[src/trunk]: src/sys Introduce veriexec_renamechk().

[elad <elad%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/4aa1b1dc1fc1
branches:  trunk
changeset: 583699:4aa1b1dc1fc1
user:      elad <elad%NetBSD.org@localhost>
date:      Fri Aug 19 12:30:02 2005 +0000

description:
Introduce veriexec_renamechk().

Rename policy:
  - Strict levels 0, 1: Log renames of monitored files.
  - Strict level 2: Prevent renames of monitored files.
  - Strict level 3: Prevent renames.

diffstat:

 sys/kern/kern_verifiedexec.c |  49 ++++++++++++++++++++++++++++++++++++++++++-
 sys/kern/vfs_syscalls.c      |  13 ++++++++---
 sys/sys/verified_exec.h      |   5 ++-
 3 files changed, 59 insertions(+), 8 deletions(-)

diffs (144 lines):

diff -r 7e24c4c0ec53 -r 4aa1b1dc1fc1 sys/kern/kern_verifiedexec.c
--- a/sys/kern/kern_verifiedexec.c      Fri Aug 19 12:29:18 2005 +0000
+++ b/sys/kern/kern_verifiedexec.c      Fri Aug 19 12:30:02 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_verifiedexec.c,v 1.35 2005/08/13 12:56:44 elad Exp $      */
+/*     $NetBSD: kern_verifiedexec.c,v 1.36 2005/08/19 12:30:02 elad Exp $      */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.35 2005/08/13 12:56:44 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.36 2005/08/19 12:30:02 elad Exp $");
 
 #include "opt_verified_exec.h"
 
@@ -504,6 +504,51 @@
 }
 
 /*
+ * Veriexe rename policy.
+ */
+int
+veriexec_renamechk(struct vnode *vp, const char *from, const char *to)
+{
+       struct proc *p = curlwp->l_proc;
+       struct veriexec_hash_entry *vhe;
+       struct vattr va;
+       int error;
+
+       error = VOP_GETATTR(vp, &va, p->p_ucred, p);
+       if (error)
+               return (error);
+
+       if (veriexec_strict >= 3) {
+               printf("Veriexec: veriexec_renamechk: Preventing rename "
+                      "of \"%s\" [%ld:%ld] to \"%s\", uid=%u, pid=%u: "
+                      "Lockdown mode.\n", from, va.va_fsid, va.va_fileid,
+                      to, p->p_ucred->cr_uid, p->p_pid);
+               return (EPERM);
+       }
+
+       /* XXX: dev_t and ino_t are 32bit, long can be 64bit. */
+       vhe = veriexec_lookup((dev_t)va.va_fsid, (ino_t)va.va_fileid);
+       if (vhe != NULL) {
+               if (veriexec_strict >= 2) {
+                       printf("Veriexec: veriexec_renamechk: Preventing "
+                              "rename of \"%s\" [%ld:%ld] to \"%s\", "
+                              "uid=%u, pid=%u: IPS mode, file "
+                              "monitored.\n", from, va.va_fsid,
+                              va.va_fileid, to, p->p_ucred->cr_uid,
+                              p->p_pid);
+                       return (EPERM);
+               }
+
+               printf("Veriexec: veriexec_rename: Monitored file \"%s\" "
+                      "[%ld:%ld] renamed to \"%s\", uid=%u, pid=%u.\n",
+                      from, va.va_fsid, va.va_fileid, to,
+                      p->p_ucred->cr_uid, p->p_pid);
+       }
+
+       return (0);
+}
+
+/*
  * Routine for maintaining mostly consistent message formats in Verified
  * Exec.
  *
diff -r 7e24c4c0ec53 -r 4aa1b1dc1fc1 sys/kern/vfs_syscalls.c
--- a/sys/kern/vfs_syscalls.c   Fri Aug 19 12:29:18 2005 +0000
+++ b/sys/kern/vfs_syscalls.c   Fri Aug 19 12:30:02 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vfs_syscalls.c,v 1.228 2005/08/19 02:04:03 christos Exp $      */
+/*     $NetBSD: vfs_syscalls.c,v 1.229 2005/08/19 12:30:02 elad Exp $  */
 
 /*
  * Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.228 2005/08/19 02:04:03 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.229 2005/08/19 12:30:02 elad Exp $");
 
 #include "opt_compat_netbsd.h"
 #include "opt_compat_43.h"
@@ -66,7 +66,7 @@
 #endif
 #ifdef VERIFIED_EXEC
 #include <sys/verified_exec.h>
-#endif
+#endif /* VERIFIED_EXEC */
 
 #include <miscfs/genfs/genfs.h>
 #include <miscfs/syncfs/syncfs.h>
@@ -1769,7 +1769,7 @@
                vput(vp);
                goto out;
        }
-#endif
+#endif /* VERIFIED_EXEC */
        
        if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
                VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
@@ -3096,6 +3096,11 @@
                error = -1;
        }
 
+#ifdef VERIFIED_EXEC
+       if (!error)
+               error = veriexec_renamechk(fvp, fromnd.ni_dirp, tond.ni_dirp);
+#endif /* VERIFIED_EXEC */
+
 out:
        if (!error) {
                VOP_LEASE(tdvp, p, p->p_ucred, LEASE_WRITE);
diff -r 7e24c4c0ec53 -r 4aa1b1dc1fc1 sys/sys/verified_exec.h
--- a/sys/sys/verified_exec.h   Fri Aug 19 12:29:18 2005 +0000
+++ b/sys/sys/verified_exec.h   Fri Aug 19 12:30:02 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: verified_exec.h,v 1.16 2005/08/02 16:14:10 elad Exp $  */
+/*     $NetBSD: verified_exec.h,v 1.17 2005/08/19 12:30:02 elad Exp $  */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -41,7 +41,7 @@
 #include <sys/param.h>
 #include <sys/hash.h>
 
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.16 2005/08/02 16:14:10 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.17 2005/08/19 12:30:02 elad Exp $");
 
 /* Max length of the fingerprint type string, including terminating \0 char */
 #define VERIEXEC_TYPE_MAXLEN 9
@@ -188,6 +188,7 @@
 int veriexec_verify(struct proc *, struct vnode *, struct vattr *,
                    const u_char *, int, struct veriexec_hash_entry **);
 int veriexec_removechk(struct proc *, struct vnode *, const char *);
+int veriexec_renamechk(struct vnode *, const char *, const char *);
 void veriexec_init_fp_ops(void);
 void veriexec_report(const u_char *, const u_char *, struct vattr *,
                     struct proc *, int, int, int);