Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src sync up with latest openbsd systrace.
details: https://anonhg.NetBSD.org/src/rev/cbeebf967125
branches: trunk
changeset: 534607:cbeebf967125
user: itojun <itojun%NetBSD.org@localhost>
date: Tue Jul 30 16:29:28 2002 +0000
description:
sync up with latest openbsd systrace.
- avoid race conditions by having seqno in ioctl
- better uid/gid tracking
- "replace" policy to replace args
- less diffs, as many of local changes were fed back to openbsd already
due to the 1st item, it was impossible for us to provide backward-compatibility
(new kernel + old bin/systrace won't work). upgrade both.
diffstat:
bin/systrace/Makefile | 6 +-
bin/systrace/alias.c | 202 +++++++++++++++++++++
bin/systrace/filter.c | 57 ++++-
bin/systrace/filter.h | 4 +-
bin/systrace/intercept-translate.c | 41 ++--
bin/systrace/intercept.c | 278 ++++++++++++++++++++---------
bin/systrace/intercept.h | 60 ++++--
bin/systrace/lex.l | 8 +-
bin/systrace/netbsd-syscalls.c | 93 ++++++++-
bin/systrace/openbsd-syscalls.c | 181 +++++++++++++-----
bin/systrace/parse.y | 11 +-
bin/systrace/policy.c | 33 +-
bin/systrace/register.c | 301 ++++++++++++++++++++++++++++++++
bin/systrace/systrace-translate.c | 127 +++++++++++-
bin/systrace/systrace.1 | 70 +++++--
bin/systrace/systrace.c | 346 +++++++++++++++---------------------
bin/systrace/systrace.h | 61 ++++++-
bin/systrace/util.c | 11 +-
bin/systrace/util.h | 4 +-
sys/kern/kern_systrace.c | 334 +++++++++++++++++++++++++---------
sys/sys/systrace.h | 20 +-
21 files changed, 1658 insertions(+), 590 deletions(-)
diffs (truncated from 3949 to 300 lines):
diff -r 37994ace9212 -r cbeebf967125 bin/systrace/Makefile
--- a/bin/systrace/Makefile Tue Jul 30 16:16:38 2002 +0000
+++ b/bin/systrace/Makefile Tue Jul 30 16:29:28 2002 +0000
@@ -1,14 +1,14 @@
-# $NetBSD: Makefile,v 1.4 2002/06/18 09:52:04 itojun Exp $
+# $NetBSD: Makefile,v 1.5 2002/07/30 16:29:29 itojun Exp $
# $OpenBSD: Makefile,v 1.4 2002/06/05 17:34:56 mickey Exp $
PROG= systrace
SRCS= filter.c intercept-translate.c intercept.c \
netbsd-syscalls.c util.c \
policy.c systrace-errno.h systrace-error.c \
- systrace-translate.c systrace.c \
+ systrace-translate.c systrace.c alias.c register.c \
parse.y lex.l
-CPPFLAGS+= -I. -I${.CURDIR}/../../sys -I${.CURDIR}
+CPPFLAGS+= -I. -I${.CURDIR} -I${.CURDIR}/../../sys
YHEADER=yes
diff -r 37994ace9212 -r cbeebf967125 bin/systrace/alias.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/bin/systrace/alias.c Tue Jul 30 16:29:28 2002 +0000
@@ -0,0 +1,202 @@
+/* $NetBSD: alias.c,v 1.1 2002/07/30 16:29:30 itojun Exp $ */
+/* $OpenBSD: alias.c,v 1.4 2002/07/30 05:55:08 itojun Exp $ */
+/*
+ * Copyright 2002 Niels Provos <provos%citi.umich.edu@localhost>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/tree.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <grp.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <ctype.h>
+#include <err.h>
+
+#include "intercept.h"
+#include "systrace.h"
+
+static SPLAY_HEAD(alitr, systrace_alias) aliasroot;
+static SPLAY_HEAD(revtr, systrace_revalias) revroot;
+
+static int aliascompare(struct systrace_alias *, struct systrace_alias *);
+static int revcompare(struct systrace_revalias *, struct systrace_revalias *);
+
+static int
+aliascompare(struct systrace_alias *a, struct systrace_alias *b)
+{
+ int diff;
+
+ diff = strcmp(a->emulation, b->emulation);
+ if (diff)
+ return (diff);
+ return (strcmp(a->name, b->name));
+}
+
+static int
+revcompare(struct systrace_revalias *a, struct systrace_revalias *b)
+{
+ int diff;
+
+ diff = strcmp(a->emulation, b->emulation);
+ if (diff)
+ return (diff);
+ return (strcmp(a->name, b->name));
+}
+
+SPLAY_PROTOTYPE(alitr, systrace_alias, node, aliascompare);
+SPLAY_GENERATE(alitr, systrace_alias, node, aliascompare);
+
+SPLAY_PROTOTYPE(revtr, systrace_revalias, node, revcompare);
+SPLAY_GENERATE(revtr, systrace_revalias, node, revcompare);
+
+int
+systrace_initalias(void)
+{
+ SPLAY_INIT(&aliasroot);
+ SPLAY_INIT(&revroot);
+
+ return (0);
+}
+
+struct systrace_alias *
+systrace_find_alias(const char *emulation, const char *name)
+{
+ struct systrace_alias tmp;
+
+ strlcpy(tmp.emulation, emulation, sizeof(tmp.emulation));
+ strlcpy(tmp.name, name, sizeof(tmp.name));
+
+ return (SPLAY_FIND(alitr, &aliasroot, &tmp));
+}
+
+struct systrace_revalias *
+systrace_find_reverse(const char *emulation, const char *name)
+{
+ struct systrace_revalias tmp;
+
+ strlcpy(tmp.emulation, emulation, sizeof(tmp.emulation));
+ strlcpy(tmp.name, name, sizeof(tmp.name));
+
+ return (SPLAY_FIND(revtr, &revroot, &tmp));
+}
+
+struct systrace_revalias *
+systrace_reverse(const char *emulation, const char *name)
+{
+ struct systrace_revalias tmp, *reverse;
+
+ strlcpy(tmp.emulation, emulation, sizeof(tmp.emulation));
+ strlcpy(tmp.name, name, sizeof(tmp.name));
+
+ reverse = SPLAY_FIND(revtr, &revroot, &tmp);
+ if (reverse != NULL)
+ return (reverse);
+
+ reverse = calloc(1, sizeof(struct systrace_alias));
+ if (reverse == NULL)
+ err(1, "%s: %s-%s: malloc", __func__, emulation, name);
+
+ strlcpy(reverse->emulation, emulation, sizeof(reverse->emulation));
+ strlcpy(reverse->name, name, sizeof(reverse->name));
+
+ TAILQ_INIT(&reverse->revl);
+
+ if (SPLAY_INSERT(revtr, &revroot, reverse) != NULL)
+ errx(1, "%s: %s-%s: double revalias",
+ __func__, emulation, name);
+
+ return (reverse);
+}
+
+struct systrace_alias *
+systrace_new_alias(const char *emulation, const char *name,
+ char *aemul, char *aname)
+{
+ struct systrace_alias *alias;
+ struct systrace_revalias *reverse;
+
+ alias = malloc(sizeof(struct systrace_alias));
+ if (alias == NULL)
+ err(1, "%s: %s-%s: malloc", __func__, emulation, name);
+
+ strlcpy(alias->emulation, emulation, sizeof(alias->emulation));
+ strlcpy(alias->name, name, sizeof(alias->name));
+ strlcpy(alias->aemul, aemul, sizeof(alias->aemul));
+ strlcpy(alias->aname, aname, sizeof(alias->aname));
+ alias->nargs = 0;
+
+ if (SPLAY_INSERT(alitr, &aliasroot, alias) != NULL)
+ errx(1, "%s: %s-%s: double alias", __func__, emulation, name);
+
+ reverse = systrace_reverse(aemul, aname);
+ alias->reverse = reverse;
+ TAILQ_INSERT_TAIL(&reverse->revl, alias, next);
+
+ return (alias);
+}
+
+void
+systrace_switch_alias(const char *emulation, const char *name,
+ char *aemul, char *aname)
+{
+ struct systrace_alias *alias;
+ struct systrace_revalias *reverse;
+
+ if ((alias = systrace_find_alias(emulation, name)) == NULL)
+ errx(1, "%s: unknown alias %s-%s", __func__, emulation, name);
+
+ /* Switch to a different alias */
+ reverse = alias->reverse;
+ TAILQ_REMOVE(&reverse->revl, alias, next);
+
+ strlcpy(alias->aemul, aemul, sizeof(alias->aemul));
+ strlcpy(alias->aname, aname, sizeof(alias->aname));
+
+ reverse = systrace_reverse(aemul, aname);
+ alias->reverse = reverse;
+ TAILQ_INSERT_TAIL(&reverse->revl, alias, next);
+}
+
+/* Add an already translated argument to this alias */
+
+void
+systrace_alias_add_trans(struct systrace_alias *alias,
+ struct intercept_translate *tl)
+{
+ if (alias->nargs >= SYSTRACE_MAXALIAS)
+ errx(1, "%s: too many arguments", __func__);
+
+ alias->arguments[alias->nargs++] = tl;
+}
diff -r 37994ace9212 -r cbeebf967125 bin/systrace/filter.c
--- a/bin/systrace/filter.c Tue Jul 30 16:16:38 2002 +0000
+++ b/bin/systrace/filter.c Tue Jul 30 16:29:28 2002 +0000
@@ -1,6 +1,5 @@
-/* $NetBSD: filter.c,v 1.2 2002/06/18 02:49:08 thorpej Exp $ */
-/* $OpenBSD: filter.c,v 1.11 2002/06/11 05:30:28 provos Exp $ */
-
+/* $NetBSD: filter.c,v 1.3 2002/07/30 16:29:30 itojun Exp $ */
+/* $OpenBSD: filter.c,v 1.15 2002/07/19 14:38:57 itojun Exp $ */
/*
* Copyright 2002 Niels Provos <provos%citi.umich.edu@localhost>
* All rights reserved.
@@ -31,12 +30,13 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: filter.c,v 1.2 2002/06/18 02:49:08 thorpej Exp $");
+__RCSID("$NetBSD: filter.c,v 1.3 2002/07/30 16:29:30 itojun Exp $");
#include <sys/param.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/tree.h>
+#include <limits.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -48,9 +48,9 @@
#include "intercept.h"
#include "systrace.h"
#include "filter.h"
-#include "util.h"
extern int allow;
+extern int noalias;
extern int connected;
extern char cwd[];
@@ -219,11 +219,13 @@
int
filter_parse_simple(char *rule, short *paction, short *pfuture)
{
- char buf[1024];
+ char buf[_POSIX2_LINE_MAX];
int isfuture = 1;
char *line, *p;
- strlcpy(buf, rule, sizeof(buf));
+ if (strlcpy(buf, rule, sizeof(buf)) >= sizeof(buf))
+ return (-1);
+
line = buf;
if (!strcmp("permit", line)) {
@@ -266,6 +268,34 @@
return (NULL);
}
+void
+filter_modifypolicy(int fd, int policynr, const char *emulation,
+ const char *name, short future)
+{
+ struct systrace_revalias *reverse = NULL;
+
+ if (!noalias)
+ reverse = systrace_find_reverse(emulation, name);
+ if (reverse == NULL) {
+ if (systrace_modifypolicy(fd, policynr, name, future) == -1)
+ errx(1, "%s:%d: modify policy for %s-%s",
+ __func__, __LINE__, emulation, name);
+ } else {
+ struct systrace_alias *alias;
+
Home |
Main Index |
Thread Index |
Old Index