o Introduce kern.suser_permitted, a sysctl that disables the suser_xxx()
returning anything but EPERM. o suser is enabled by default; once disabled, cannot be reenabled o To be used in alternative security models where uid0 does not connote additional privileges o Should be noted that uid0 still has some additional powers as it owns many important files and executables, so suffers from the same fundamental security flaws as securelevels. This is fixed with MAC integrity protection code (in progress) o Not safe for consumption unless you are *really* sure you don't want things like shutdown to work, et al :-) Obtained from: TrustedBSD Project
This commit is contained in:
Robert Watson
parent
192851dbff
commit
0309554711
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=61282
@ -182,6 +182,30 @@ sysctl_kern_securelvl SYSCTL_HANDLER_ARGS
|
||||
SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel, CTLTYPE_INT|CTLFLAG_RW,
|
||||
0, 0, sysctl_kern_securelvl, "I", "Current secure level");
|
||||
|
||||
int suser_permitted = 1;
|
||||
|
||||
static int
|
||||
sysctl_kern_suser_permitted SYSCTL_HANDLER_ARGS
|
||||
{
|
||||
int error, flag;
|
||||
|
||||
flag = suser_permitted;
|
||||
|
||||
error = sysctl_handle_int(oidp, &flag, 0, req);
|
||||
if (error || !req->newptr)
|
||||
return (error);
|
||||
if (flag != 0 && flag != 1)
|
||||
return(EPERM);
|
||||
if (!suser_permitted)
|
||||
return(EPERM);
|
||||
suser_permitted = flag;
|
||||
return (0);
|
||||
}
|
||||
|
||||
SYSCTL_PROC(_kern, OID_AUTO, suser_permitted,
|
||||
CTLTYPE_INT|CTLFLAG_RW, 0, 0, sysctl_kern_suser_permitted, "I",
|
||||
"processes with uid 0 have privilege");
|
||||
|
||||
char domainname[MAXHOSTNAMELEN];
|
||||
SYSCTL_STRING(_kern, KERN_NISDOMAINNAME, domainname, CTLFLAG_RW,
|
||||
&domainname, sizeof(domainname), "Name of the current YP/NIS domain");
|
||||
|
||||
@ -950,6 +950,8 @@ suser_xxx(cred, proc, flag)
|
||||
struct proc *proc;
|
||||
int flag;
|
||||
{
|
||||
if (!suser_permitted)
|
||||
return (EPERM);
|
||||
if (!cred && !proc) {
|
||||
printf("suser_xxx(): THINK!\n");
|
||||
return (EPERM);
|
||||
|
||||
@ -47,6 +47,7 @@
|
||||
#include <sys/callout.h>
|
||||
|
||||
extern int securelevel; /* system security level (see init(8)) */
|
||||
extern int suser_permitted; /* suser_xxx() is permitted to return 0 */
|
||||
|
||||
extern int cold; /* nonzero if we are doing a cold boot */
|
||||
extern const char *panicstr; /* panic message */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user