Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/sys/dev Pull up revision 1.17 (requested by elad in ticke...
details: https://anonhg.NetBSD.org/src/rev/34f2b21f32db
branches: netbsd-3
changeset: 576386:34f2b21f32db
user: tron <tron%NetBSD.org@localhost>
date: Sat Jul 02 15:58:23 2005 +0000
description:
Pull up revision 1.17 (requested by elad in ticket #487):
- Use more calls to veriexec_report() where possible.
- Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add
sysctl(3) bits.
- Simplify access type conflict handling during load. This depends on
the values of access type defines to be ordered from least to most
'strict'.
diffstat:
sys/dev/verified_exec.c | 59 +++++++++++++++++++++++-------------------------
1 files changed, 28 insertions(+), 31 deletions(-)
diffs (98 lines):
diff -r f972ef42eab9 -r 34f2b21f32db sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c Sat Jul 02 15:58:17 2005 +0000
+++ b/sys/dev/verified_exec.c Sat Jul 02 15:58:23 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verified_exec.c,v 1.5.2.10 2005/07/02 15:53:46 tron Exp $ */
+/* $NetBSD: verified_exec.c,v 1.5.2.11 2005/07/02 15:58:23 tron Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -31,9 +31,9 @@
#include <sys/cdefs.h>
#if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.10 2005/07/02 15:53:46 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.11 2005/07/02 15:58:23 tron Exp $");
#else
-__RCSID("$Id: verified_exec.c,v 1.5.2.10 2005/07/02 15:53:46 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.10 2005/07/02 15:53:46 tron Exp $");
+__RCSID("$Id: verified_exec.c,v 1.5.2.11 2005/07/02 15:58:23 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.11 2005/07/02 15:58:23 tron Exp $");
#endif
#include <sys/param.h>
@@ -121,11 +121,11 @@
veriexecopen(dev_t dev __unused, int flags __unused,
int fmt __unused, struct proc *p __unused)
{
-#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
- printf("Veriexec: veriexecopen: Veriexec load device open attempt by "
- "uid=%u, pid=%u. (dev=%d)\n", p->p_ucred->cr_uid,
- p->p_pid, dev);
-#endif
+ if (veriexec_verbose >= 2) {
+ printf("Veriexec: veriexecopen: Veriexec load device "
+ "open attempt by uid=%u, pid=%u. (dev=%d)\n",
+ p->p_ucred->cr_uid, p->p_pid, dev);
+ }
if (suser(p->p_ucred, &p->p_acflag) != 0)
return (EPERM);
@@ -207,6 +207,7 @@
error = namei(&nid);
if (error)
return (error);
+
/* Add only regular files. */
if (nid.ni_vp->v_type != VREG) {
printf("Veriexec: veriexecioctl: Not adding \"%s\": "
@@ -232,32 +233,28 @@
hh = veriexec_lookup(va.va_fsid, va.va_fileid);
if (hh != NULL) {
/*
- * Duplicate entry. Still check the type to
- * ensure enforcement of a stricter policy.
- * i.e. if orignal entry was direct exec but
- * the new params flag the file as indirect or
- * file then update the hash entry to the new
- * type to ensure duplicate entries do not
- * degrade the security policy...
+ * Duplicate entry; handle access type conflict
+ * and enforce 'FILE' over 'INDIRECT' over
+ * 'DIRECT'.
*/
-
- if ((hh->type != params->type) &&
- ((params->type == VERIEXEC_INDIRECT) ||
- (params->type == VERIEXEC_FILE))) {
+ if (hh->type < params->type) {
hh->type = params->type;
- printf("Veriexec: veriexecioctl: Duplicate "
- "entry for %s, (dev=%ld, inode=%ld) "
- "but type mismatched. "
- "Updating type to stricter one\n",
- params->file, va.va_fsid, va.va_fileid);
+
+ veriexec_report("Duplicate entry with "
+ "access type mismatch. "
+ "Updating to stricter "
+ "type.", params->file,
+ &va, NULL,
+ REPORT_NOVERBOSE,
+ REPORT_NOALARM,
+ REPORT_NOPANIC);
+ } else {
+ veriexec_report("Duplicate entry.",
+ params->file, &va, NULL,
+ REPORT_VERBOSE_HIGH,
+ REPORT_NOALARM,
+ REPORT_NOPANIC);
}
-
-#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
- printf("Veriexec: veriexecioctl: Duplicate "
- "entry for %s. (dev=%ld, inode=%ld) "
- "Ignoring.\n", params->file,
- va.va_fsid, va.va_fileid);
-#endif
return (0);
}
Home |
Main Index |
Thread Index |
Old Index