000      1.64
+++ sys/sys/kauth.h     23 Jul 2011 11:06:54 -0000
@@ -41,6 +41,7 @@
 struct proc;
 struct tty;
 struct vnode;
+struct cwdinfo;
 
 /* Types. */
 typedef struct kauth_scope     *kauth_scope_t;
@@ -282,7 +283,8 @@
        KAUTH_CRED_INIT=1,
        KAUTH_CRED_FORK,
        KAUTH_CRED_COPY,
-       KAUTH_CRED_FREE
+       KAUTH_CRED_FREE,
+       KAUTH_CRED_CHROOT
 };
 
 /*
@@ -418,6 +420,7 @@
 kauth_cred_t kauth_cred_get(void);
 
 void kauth_proc_fork(struct proc *, struct proc *);
+void kauth_proc_chroot(kauth_cred_t cred, struct cwdinfo *cwdi);
 
 void secmodel_register(void);
 void secmodel_deregister(void);

> I'd like to apply the attached patch.
> It implements two things:

> - chroot(2)-ed process is given new kauth_cred_t with reference count
>   equal to 1.
> - New id KAUTH_CRED_CHROOT is added to kauth(9) credentials scope
>   which is used when chroot(2) or fchroot(2) is called.

> This two things allows to implement things like securechroot(9) secmodel
> described here

>   http://mail-index.netbsd.org/tech-kern/2011/07/09/msg010903.html

> After commiting this patch I'll move the rest of securechroot(9)
> to pkgsrc until it is ready to be integrated into the kernel.

> Objections?

-- 
Best regards, Aleksey Cheusov.