Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges. These may require some future tweaking. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
This commit is contained in:
parent
800c940832
commit
acd3428b7d
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=164033
@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/signalvar.h>
|
||||
#include <sys/systm.h>
|
||||
@ -54,7 +55,7 @@ ioopen(struct cdev *dev __unused, int flags __unused, int fmt __unused,
|
||||
{
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_IO);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
error = securelevel_gt(td->td_ucred, 0);
|
||||
|
@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/mount.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/reboot.h>
|
||||
#include <sys/resourcevar.h>
|
||||
@ -1020,7 +1021,8 @@ linux_setgroups(struct thread *td, struct linux_setgroups_args *args)
|
||||
* Keep cr_groups[0] unchanged to prevent that.
|
||||
*/
|
||||
|
||||
if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
|
||||
if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
|
||||
SUSER_ALLOWJAIL)) != 0) {
|
||||
PROC_UNLOCK(p);
|
||||
crfree(newcred);
|
||||
return (error);
|
||||
@ -1341,7 +1343,7 @@ linux_reboot(struct thread *td, struct linux_reboot_args *args)
|
||||
switch (args->cmd) {
|
||||
case REBOOT_CAD_ON:
|
||||
case REBOOT_CAD_OFF:
|
||||
return suser(td);
|
||||
return (priv_check(td, PRIV_REBOOT));
|
||||
case REBOOT_HALT:
|
||||
bsd_args.opt = RB_HALT;
|
||||
break;
|
||||
|
@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/syscallsubr.h>
|
||||
#include <sys/sysproto.h>
|
||||
@ -123,7 +124,8 @@ linux_setgroups16(struct thread *td, struct linux_setgroups16_args *args)
|
||||
* Keep cr_groups[0] unchanged to prevent that.
|
||||
*/
|
||||
|
||||
if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
|
||||
if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
|
||||
SUSER_ALLOWJAIL)) != 0) {
|
||||
PROC_UNLOCK(p);
|
||||
crfree(newcred);
|
||||
return (error);
|
||||
|
@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/mount.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/syscallsubr.h>
|
||||
@ -280,7 +281,8 @@ fd_revoke(td, fd)
|
||||
goto out;
|
||||
|
||||
if (td->td_ucred->cr_uid != vattr.va_uid &&
|
||||
(error = suser(td)) != 0)
|
||||
(error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
|
||||
SUSER_ALLOWJAIL)) != 0)
|
||||
goto out;
|
||||
|
||||
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
|
||||
|
@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/msg.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/ptrace.h>
|
||||
#include <sys/resource.h>
|
||||
@ -611,7 +612,8 @@ svr4_sys_fchroot(td, uap)
|
||||
struct file *fp;
|
||||
int error, vfslocked;
|
||||
|
||||
if ((error = suser(td)) != 0)
|
||||
if ((error = priv_check_cred(td->td_ucred, PRIV_VFS_FCHROOT,
|
||||
SUSER_ALLOWJAIL)) != 0)
|
||||
return error;
|
||||
if ((error = getvnode(fdp, uap->fd, &fp)) != 0)
|
||||
return error;
|
||||
|
@ -1062,7 +1062,9 @@ cbqioctl(dev, cmd, addr, flag, p)
|
||||
/* currently only command that an ordinary user can call */
|
||||
break;
|
||||
default:
|
||||
#if (__FreeBSD_version > 400000)
|
||||
#if (__FreeBSD_version > 700000)
|
||||
error = priv_check(p, PRIV_ALTQ_MANAGE);
|
||||
#elsif (__FreeBSD_version > 400000)
|
||||
error = suser(p);
|
||||
#else
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
|
@ -1262,7 +1262,9 @@ cdnrioctl(dev, cmd, addr, flag, p)
|
||||
case CDNR_GETSTATS:
|
||||
break;
|
||||
default:
|
||||
#if (__FreeBSD_version > 400000)
|
||||
#if (__FreeBSD_version > 700000)
|
||||
if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
|
||||
#elsif (__FreeBSD_version > 400000)
|
||||
if ((error = suser(p)) != 0)
|
||||
#else
|
||||
if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
|
||||
|
@ -1975,7 +1975,10 @@ hfscioctl(dev, cmd, addr, flag, p)
|
||||
case HFSC_GETSTATS:
|
||||
break;
|
||||
default:
|
||||
#if (__FreeBSD_version > 400000)
|
||||
#if (__FreeBSD_version > 700000)
|
||||
if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
|
||||
return (error);
|
||||
#elsif (__FreeBSD_version > 400000)
|
||||
if ((error = suser(p)) != 0)
|
||||
return (error);
|
||||
#else
|
||||
|
@ -772,7 +772,10 @@ priqioctl(dev, cmd, addr, flag, p)
|
||||
case PRIQ_GETSTATS:
|
||||
break;
|
||||
default:
|
||||
#if (__FreeBSD_version > 400000)
|
||||
#if (__FreeBSD_version > 700000)
|
||||
if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
|
||||
return (error);
|
||||
#elsif (__FreeBSD_version > 400000)
|
||||
if ((error = suser(p)) != 0)
|
||||
return (error);
|
||||
#else
|
||||
|
@ -781,7 +781,9 @@ redioctl(dev, cmd, addr, flag, p)
|
||||
case RED_GETSTATS:
|
||||
break;
|
||||
default:
|
||||
#if (__FreeBSD_version > 400000)
|
||||
#if (__FreeBSD_version > 700000)
|
||||
if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
|
||||
#elsif (__FreeBSD_version > 400000)
|
||||
if ((error = suser(p)) != 0)
|
||||
#else
|
||||
if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
|
||||
|
@ -531,7 +531,10 @@ rioioctl(dev, cmd, addr, flag, p)
|
||||
case RIO_GETSTATS:
|
||||
break;
|
||||
default:
|
||||
#if (__FreeBSD_version > 400000)
|
||||
#if (__FreeBSD_version > 700000)
|
||||
if ((error = priv_check(p, PRIV_ALTQ_MANAGE)) != 0)
|
||||
return (error);
|
||||
#elsif (__FreeBSD_version > 400000)
|
||||
if ((error = suser(p)) != 0)
|
||||
return (error);
|
||||
#else
|
||||
|
@ -54,6 +54,9 @@
|
||||
#endif
|
||||
|
||||
#include <sys/param.h>
|
||||
#ifdef __FreeBSD__
|
||||
#include <sys/priv.h>
|
||||
#endif
|
||||
#include <sys/proc.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/time.h>
|
||||
@ -1057,7 +1060,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
break;
|
||||
case SIOCSETPFSYNC:
|
||||
#ifdef __FreeBSD__
|
||||
if ((error = suser(curthread)) != 0)
|
||||
if ((error = priv_check(curthread, PRIV_NETINET_PF)) != 0)
|
||||
#else
|
||||
if ((error = suser(p, p->p_acflag)) != 0)
|
||||
#endif
|
||||
|
@ -92,6 +92,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/systm.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/socket.h>
|
||||
@ -1920,7 +1921,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
|
||||
break;
|
||||
#ifdef ANCACHE
|
||||
if (sc->areq.an_type == AN_RID_ZERO_CACHE) {
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_DRIVER);
|
||||
if (error)
|
||||
break;
|
||||
sc->an_sigitems = sc->an_nextitem = 0;
|
||||
@ -1944,7 +1945,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
|
||||
error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq));
|
||||
break;
|
||||
case SIOCSAIRONET:
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_DRIVER)))
|
||||
goto out;
|
||||
error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq));
|
||||
if (error != 0)
|
||||
@ -1952,7 +1953,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
|
||||
an_setdef(sc, &sc->areq);
|
||||
break;
|
||||
case SIOCGPRIVATE_0: /* used by Cisco client utility */
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_DRIVER)))
|
||||
goto out;
|
||||
error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
|
||||
if (error)
|
||||
@ -1974,7 +1975,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
|
||||
}
|
||||
break;
|
||||
case SIOCGPRIVATE_1: /* used by Cisco client utility */
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_DRIVER)))
|
||||
goto out;
|
||||
error = copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
|
||||
if (error)
|
||||
@ -2226,7 +2227,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
|
||||
}
|
||||
break;
|
||||
case SIOCS80211:
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_NET80211_MANAGE)))
|
||||
goto out;
|
||||
sc->areq.an_len = sizeof(sc->areq);
|
||||
/*
|
||||
|
@ -43,6 +43,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/conf.h>
|
||||
|
||||
@ -504,7 +505,7 @@ arl_ioctl(ifp, cmd, data)
|
||||
break;
|
||||
|
||||
case SIOCS80211:
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_NET80211_MANAGE)))
|
||||
break;
|
||||
switch (ireq->i_type) {
|
||||
case IEEE80211_IOC_SSID:
|
||||
@ -577,7 +578,7 @@ arl_ioctl(ifp, cmd, data)
|
||||
}
|
||||
case SIOCGARLALL:
|
||||
bzero(&arlan_io, sizeof(arlan_io));
|
||||
if (!suser(td)) {
|
||||
if (!priv_check(td, PRIV_DRIVER)) {
|
||||
bcopy(ar->systemId, arlan_io.cfg.sid, 4);
|
||||
}
|
||||
|
||||
@ -616,7 +617,7 @@ arl_ioctl(ifp, cmd, data)
|
||||
} while (0)
|
||||
|
||||
case SIOCSARLALL:
|
||||
if (suser(td))
|
||||
if (priv_check(td, PRIV_DRIVER))
|
||||
break;
|
||||
|
||||
user = (void *)ifr->ifr_data;
|
||||
|
@ -117,6 +117,7 @@
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/ioccom.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/bus.h>
|
||||
#include <machine/resource.h>
|
||||
@ -3125,7 +3126,7 @@ asr_open(struct cdev *dev, int32_t flags, int32_t ifmt, struct thread *td)
|
||||
s = splcam ();
|
||||
if (ASR_ctlr_held) {
|
||||
error = EBUSY;
|
||||
} else if ((error = suser(td)) == 0) {
|
||||
} else if ((error = priv_check(td, PRIV_DRIVER)) == 0) {
|
||||
++ASR_ctlr_held;
|
||||
}
|
||||
splx(s);
|
||||
|
@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/bio.h>
|
||||
#include <sys/bus.h>
|
||||
@ -257,8 +258,11 @@ acd_geom_ioctl(struct g_provider *pp, u_long cmd, void *addr, int fflag, struct
|
||||
cdp->flags |= F_LOCKED;
|
||||
break;
|
||||
|
||||
/*
|
||||
* XXXRW: Why does this require privilege?
|
||||
*/
|
||||
case CDIOCRESET:
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_DRIVER);
|
||||
if (error)
|
||||
break;
|
||||
error = acd_test_ready(dev);
|
||||
|
@ -29,6 +29,7 @@ __FBSDID("$FreeBSD$");
|
||||
#if NPCI > 0
|
||||
|
||||
#include <sys/ucred.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/mbuf.h>
|
||||
@ -1341,9 +1342,11 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else /* __FreeBSD_version >= 500000 */
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#endif /* __FreeBSD_version >= 500000 */
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
#if __FreeBSD_version >= 600034
|
||||
@ -1380,8 +1383,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1408,8 +1413,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1426,8 +1433,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
CE_DEBUG2 (d, ("ioctl: setcfg\n"));
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1526,8 +1535,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1560,8 +1571,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1586,8 +1599,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1608,8 +1623,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1634,8 +1651,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1658,8 +1677,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1686,8 +1707,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1708,8 +1731,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1734,8 +1759,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1758,8 +1785,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1784,8 +1813,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1810,8 +1841,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1836,8 +1869,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1867,8 +1902,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1892,8 +1929,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1909,8 +1948,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
@ -1945,8 +1986,10 @@ static int ce_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
/* Only for superuser! */
|
||||
#if __FreeBSD_version < 500000
|
||||
error = suser (p);
|
||||
#else
|
||||
#elsif __FreeBSD_version < 700000
|
||||
error = suser (td);
|
||||
#else
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
|
@ -236,6 +236,7 @@ struct cfattach cnw_ca = {
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/ucred.h>
|
||||
#include <sys/socket.h>
|
||||
@ -1339,7 +1340,7 @@ cnw_ioctl(ifp, cmd, data)
|
||||
#if !defined(__FreeBSD__)
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
#else
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
break;
|
||||
@ -1350,7 +1351,7 @@ cnw_ioctl(ifp, cmd, data)
|
||||
#if !defined(__FreeBSD__)
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
#else
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
break;
|
||||
@ -1361,7 +1362,7 @@ cnw_ioctl(ifp, cmd, data)
|
||||
#if !defined(__FreeBSD__)
|
||||
error = suser(p->p_ucred, &p->p_acflag);
|
||||
#else
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_DRIVER);
|
||||
#endif
|
||||
if (error)
|
||||
break;
|
||||
|
@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/module.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/sysctl.h>
|
||||
@ -1071,7 +1072,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETPROTO:
|
||||
CP_DEBUG2 (d, ("ioctl: setproto\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (d->ifp->if_drv_flags & IFF_DRV_RUNNING)
|
||||
@ -1102,7 +1103,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETKEEPALIVE:
|
||||
CP_DEBUG2 (d, ("ioctl: setkeepalive\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if ((IFP2SP(d->ifp)->pp_flags & PP_FR) ||
|
||||
@ -1126,7 +1127,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETMODE:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (*(int*)data != SERIAL_HDLC)
|
||||
@ -1142,7 +1143,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETCFG:
|
||||
CP_DEBUG2 (d, ("ioctl: setcfg\n"));
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_E1)
|
||||
@ -1239,7 +1240,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_CLRSTAT:
|
||||
CP_DEBUG2 (d, ("ioctl: clrstat\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
c->rintr = 0;
|
||||
@ -1268,7 +1269,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETBAUD:
|
||||
CP_DEBUG2 (d, ("ioctl: setbaud\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1286,7 +1287,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETLOOP:
|
||||
CP_DEBUG2 (d, ("ioctl: setloop\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1306,7 +1307,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETDPLL:
|
||||
CP_DEBUG2 (d, ("ioctl: setdpll\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_SERIAL)
|
||||
@ -1328,7 +1329,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETNRZI:
|
||||
CP_DEBUG2 (d, ("ioctl: setnrzi\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_SERIAL)
|
||||
@ -1348,7 +1349,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETDEBUG:
|
||||
CP_DEBUG2 (d, ("ioctl: setdebug\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
d->chan->debug = *(int*)data;
|
||||
@ -1370,7 +1371,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETHIGAIN:
|
||||
CP_DEBUG2 (d, ("ioctl: sethigain\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_E1)
|
||||
@ -1392,7 +1393,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETPHONY:
|
||||
CP_DEBUG2 (d, ("ioctl: setphony\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_E1)
|
||||
@ -1414,7 +1415,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETUNFRAM:
|
||||
CP_DEBUG2 (d, ("ioctl: setunfram\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_E1)
|
||||
@ -1436,7 +1437,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETSCRAMBLER:
|
||||
CP_DEBUG2 (d, ("ioctl: setscrambler\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_G703 && !c->unfram)
|
||||
@ -1461,7 +1462,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETMONITOR:
|
||||
CP_DEBUG2 (d, ("ioctl: setmonitor\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_E1)
|
||||
@ -1483,7 +1484,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETUSE16:
|
||||
CP_DEBUG2 (d, ("ioctl: setuse16\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_E1)
|
||||
@ -1505,7 +1506,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETCRC4:
|
||||
CP_DEBUG2 (d, ("ioctl: setcrc4\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_E1)
|
||||
@ -1538,7 +1539,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETCLK:
|
||||
CP_DEBUG2 (d, ("ioctl: setclk\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_E1 &&
|
||||
@ -1571,7 +1572,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETTIMESLOTS:
|
||||
CP_DEBUG2 (d, ("ioctl: settimeslots\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if ((c->type != T_E1 || c->unfram) && c->type != T_DATA)
|
||||
@ -1597,7 +1598,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETINVCLK:
|
||||
CP_DEBUG2 (d, ("ioctl: setinvclk\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_SERIAL)
|
||||
@ -1620,7 +1621,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETINVTCLK:
|
||||
CP_DEBUG2 (d, ("ioctl: setinvtclk\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_SERIAL)
|
||||
@ -1642,7 +1643,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETINVRCLK:
|
||||
CP_DEBUG2 (d, ("ioctl: setinvrclk\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->type != T_SERIAL)
|
||||
@ -1669,7 +1670,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_RESET:
|
||||
CP_DEBUG2 (d, ("ioctl: reset\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1682,7 +1683,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_HARDRESET:
|
||||
CP_DEBUG2 (d, ("ioctl: hardreset\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1714,7 +1715,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETDIR:
|
||||
CP_DEBUG2 (d, ("ioctl: setdir\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1739,7 +1740,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
if (c->type != T_E3 && c->type != T_T3 && c->type != T_STS1)
|
||||
return EINVAL;
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1761,7 +1762,7 @@ static int cp_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
if (c->type != T_T3 && c->type != T_STS1)
|
||||
return EINVAL;
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
|
@ -32,6 +32,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/conf.h>
|
||||
@ -1300,7 +1301,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETPROTO:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (d->ifp->if_drv_flags & IFF_DRV_RUNNING)
|
||||
@ -1328,7 +1329,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETKEEPALIVE:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if ((IFP2SP(d->ifp)->pp_flags & PP_FR) ||
|
||||
@ -1357,7 +1358,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETCFG:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_HDLC)
|
||||
@ -1435,7 +1436,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_CLRSTAT:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
c->rintr = 0;
|
||||
@ -1458,7 +1459,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETBAUD:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1474,7 +1475,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETLOOP:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1492,7 +1493,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETDPLL:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_E1 || c->mode == M_G703)
|
||||
@ -1512,7 +1513,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETNRZI:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_E1 || c->mode == M_G703)
|
||||
@ -1530,7 +1531,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETDEBUG:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
c->debug = *(int*)data;
|
||||
@ -1550,7 +1551,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETHIGAIN:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1572,7 +1573,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
if (c->mode != M_E1)
|
||||
return EINVAL;
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1595,7 +1596,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETCLK:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1619,7 +1620,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETTIMESLOTS:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1637,7 +1638,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETSUBCHAN:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splimp ();
|
||||
@ -1663,7 +1664,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETINVCLK:
|
||||
case SERIAL_SETINVTCLK:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_E1 || c->mode == M_G703)
|
||||
@ -1677,7 +1678,7 @@ static int ct_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
|
||||
case SERIAL_SETINVRCLK:
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_E1 || c->mode == M_G703)
|
||||
|
@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/systm.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/sockio.h>
|
||||
@ -1632,7 +1633,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETPORT:
|
||||
CX_DEBUG2 (d, ("ioctl: setproto\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
@ -1658,7 +1659,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETPROTO:
|
||||
CX_DEBUG2 (d, ("ioctl: setproto\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_ASYNC)
|
||||
@ -1695,7 +1696,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETKEEPALIVE:
|
||||
CX_DEBUG2 (d, ("ioctl: setkeepalive\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if ((IFP2SP(d->ifp)->pp_flags & PP_FR) ||
|
||||
@ -1725,7 +1726,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETMODE:
|
||||
CX_DEBUG2 (d, ("ioctl: setmode\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
@ -1778,7 +1779,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_CLRSTAT:
|
||||
CX_DEBUG2 (d, ("ioctl: clrstat\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splhigh ();
|
||||
@ -1810,7 +1811,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETBAUD:
|
||||
CX_DEBUG2 (d, ("ioctl: setbaud\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_ASYNC)
|
||||
@ -1836,7 +1837,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETLOOP:
|
||||
CX_DEBUG2 (d, ("ioctl: setloop\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_ASYNC)
|
||||
@ -1862,7 +1863,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETDPLL:
|
||||
CX_DEBUG2 (d, ("ioctl: setdpll\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_ASYNC)
|
||||
@ -1888,7 +1889,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETNRZI:
|
||||
CX_DEBUG2 (d, ("ioctl: setnrzi\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
if (c->mode == M_ASYNC)
|
||||
@ -1912,7 +1913,7 @@ static int cx_ioctl (struct cdev *dev, u_long cmd, caddr_t data, int flag, struc
|
||||
case SERIAL_SETDEBUG:
|
||||
CX_DEBUG2 (d, ("ioctl: setdebug\n"));
|
||||
/* Only for superuser! */
|
||||
error = suser (td);
|
||||
error = priv_check (td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return error;
|
||||
s = splhigh ();
|
||||
|
@ -48,6 +48,7 @@
|
||||
#include <sys/consio.h>
|
||||
#include <sys/tty.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/ucred.h>
|
||||
|
||||
@ -293,7 +294,8 @@ dcons_open(DEV dev, int flag, int mode, THREAD *td)
|
||||
if ((tp->t_state & TS_ISOPEN) == 0) {
|
||||
tp->t_state |= TS_CARR_ON;
|
||||
ttyconsolemode(tp, 0);
|
||||
} else if ((tp->t_state & TS_XCLUDE) && suser(td)) {
|
||||
} else if ((tp->t_state & TS_XCLUDE) &&
|
||||
priv_check(td, PRIV_TTY_EXCLUSIVE)) {
|
||||
splx(s);
|
||||
return (EBUSY);
|
||||
}
|
||||
|
@ -50,6 +50,9 @@ typedef struct drm_file drm_file_t;
|
||||
#include <sys/systm.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/stat.h>
|
||||
#if __FreeBSD_version >= 700000
|
||||
#include <sys/priv.h>
|
||||
#endif
|
||||
#include <sys/proc.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/fcntl.h>
|
||||
@ -233,7 +236,11 @@ enum {
|
||||
|
||||
#define PAGE_ALIGN(addr) round_page(addr)
|
||||
/* DRM_SUSER returns true if the user is superuser */
|
||||
#if __FreeBSD_version >= 700000
|
||||
#define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0)
|
||||
#else
|
||||
#define DRM_SUSER(p) (suser(p) == 0)
|
||||
#endif
|
||||
#define DRM_AGP_FIND_DEVICE() agp_find_device()
|
||||
#define DRM_MTRR_WC MDF_WRITECOMBINE
|
||||
#define jiffies ticks
|
||||
|
@ -69,6 +69,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/rman.h>
|
||||
#include <sys/sysctl.h>
|
||||
@ -1489,8 +1490,9 @@ fd_ioctl(struct g_provider *pp, u_long cmd, void *data, int fflag, struct thread
|
||||
return (0);
|
||||
|
||||
case FD_CLRERR:
|
||||
if (suser(td) != 0)
|
||||
return (EPERM);
|
||||
error = priv_check(td, PRIV_DRIVER);
|
||||
if (error)
|
||||
return (error);
|
||||
fd->fdc->fdc_errs = 0;
|
||||
return (0);
|
||||
|
||||
|
@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/pmc.h>
|
||||
#include <sys/pmckern.h>
|
||||
#include <sys/pmclog.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/resourcevar.h>
|
||||
@ -2782,10 +2783,9 @@ pmc_syscall_handler(struct thread *td, void *syscall_args)
|
||||
KASSERT(td == curthread,
|
||||
("[pmc,%d] td != curthread", __LINE__));
|
||||
|
||||
if (suser(td) || jailed(td->td_ucred)) {
|
||||
error = EPERM;
|
||||
error = priv_check(td, PRIV_PMC_MANAGE);
|
||||
if (error)
|
||||
break;
|
||||
}
|
||||
|
||||
if ((error = copyin(arg, &pma, sizeof(pma))) != 0)
|
||||
break;
|
||||
@ -2918,11 +2918,16 @@ pmc_syscall_handler(struct thread *td, void *syscall_args)
|
||||
*/
|
||||
|
||||
if (PMC_IS_SYSTEM_MODE(mode)) {
|
||||
if (jailed(curthread->td_ucred))
|
||||
error = EPERM;
|
||||
else if (suser(curthread) &&
|
||||
(pmc_unprivileged_syspmcs == 0))
|
||||
if (jailed(curthread->td_ucred)) {
|
||||
error = EPERM;
|
||||
break;
|
||||
}
|
||||
if (!pmc_unprivileged_syspmcs) {
|
||||
error = priv_check(curthread,
|
||||
PRIV_PMC_SYSTEM);
|
||||
if (error)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (error)
|
||||
|
@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/queue.h>
|
||||
@ -2836,7 +2837,7 @@ ndis_ioctl(ifp, command, data)
|
||||
error = ENOTTY;
|
||||
break;
|
||||
case SIOCGDRVSPEC:
|
||||
if ((error = suser(curthread)))
|
||||
if ((error = priv_check(curthread, PRIV_DRIVER)))
|
||||
break;
|
||||
error = copyin(ifr->ifr_data, &oid, sizeof(oid));
|
||||
if (error)
|
||||
@ -2865,7 +2866,7 @@ ndis_ioctl(ifp, command, data)
|
||||
free(oidbuf, M_TEMP);
|
||||
break;
|
||||
case SIOCSDRVSPEC:
|
||||
if ((error = suser(curthread)))
|
||||
if ((error = priv_check(curthread, PRIV_DRIVER)))
|
||||
break;
|
||||
error = copyin(ifr->ifr_data, &oid, sizeof(oid));
|
||||
if (error)
|
||||
@ -2894,7 +2895,7 @@ ndis_ioctl(ifp, command, data)
|
||||
free(oidbuf, M_TEMP);
|
||||
break;
|
||||
case SIOCGPRIVATE_0:
|
||||
if ((error = suser(curthread)))
|
||||
if ((error = priv_check(curthread, PRIV_DRIVER)))
|
||||
break;
|
||||
NDIS_LOCK(sc);
|
||||
if (sc->ndis_evt[sc->ndis_evtcidx].ne_sts == 0) {
|
||||
@ -3062,7 +3063,7 @@ ndis_wi_ioctl_set(ifp, command, data)
|
||||
uint32_t foo;
|
||||
int error, len;
|
||||
|
||||
error = suser(curthread);
|
||||
error = priv_check(curthread, PRIV_DRIVER);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
@ -3370,7 +3371,7 @@ ndis_80211_ioctl_set(struct ifnet *ifp, u_long command, caddr_t data)
|
||||
break;
|
||||
#endif
|
||||
case IEEE80211_IOC_STATIONNAME:
|
||||
error = suser(curthread);
|
||||
error = priv_check(curthread, PRIV_NET80211_MANAGE);
|
||||
if (error)
|
||||
break;
|
||||
if (ireq->i_val != 0 ||
|
||||
|
@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/tty.h>
|
||||
#include <sys/poll.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/uio.h>
|
||||
@ -972,11 +973,11 @@ key_change_ok(struct keyent_t *oldkey, struct keyent_t *newkey, struct thread *t
|
||||
if (keymap_restrict_change >= 2) {
|
||||
for (i = 0; i < NUM_STATES; i++)
|
||||
if (oldkey->map[i] != newkey->map[i])
|
||||
return suser(td);
|
||||
return priv_check(td, PRIV_KEYBOARD);
|
||||
if (oldkey->spcl != newkey->spcl)
|
||||
return suser(td);
|
||||
return priv_check(td, PRIV_KEYBOARD);
|
||||
if (oldkey->flgs != newkey->flgs)
|
||||
return suser(td);
|
||||
return priv_check(td, PRIV_KEYBOARD);
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -991,7 +992,7 @@ key_change_ok(struct keyent_t *oldkey, struct keyent_t *newkey, struct thread *t
|
||||
if ((oldkey->spcl & (0x80 >> i)) == (newkey->spcl & (0x80 >> i))
|
||||
&& oldkey->map[i] == newkey->map[i])
|
||||
continue;
|
||||
return suser(td);
|
||||
return priv_check(td, PRIV_KEYBOARD);
|
||||
}
|
||||
|
||||
return (0);
|
||||
@ -1020,20 +1021,20 @@ accent_change_ok(accentmap_t *oldmap, accentmap_t *newmap, struct thread *td)
|
||||
return (0);
|
||||
|
||||
if (oldmap->n_accs != newmap->n_accs)
|
||||
return suser(td);
|
||||
return priv_check(td, PRIV_KEYBOARD);
|
||||
|
||||
for (accent = 0; accent < oldmap->n_accs; accent++) {
|
||||
oldacc = &oldmap->acc[accent];
|
||||
newacc = &newmap->acc[accent];
|
||||
if (oldacc->accchar != newacc->accchar)
|
||||
return suser(td);
|
||||
return priv_check(td, PRIV_KEYBOARD);
|
||||
for (i = 0; i < NUM_ACCENTCHARS; ++i) {
|
||||
if (oldacc->map[i][0] != newacc->map[i][0])
|
||||
return suser(td);
|
||||
return priv_check(td, PRIV_KEYBOARD);
|
||||
if (oldacc->map[i][0] == 0) /* end of table */
|
||||
break;
|
||||
if (oldacc->map[i][1] != newacc->map[i][1])
|
||||
return suser(td);
|
||||
return priv_check(td, PRIV_KEYBOARD);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1048,7 +1049,7 @@ fkey_change_ok(fkeytab_t *oldkey, fkeyarg_t *newkey, struct thread *td)
|
||||
|
||||
if (oldkey->len != newkey->flen ||
|
||||
bcmp(oldkey->str, newkey->keydef, oldkey->len) != 0)
|
||||
return suser(td);
|
||||
return priv_check(td, PRIV_KEYBOARD);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
@ -113,6 +113,9 @@
|
||||
# include <sys/rman.h>
|
||||
# include <vm/vm.h>
|
||||
# include <vm/pmap.h>
|
||||
# if (__FreeBSD_version >= 700000)
|
||||
# include <sys/priv.h>
|
||||
# endif
|
||||
# if (__FreeBSD_version >= 500000)
|
||||
# include <sys/mutex.h>
|
||||
# include <dev/pci/pcivar.h>
|
||||
|
@ -1223,7 +1223,11 @@ struct softc
|
||||
# define TOP_UNLOCK mtx_unlock (&sc->top_mtx)
|
||||
# define BOTTOM_TRYLOCK mtx_trylock(&sc->bottom_mtx)
|
||||
# define BOTTOM_UNLOCK mtx_unlock (&sc->bottom_mtx)
|
||||
# if (__FreeBSD_version >= 700000)
|
||||
# define CHECK_CAP priv_check(curthread, PRIV_DRIVER)
|
||||
# else
|
||||
# define CHECK_CAP suser(curthread)
|
||||
# endif
|
||||
# else /* FreeBSD-4 */
|
||||
# define TOP_TRYLOCK (sc->top_spl = splimp())
|
||||
# define TOP_UNLOCK splx(sc->top_spl)
|
||||
|
@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/tty.h>
|
||||
#include <sys/conf.h>
|
||||
@ -286,7 +287,8 @@ nmdmopen(struct cdev *dev, int flag, int devtype, struct thread *td)
|
||||
if ((tp->t_state & TS_ISOPEN) == 0) {
|
||||
ttyinitmode(tp, 0, 0);
|
||||
ttsetwater(tp); /* XXX ? */
|
||||
} else if (tp->t_state & TS_XCLUDE && suser(td)) {
|
||||
} else if (tp->t_state & TS_XCLUDE &&
|
||||
priv_check(td, PRIV_TTY_EXCLUSIVE)) {
|
||||
return (EBUSY);
|
||||
}
|
||||
|
||||
|
@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/disk.h>
|
||||
#include <sys/bus.h>
|
||||
#include <machine/bus.h>
|
||||
@ -87,7 +88,7 @@ null_ioctl(struct cdev *dev __unused, u_long cmd, caddr_t data __unused,
|
||||
|
||||
if (cmd != DIOCSKERNELDUMP)
|
||||
return (ENOIOCTL);
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_SETDUMPER);
|
||||
if (error)
|
||||
return (error);
|
||||
return (set_dumper(NULL));
|
||||
|
@ -140,7 +140,8 @@ ofw_dev_open(struct cdev *dev, int flag, int mode, struct thread *td)
|
||||
ttyconsolemode(tp, 0);
|
||||
|
||||
setuptimeout = 1;
|
||||
} else if ((tp->t_state & TS_XCLUDE) && suser(td)) {
|
||||
} else if ((tp->t_state & TS_XCLUDE) &&
|
||||
priv_check(td, PRIV_TTY_EXCLUSIVE)) {
|
||||
return (EBUSY);
|
||||
}
|
||||
|
||||
|
@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/module.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/poll.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/selinfo.h>
|
||||
#include <sys/uio.h>
|
||||
@ -85,7 +86,7 @@ static int
|
||||
random_close(struct cdev *dev __unused, int flags, int fmt __unused,
|
||||
struct thread *td)
|
||||
{
|
||||
if ((flags & FWRITE) && (suser(td) == 0)
|
||||
if ((flags & FWRITE) && (priv_check(td, PRIV_RANDOM_RESEED) == 0)
|
||||
&& (securelevel_gt(td->td_ucred, 0) == 0)) {
|
||||
(*random_systat.reseed)();
|
||||
random_systat.seeded = 1;
|
||||
|
@ -67,6 +67,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/callout.h>
|
||||
#include <sys/syslog.h>
|
||||
@ -1110,7 +1111,7 @@ sbni_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
|
||||
|
||||
case SIOCSHWFLAGS: /* set flags */
|
||||
/* root only */
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_DRIVER);
|
||||
if (error)
|
||||
break;
|
||||
flags = *(struct sbni_flags*)&ifr->ifr_data;
|
||||
@ -1132,7 +1133,7 @@ sbni_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
|
||||
break;
|
||||
|
||||
case SIOCRINSTATS:
|
||||
if (!(error = suser(td))) /* root only */
|
||||
if (!(error = priv_check(td, PRIV_DRIVER))) /* root only */
|
||||
bzero(&sc->in_stats, sizeof(struct sbni_in_stats));
|
||||
break;
|
||||
|
||||
|
@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/random.h>
|
||||
@ -424,7 +425,7 @@ sbsh_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
|
||||
switch(cmd) {
|
||||
case SIOCLOADFIRMW:
|
||||
if ((error = suser(curthread)) != 0)
|
||||
if ((error = priv_check(curthread, PRIV_DRIVER)) != 0)
|
||||
break;
|
||||
if (ifp->if_flags & IFF_UP)
|
||||
error = EBUSY;
|
||||
@ -444,7 +445,7 @@ sbsh_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
break;
|
||||
|
||||
case SIOCGETSTATS :
|
||||
if ((error = suser(curthread)) != 0)
|
||||
if ((error = priv_check(curthread, PRIV_DRIVER)) != 0)
|
||||
break;
|
||||
|
||||
t = 0;
|
||||
@ -478,7 +479,7 @@ sbsh_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
break;
|
||||
|
||||
case SIOCCLRSTATS :
|
||||
if (!(error = suser(curthread))) {
|
||||
if (!(error = priv_check(curthread, PRIV_DRIVER))) {
|
||||
bzero(&sc->in_stats, sizeof(struct sbni16_stats));
|
||||
t = 2;
|
||||
if (issue_cx28975_cmd(sc, _DSL_CLEAR_ERROR_CTRS, &t, 1))
|
||||
|
@ -53,6 +53,7 @@ static const char si_copyright1[] = "@(#) Copyright (C) Specialix International
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/bus.h>
|
||||
#include <machine/bus.h>
|
||||
@ -650,7 +651,7 @@ si_Sioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *t
|
||||
|
||||
ip = (int *)data;
|
||||
|
||||
#define SUCHECK if ((error = suser(td))) goto out
|
||||
#define SUCHECK if ((error = priv_check(td, PRIV_DRIVER))) goto out
|
||||
|
||||
switch (cmd) {
|
||||
case TCSIPORTS:
|
||||
|
@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/random.h>
|
||||
#include <sys/reboot.h>
|
||||
@ -517,7 +518,7 @@ scopen(struct cdev *dev, int flag, int mode, struct thread *td)
|
||||
ttyld_modem(tp, 1);
|
||||
}
|
||||
else
|
||||
if (tp->t_state & TS_XCLUDE && suser(td))
|
||||
if (tp->t_state & TS_XCLUDE && priv_check(td, PRIV_TTY_EXCLUSIVE))
|
||||
return(EBUSY);
|
||||
|
||||
error = ttyld_open(tp, dev);
|
||||
@ -1092,7 +1093,7 @@ scioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td)
|
||||
return 0;
|
||||
|
||||
case KDENABIO: /* allow io operations */
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_IO);
|
||||
if (error != 0)
|
||||
return error;
|
||||
error = securelevel_gt(td->td_ucred, 0);
|
||||
|
@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/tty.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/consio.h>
|
||||
@ -83,7 +84,8 @@ smopen(struct cdev *dev, int flag, int mode, struct thread *td)
|
||||
ttyinitmode(tp, 0, 0);
|
||||
smparam(tp, &tp->t_termios);
|
||||
ttyld_modem(tp, 1);
|
||||
} else if (tp->t_state & TS_XCLUDE && suser(td)) {
|
||||
} else if (tp->t_state & TS_XCLUDE &&
|
||||
priv_check(td, PRIV_TTY_EXCLUSIVE)) {
|
||||
return EBUSY;
|
||||
}
|
||||
|
||||
|
@ -76,6 +76,7 @@ __FBSDID("$FreeBSD$");
|
||||
#endif
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/socket.h>
|
||||
@ -1273,7 +1274,7 @@ wi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
WI_UNLOCK(sc);
|
||||
break;
|
||||
case SIOCSIFGENERIC:
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_DRIVER);
|
||||
if (error == 0)
|
||||
error = wi_set_cfg(ifp, cmd, data);
|
||||
break;
|
||||
@ -1291,7 +1292,7 @@ wi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
error = copyout(&wreq, ifr->ifr_data, sizeof(wreq));
|
||||
break;
|
||||
case SIOCSPRISM2DEBUG:
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_DRIVER)))
|
||||
return (error);
|
||||
error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
|
||||
if (error)
|
||||
@ -1312,7 +1313,7 @@ wi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
case SIOCS80211:
|
||||
ireq = (struct ieee80211req *) data;
|
||||
if (ireq->i_type == IEEE80211_IOC_STATIONNAME) {
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_NET80211_MANAGE);
|
||||
if (error)
|
||||
break;
|
||||
if (ireq->i_val != 0 ||
|
||||
|
@ -197,6 +197,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/module.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/syslog.h>
|
||||
#include <machine/bus.h>
|
||||
@ -1310,7 +1311,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
/* pointer to buffer in user space */
|
||||
up = (void *)ifr->ifr_data;
|
||||
/* work out if they're root */
|
||||
isroot = (suser(td) == 0);
|
||||
isroot = (priv_check(td, PRIV_NET80211_GETKEY) == 0);
|
||||
|
||||
for (i = 0; i < 0x40; i++) {
|
||||
/* don't hand the DES key out to non-root users */
|
||||
@ -1327,7 +1328,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
/* copy the PSA in from the caller; we only copy _some_ values */
|
||||
case SIOCSWLPSA:
|
||||
/* root only */
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_DRIVER)))
|
||||
break;
|
||||
error = EINVAL; /* assume the worst */
|
||||
/* pointer to buffer in user space containing data */
|
||||
@ -1383,7 +1384,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
*/
|
||||
case SIOCSWLCNWID:
|
||||
/* root only */
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_DRIVER)))
|
||||
break;
|
||||
if (!(ifp->if_flags & IFF_UP)) {
|
||||
error = EIO; /* only allowed while up */
|
||||
@ -1401,7 +1402,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
/* copy the EEPROM in 2.4 Gz WaveMODEM out to the caller */
|
||||
case SIOCGWLEEPROM:
|
||||
/* root only */
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_DRIVER)))
|
||||
break;
|
||||
/* pointer to buffer in user space */
|
||||
up = (void *)ifr->ifr_data;
|
||||
@ -1428,7 +1429,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
/* zero (Delete) the wl cache */
|
||||
case SIOCDWLCACHE:
|
||||
/* root only */
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_DRIVER)))
|
||||
break;
|
||||
wl_cache_zero(sc);
|
||||
break;
|
||||
|
@ -453,7 +453,7 @@ zsttyopen(struct cdev *dev, int flags, int mode, struct thread *td)
|
||||
|
||||
if ((tp->t_state & TS_ISOPEN) != 0 &&
|
||||
(tp->t_state & TS_XCLUDE) != 0 &&
|
||||
suser(td) != 0)
|
||||
priv_check(td, PRIV_TTY_EXCLUSIVE) != 0)
|
||||
return (EBUSY);
|
||||
|
||||
if ((tp->t_state & TS_ISOPEN) == 0) {
|
||||
|
@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/vnode.h>
|
||||
@ -174,7 +175,7 @@ cd9660_mount(struct mount *mp, struct thread *td)
|
||||
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td);
|
||||
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
|
||||
if (error)
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
|
||||
if (error) {
|
||||
vput(devvp);
|
||||
return (error);
|
||||
|
@ -67,6 +67,7 @@
|
||||
#include <sys/conf.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/dirent.h>
|
||||
#include <sys/ioccom.h>
|
||||
#include <sys/lock.h>
|
||||
@ -164,11 +165,13 @@ devfs_rules_ioctl(struct devfs_mount *dm, u_long cmd, caddr_t data, struct threa
|
||||
sx_assert(&dm->dm_lock, SX_XLOCKED);
|
||||
|
||||
/*
|
||||
* XXX: This returns an error regardless of whether we
|
||||
* actually support the cmd or not.
|
||||
* XXX: This returns an error regardless of whether we actually
|
||||
* support the cmd or not.
|
||||
*
|
||||
* We could make this privileges finer grained if desired.
|
||||
*/
|
||||
error = suser(td);
|
||||
if (error != 0)
|
||||
error = priv_check(td, PRIV_DEVFS_RULE);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
sx_xlock(&sx_rules);
|
||||
|
@ -55,6 +55,7 @@
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/sx.h>
|
||||
@ -1145,19 +1146,25 @@ devfs_setattr(struct vop_setattr_args *ap)
|
||||
else
|
||||
gid = vap->va_gid;
|
||||
if (uid != de->de_uid || gid != de->de_gid) {
|
||||
if (((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
|
||||
(gid != de->de_gid && !groupmember(gid, ap->a_cred))) &&
|
||||
(error = suser_cred(ap->a_td->td_ucred, SUSER_ALLOWJAIL)) != 0)
|
||||
if ((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
|
||||
(gid != de->de_gid && !groupmember(gid, ap->a_cred))) {
|
||||
error = priv_check_cred(ap->a_td->td_ucred,
|
||||
PRIV_VFS_CHOWN, SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
de->de_uid = uid;
|
||||
de->de_gid = gid;
|
||||
c = 1;
|
||||
}
|
||||
|
||||
if (vap->va_mode != (mode_t)VNOVAL) {
|
||||
if ((ap->a_cred->cr_uid != de->de_uid) &&
|
||||
(error = suser_cred(ap->a_td->td_ucred, SUSER_ALLOWJAIL)))
|
||||
if (ap->a_cred->cr_uid != de->de_uid) {
|
||||
error = priv_check_cred(ap->a_td->td_ucred,
|
||||
PRIV_VFS_ADMIN, SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
de->de_mode = vap->va_mode;
|
||||
c = 1;
|
||||
}
|
||||
@ -1227,7 +1234,8 @@ devfs_symlink(struct vop_symlink_args *ap)
|
||||
|
||||
td = ap->a_cnp->cn_thread;
|
||||
KASSERT(td == curthread, ("devfs_symlink: td != curthread"));
|
||||
error = suser(td);
|
||||
|
||||
error = priv_check(td, PRIV_DEVFS_SYMLINK);
|
||||
if (error)
|
||||
return(error);
|
||||
dmp = VFSTODEVFS(ap->a_dvp->v_mount);
|
||||
|
@ -501,11 +501,12 @@ hpfs_setattr(ap)
|
||||
if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
|
||||
if (vp->v_mount->mnt_flag & MNT_RDONLY)
|
||||
return (EROFS);
|
||||
if (cred->cr_uid != hp->h_uid &&
|
||||
(error = suser_cred(cred, SUSER_ALLOWJAIL)) &&
|
||||
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
|
||||
(error = VOP_ACCESS(vp, VWRITE, cred, td))))
|
||||
return (error);
|
||||
if (vap->va_vaflags & VA_UTIMES_NULL) {
|
||||
error = VOP_ACCESS(vp, VADMIN, cred, td);
|
||||
if (error)
|
||||
error = VOP_ACCESS(vp, VWRITE, cred, td);
|
||||
} else
|
||||
error = VOP_ACCESS(vp, VADMIN, cred, td);
|
||||
if (vap->va_atime.tv_sec != VNOVAL)
|
||||
hp->h_atime = vap->va_atime.tv_sec;
|
||||
if (vap->va_mtime.tv_sec != VNOVAL)
|
||||
|
@ -52,6 +52,7 @@
|
||||
#include <sys/systm.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/vnode.h>
|
||||
@ -293,17 +294,17 @@ msdosfs_mount(struct mount *mp, struct thread *td)
|
||||
* If upgrade to read-write by non-root, then verify
|
||||
* that user has necessary permissions on the device.
|
||||
*/
|
||||
if (suser(td)) {
|
||||
devvp = pmp->pm_devvp;
|
||||
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td);
|
||||
error = VOP_ACCESS(devvp, VREAD | VWRITE,
|
||||
td->td_ucred, td);
|
||||
if (error)
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
|
||||
if (error) {
|
||||
VOP_UNLOCK(devvp, 0, td);
|
||||
return (error);
|
||||
}
|
||||
VOP_UNLOCK(devvp, 0, td);
|
||||
}
|
||||
DROP_GIANT();
|
||||
g_topology_lock();
|
||||
error = g_access(pmp->pm_cp, 0, 1, 0);
|
||||
@ -353,16 +354,16 @@ msdosfs_mount(struct mount *mp, struct thread *td)
|
||||
* If mount by non-root, then verify that user has necessary
|
||||
* permissions on the device.
|
||||
*/
|
||||
if (suser(td)) {
|
||||
accessmode = VREAD;
|
||||
if ((mp->mnt_flag & MNT_RDONLY) == 0)
|
||||
accessmode |= VWRITE;
|
||||
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
|
||||
if (error)
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
|
||||
if (error) {
|
||||
vput(devvp);
|
||||
return (error);
|
||||
}
|
||||
}
|
||||
if ((mp->mnt_flag & MNT_UPDATE) == 0) {
|
||||
error = mountmsdosfs(devvp, mp, td);
|
||||
#ifdef MSDOSFS_DEBUG /* only needed for the printf below */
|
||||
|
@ -59,6 +59,7 @@
|
||||
#include <sys/conf.h>
|
||||
#include <sys/clock.h>
|
||||
#include <sys/buf.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/unistd.h>
|
||||
@ -404,9 +405,12 @@ msdosfs_setattr(ap)
|
||||
if (vap->va_flags != VNOVAL) {
|
||||
if (vp->v_mount->mnt_flag & MNT_RDONLY)
|
||||
return (EROFS);
|
||||
if (cred->cr_uid != pmp->pm_uid &&
|
||||
(error = suser_cred(cred, SUSER_ALLOWJAIL)))
|
||||
if (cred->cr_uid != pmp->pm_uid) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_ADMIN,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
/*
|
||||
* We are very inconsistent about handling unsupported
|
||||
* attributes. We ignored the access time and the
|
||||
@ -419,9 +423,11 @@ msdosfs_setattr(ap)
|
||||
* set ATTR_ARCHIVE for directories `cp -pr' from a more
|
||||
* sensible filesystem attempts it a lot.
|
||||
*/
|
||||
if (suser_cred(cred, SUSER_ALLOWJAIL)) {
|
||||
if (vap->va_flags & SF_SETTABLE)
|
||||
return EPERM;
|
||||
if (vap->va_flags & SF_SETTABLE) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
if (vap->va_flags & ~SF_ARCHIVED)
|
||||
return EOPNOTSUPP;
|
||||
@ -444,10 +450,13 @@ msdosfs_setattr(ap)
|
||||
gid = vap->va_gid;
|
||||
if (gid == (gid_t)VNOVAL)
|
||||
gid = pmp->pm_gid;
|
||||
if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
|
||||
(gid != pmp->pm_gid && !groupmember(gid, cred))) &&
|
||||
(error = suser_cred(cred, SUSER_ALLOWJAIL)))
|
||||
return error;
|
||||
if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
|
||||
(gid != pmp->pm_gid && !groupmember(gid, cred))) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_CHOWN,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
if (uid != pmp->pm_uid || gid != pmp->pm_gid)
|
||||
return EINVAL;
|
||||
}
|
||||
@ -477,11 +486,13 @@ msdosfs_setattr(ap)
|
||||
if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
|
||||
if (vp->v_mount->mnt_flag & MNT_RDONLY)
|
||||
return (EROFS);
|
||||
if (cred->cr_uid != pmp->pm_uid &&
|
||||
(error = suser_cred(cred, SUSER_ALLOWJAIL)) &&
|
||||
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
|
||||
(error = VOP_ACCESS(ap->a_vp, VWRITE, cred, ap->a_td))))
|
||||
return (error);
|
||||
if (vap->va_vaflags & VA_UTIMES_NULL) {
|
||||
error = VOP_ACCESS(vp, VADMIN, cred, ap->a_td);
|
||||
if (error)
|
||||
error = VOP_ACCESS(vp, VWRITE, cred,
|
||||
ap->a_td);
|
||||
} else
|
||||
error = VOP_ACCESS(vp, VADMIN, cred, ap->a_td);
|
||||
if (vp->v_type != VDIR) {
|
||||
if ((pmp->pm_flags & MSDOSFSMNT_NOWIN95) == 0 &&
|
||||
vap->va_atime.tv_sec != VNOVAL) {
|
||||
@ -506,9 +517,12 @@ msdosfs_setattr(ap)
|
||||
if (vap->va_mode != (mode_t)VNOVAL) {
|
||||
if (vp->v_mount->mnt_flag & MNT_RDONLY)
|
||||
return (EROFS);
|
||||
if (cred->cr_uid != pmp->pm_uid &&
|
||||
(error = suser_cred(cred, SUSER_ALLOWJAIL)))
|
||||
if (cred->cr_uid != pmp->pm_uid) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_ADMIN,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
if (vp->v_type != VDIR) {
|
||||
/* We ignore the read and execute bits. */
|
||||
if (vap->va_mode & VWRITE)
|
||||
|
@ -34,6 +34,7 @@
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/pioctl.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/signalvar.h>
|
||||
#include <sys/systm.h>
|
||||
@ -104,8 +105,19 @@ procfs_ioctl(PFS_IOCTL_ARGS)
|
||||
#endif
|
||||
case PIOCSFL:
|
||||
flags = *(unsigned int *)data;
|
||||
if (flags & PF_ISUGID && (error = suser(td)) != 0)
|
||||
if (flags & PF_ISUGID) {
|
||||
/*
|
||||
* XXXRW: Is this specific check required here, as
|
||||
* p_candebug() should implement it, or other checks
|
||||
* are missing.
|
||||
*
|
||||
* XXXRW: Other debugging privileges are granted in
|
||||
* jail, why isn't this?
|
||||
*/
|
||||
error = priv_check(td, PRIV_DEBUG_SUGID);
|
||||
if (error)
|
||||
break;
|
||||
}
|
||||
p->p_pfsflags = flags;
|
||||
break;
|
||||
case PIOCGFL:
|
||||
|
@ -366,11 +366,13 @@ smbfs_setattr(ap)
|
||||
if (vap->va_atime.tv_sec != VNOVAL)
|
||||
atime = &vap->va_atime;
|
||||
if (mtime != atime) {
|
||||
if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_uid &&
|
||||
(error = suser_cred(ap->a_cred, SUSER_ALLOWJAIL)) &&
|
||||
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
|
||||
(error = VOP_ACCESS(vp, VWRITE, ap->a_cred, ap->a_td))))
|
||||
return (error);
|
||||
if (vap->va_vaflags & VA_UTIMES_NULL) {
|
||||
error = VOP_ACCESS(vp, VADMIN, ap->a_cred, ap->a_td);
|
||||
if (error)
|
||||
error = VOP_ACCESS(vp, VWRITE, ap->a_cred,
|
||||
ap->a_td);
|
||||
} else
|
||||
error = VOP_ACCESS(vp, VADMIN, ap->a_cred, ap->a_td);
|
||||
#if 0
|
||||
if (mtime == NULL)
|
||||
mtime = &np->n_mtime;
|
||||
|
@ -84,6 +84,7 @@
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/vnode.h>
|
||||
@ -238,7 +239,7 @@ udf_mount(struct mount *mp, struct thread *td)
|
||||
/* Check the access rights on the mount device */
|
||||
error = VOP_ACCESS(devvp, VREAD, td->td_ucred, td);
|
||||
if (error)
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
|
||||
if (error) {
|
||||
vput(devvp);
|
||||
return (error);
|
||||
|
@ -88,7 +88,8 @@ umapfs_omount(mp, path, data, ndp, td)
|
||||
/*
|
||||
* Only for root
|
||||
*/
|
||||
if ((error = suser(td)) != 0)
|
||||
error = priv_check(td, PRIV_VFS_MOUNT);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
#ifdef DEBUG
|
||||
|
@ -57,6 +57,7 @@
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/vnode.h>
|
||||
@ -197,15 +198,16 @@ ext2_mount(mp, td)
|
||||
* If upgrade to read-write by non-root, then verify
|
||||
* that user has necessary permissions on the device.
|
||||
*/
|
||||
if (suser(td)) {
|
||||
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td);
|
||||
if ((error = VOP_ACCESS(devvp, VREAD | VWRITE,
|
||||
td->td_ucred, td)) != 0) {
|
||||
error = VOP_ACCESS(devvp, VREAD | VWRITE,
|
||||
td->td_ucred, td);
|
||||
if (error)
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
|
||||
if (error) {
|
||||
VOP_UNLOCK(devvp, 0, td);
|
||||
return (error);
|
||||
}
|
||||
VOP_UNLOCK(devvp, 0, td);
|
||||
}
|
||||
DROP_GIANT();
|
||||
g_topology_lock();
|
||||
error = g_access(ump->um_cp, 0, 1, 0);
|
||||
@ -259,16 +261,19 @@ ext2_mount(mp, td)
|
||||
/*
|
||||
* If mount by non-root, then verify that user has necessary
|
||||
* permissions on the device.
|
||||
*
|
||||
* XXXRW: VOP_ACCESS() enough?
|
||||
*/
|
||||
if (suser(td)) {
|
||||
accessmode = VREAD;
|
||||
if ((mp->mnt_flag & MNT_RDONLY) == 0)
|
||||
accessmode |= VWRITE;
|
||||
if ((error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td)) != 0) {
|
||||
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
|
||||
if (error)
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
|
||||
if (error) {
|
||||
vput(devvp);
|
||||
return (error);
|
||||
}
|
||||
}
|
||||
|
||||
if ((mp->mnt_flag & MNT_UPDATE) == 0) {
|
||||
error = ext2_mountfs(devvp, mp, td);
|
||||
|
@ -52,6 +52,7 @@
|
||||
#include <sys/stat.h>
|
||||
#include <sys/bio.h>
|
||||
#include <sys/buf.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/unistd.h>
|
||||
@ -411,7 +412,8 @@ ext2_setattr(ap)
|
||||
* Privileged non-jail processes may not modify system flags
|
||||
* if securelevel > 0 and any existing system flags are set.
|
||||
*/
|
||||
if (!suser_cred(cred, SUSER_ALLOWJAIL)) {
|
||||
if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
|
||||
SUSER_ALLOWJAIL)) {
|
||||
if (ip->i_flags
|
||||
& (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
|
||||
error = securelevel_gt(cred, 0);
|
||||
@ -529,11 +531,17 @@ ext2_chmod(vp, mode, cred, td)
|
||||
* as well as set the setgid bit on a file with a group that the
|
||||
* process is not a member of.
|
||||
*/
|
||||
if (suser_cred(cred, SUSER_ALLOWJAIL)) {
|
||||
if (vp->v_type != VDIR && (mode & S_ISTXT))
|
||||
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_STICKYFILE,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (EFTYPE);
|
||||
if (!groupmember(ip->i_gid, cred) && (mode & ISGID))
|
||||
return (EPERM);
|
||||
}
|
||||
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_SETGID,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
ip->i_mode &= ~ALLPERMS;
|
||||
ip->i_mode |= (mode & ALLPERMS);
|
||||
@ -573,17 +581,23 @@ ext2_chown(vp, uid, gid, cred, td)
|
||||
* to a group of which we are not a member, the caller must
|
||||
* have privilege.
|
||||
*/
|
||||
if ((uid != ip->i_uid ||
|
||||
(gid != ip->i_gid && !groupmember(gid, cred))) &&
|
||||
(error = suser_cred(cred, SUSER_ALLOWJAIL)))
|
||||
if (uid != ip->i_uid || (gid != ip->i_gid &&
|
||||
!groupmember(gid, cred))) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_CHOWN,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
ogid = ip->i_gid;
|
||||
ouid = ip->i_uid;
|
||||
ip->i_gid = gid;
|
||||
ip->i_uid = uid;
|
||||
ip->i_flag |= IN_CHANGE;
|
||||
if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid))
|
||||
if (ouid != uid || ogid != gid) {
|
||||
if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID,
|
||||
SUSER_ALLOWJAIL) != 0)
|
||||
ip->i_mode &= ~(ISUID | ISGID);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -1608,9 +1622,11 @@ ext2_makeinode(mode, dvp, vpp, cnp)
|
||||
ip->i_mode = mode;
|
||||
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
|
||||
ip->i_nlink = 1;
|
||||
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
|
||||
suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL))
|
||||
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) {
|
||||
if (priv_check_cred(cnp->cn_cred, PRIV_VFS_CLEARSUGID,
|
||||
SUSER_ALLOWJAIL))
|
||||
ip->i_mode &= ~ISGID;
|
||||
}
|
||||
|
||||
if (cnp->cn_flags & ISWHITEOUT)
|
||||
ip->i_flags |= UF_OPAQUE;
|
||||
|
@ -18,6 +18,7 @@
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/unistd.h>
|
||||
|
@ -125,16 +125,16 @@ reiserfs_mount(struct mount *mp, struct thread *td)
|
||||
|
||||
/* If mount by non-root, then verify that user has necessary
|
||||
* permissions on the device. */
|
||||
if (suser(td)) {
|
||||
accessmode = VREAD;
|
||||
if ((mp->mnt_flag & MNT_RDONLY) == 0)
|
||||
accessmode |= VWRITE;
|
||||
if ((error = VOP_ACCESS(devvp,
|
||||
accessmode, td->td_ucred, td)) != 0) {
|
||||
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
|
||||
if (error)
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
|
||||
if (error) {
|
||||
vput(devvp);
|
||||
return (error);
|
||||
}
|
||||
}
|
||||
|
||||
if ((mp->mnt_flag & MNT_UPDATE) == 0) {
|
||||
error = reiserfs_mountfs(devvp, mp, td);
|
||||
|
@ -53,6 +53,8 @@
|
||||
#include "xfs_version.h"
|
||||
#include "xfs_buf.h"
|
||||
|
||||
#include <sys/priv.h>
|
||||
|
||||
#include <geom/geom.h>
|
||||
#include <geom/geom_vfs.h>
|
||||
|
||||
@ -149,15 +151,16 @@ xfs_blkdev_get(
|
||||
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td);
|
||||
|
||||
ronly = ((XFS_MTOVFS(mp)->vfs_flag & VFS_RDONLY) != 0);
|
||||
if (suser(td)) {
|
||||
accessmode = VREAD;
|
||||
if (!ronly)
|
||||
accessmode |= VWRITE;
|
||||
if ((error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td))!= 0){
|
||||
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
|
||||
if (error)
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
|
||||
if (error) {
|
||||
vput(devvp);
|
||||
return (error);
|
||||
}
|
||||
}
|
||||
|
||||
DROP_GIANT();
|
||||
g_topology_lock();
|
||||
|
@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/signalvar.h>
|
||||
#include <sys/systm.h>
|
||||
@ -54,7 +55,7 @@ ioopen(struct cdev *dev __unused, int flags __unused, int fmt __unused,
|
||||
{
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_IO);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
error = securelevel_gt(td->td_ucred, 0);
|
||||
|
@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/smp.h>
|
||||
#include <sys/sysproto.h>
|
||||
@ -292,7 +293,7 @@ i386_set_ioperm(td, uap)
|
||||
if ((error = mac_check_sysarch_ioperm(td->td_ucred)) != 0)
|
||||
return (error);
|
||||
#endif
|
||||
if ((error = suser(td)) != 0)
|
||||
if ((error = priv_check(td, PRIV_IO)) != 0)
|
||||
return (error);
|
||||
if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
|
||||
return (error);
|
||||
|
@ -29,6 +29,7 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
@ -724,7 +725,7 @@ vm86_sysarch(td, args)
|
||||
case VM86_INTCALL: {
|
||||
struct vm86_intcall_args sa;
|
||||
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_VM86_INTCALL)))
|
||||
return (error);
|
||||
if ((error = copyin(ua.sub_args, &sa, sizeof(sa))))
|
||||
return (error);
|
||||
|
@ -68,6 +68,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/file.h> /* Must come after sys/malloc.h */
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/reboot.h>
|
||||
#include <sys/resourcevar.h>
|
||||
#include <sys/stat.h>
|
||||
@ -1008,14 +1009,22 @@ ibcs2_plock(td, uap)
|
||||
#define IBCS2_DATALOCK 4
|
||||
|
||||
|
||||
if ((error = suser(td)) != 0)
|
||||
return EPERM;
|
||||
switch(uap->cmd) {
|
||||
case IBCS2_UNLOCK:
|
||||
error = priv_check(td, PRIV_VM_MUNLOCK);
|
||||
if (error)
|
||||
return (error);
|
||||
/* XXX - TODO */
|
||||
return (0);
|
||||
|
||||
case IBCS2_PROCLOCK:
|
||||
case IBCS2_TEXTLOCK:
|
||||
case IBCS2_DATALOCK:
|
||||
return 0; /* XXX - TODO */
|
||||
error = priv_check(td, PRIV_VM_MLOCK);
|
||||
if (error)
|
||||
return (error);
|
||||
/* XXX - TODO */
|
||||
return 0;
|
||||
}
|
||||
return EINVAL;
|
||||
}
|
||||
@ -1043,9 +1052,6 @@ ibcs2_uadmin(td, uap)
|
||||
#define SCO_AD_GETBMAJ 0
|
||||
#define SCO_AD_GETCMAJ 1
|
||||
|
||||
if (suser(td))
|
||||
return EPERM;
|
||||
|
||||
switch(uap->cmd) {
|
||||
case SCO_A_REBOOT:
|
||||
case SCO_A_SHUTDOWN:
|
||||
@ -1055,11 +1061,11 @@ ibcs2_uadmin(td, uap)
|
||||
case SCO_AD_PWRDOWN:
|
||||
case SCO_AD_PWRNAP:
|
||||
r.opt = RB_HALT;
|
||||
reboot(td, &r);
|
||||
return (reboot(td, &r));
|
||||
case SCO_AD_BOOT:
|
||||
case SCO_AD_IBOOT:
|
||||
r.opt = RB_AUTOBOOT;
|
||||
reboot(td, &r);
|
||||
return (reboot(td, &r));
|
||||
}
|
||||
return EINVAL;
|
||||
case SCO_A_REMOUNT:
|
||||
|
@ -174,9 +174,6 @@ ibcs2_setipdomainname(td, uap)
|
||||
char hname[MAXHOSTNAMELEN], *ptr;
|
||||
int error, sctl[2], hlen;
|
||||
|
||||
if ((error = suser(td)))
|
||||
return (error);
|
||||
|
||||
/* W/out a hostname a domain-name is nonsense */
|
||||
if ( strlen(hostname) == 0 )
|
||||
return EINVAL;
|
||||
|
@ -76,8 +76,6 @@ ibcs2_sysi86(struct thread *td, struct ibcs2_sysi86_args *args)
|
||||
int name[2];
|
||||
int error;
|
||||
|
||||
if ((error = suser(td)))
|
||||
return (error);
|
||||
name[0] = CTL_KERN;
|
||||
name[1] = KERN_HOSTNAME;
|
||||
mtx_lock(&Giant);
|
||||
|
@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/mman.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/sx.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/resource.h>
|
||||
@ -812,7 +813,7 @@ linux_iopl(struct thread *td, struct linux_iopl_args *args)
|
||||
|
||||
if (args->level < 0 || args->level > 3)
|
||||
return (EINVAL);
|
||||
if ((error = suser(td)) != 0)
|
||||
if ((error = priv_check(td, PRIV_IO)) != 0)
|
||||
return (error);
|
||||
if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
|
||||
return (error);
|
||||
|
@ -490,7 +490,7 @@ i4biprioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
{
|
||||
struct thread *td = curthread; /* XXX */
|
||||
|
||||
if((error = suser(td)))
|
||||
if((error = priv_check(td, PRIV_DRIVER)))
|
||||
return (error);
|
||||
sl_compress_setup(sc->sc_compr, *(int *)data);
|
||||
}
|
||||
|
@ -147,7 +147,8 @@ ssc_open(struct cdev *dev, int flag, int mode, struct thread *td)
|
||||
ttyconsolemode(tp, 0);
|
||||
|
||||
setuptimeout = 1;
|
||||
} else if ((tp->t_state & TS_XCLUDE) && suser(td)) {
|
||||
} else if ((tp->t_state & TS_XCLUDE) &&
|
||||
priv_check(td, PRIV_TTY_EXCLUSIVE)) {
|
||||
splx(s);
|
||||
return EBUSY;
|
||||
}
|
||||
|
@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/vnode.h>
|
||||
@ -174,7 +175,7 @@ cd9660_mount(struct mount *mp, struct thread *td)
|
||||
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td);
|
||||
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
|
||||
if (error)
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
|
||||
if (error) {
|
||||
vput(devvp);
|
||||
return (error);
|
||||
|
@ -56,6 +56,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/mount.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/resourcevar.h>
|
||||
#include <sys/sched.h>
|
||||
@ -166,8 +167,7 @@ acct(struct thread *td, struct acct_args *uap)
|
||||
struct nameidata nd;
|
||||
int error, flags, vfslocked;
|
||||
|
||||
/* Make sure that the caller is root. */
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_ACCT);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
|
@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/mqueue.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/resourcevar.h>
|
||||
#include <sys/signalvar.h>
|
||||
@ -1351,7 +1352,7 @@ falloc(struct thread *td, struct file **resultfp, int *resultfd)
|
||||
sx_xlock(&filelist_lock);
|
||||
|
||||
if ((openfiles >= maxuserfiles &&
|
||||
suser_cred(td->td_ucred, SUSER_RUID) != 0) ||
|
||||
priv_check_cred(td->td_ucred, PRIV_MAXFILES, SUSER_RUID) != 0) ||
|
||||
openfiles >= maxfiles) {
|
||||
if (ppsratecheck(&lastfail, &curfail, 1)) {
|
||||
printf("kern.maxfiles limit exceeded by uid %i, please see tuning(7).\n",
|
||||
|
@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/sysent.h>
|
||||
@ -125,11 +126,18 @@ kenv(td, uap)
|
||||
return (error);
|
||||
}
|
||||
|
||||
if ((uap->what == KENV_SET) ||
|
||||
(uap->what == KENV_UNSET)) {
|
||||
error = suser(td);
|
||||
switch (uap->what) {
|
||||
case KENV_SET:
|
||||
error = priv_check(td, PRIV_KENV_SET);
|
||||
if (error)
|
||||
return (error);
|
||||
break;
|
||||
|
||||
case KENV_UNSET:
|
||||
error = priv_check(td, PRIV_KENV_UNSET);
|
||||
if (error)
|
||||
return (error);
|
||||
break;
|
||||
}
|
||||
|
||||
name = malloc(KENV_MNAMELEN, M_TEMP, M_WAITOK);
|
||||
|
@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/imgact_elf.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/pioctl.h>
|
||||
#include <sys/namei.h>
|
||||
@ -571,8 +572,11 @@ do_execve(td, args, mac_p)
|
||||
* we do not regain any tracing during a possible block.
|
||||
*/
|
||||
setsugid(p);
|
||||
|
||||
#ifdef KTRACE
|
||||
if (p->p_tracevp != NULL && suser_cred(oldcred, SUSER_ALLOWJAIL)) {
|
||||
if (p->p_tracevp != NULL &&
|
||||
priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED,
|
||||
SUSER_ALLOWJAIL)) {
|
||||
mtx_lock(&ktrace_mtx);
|
||||
p->p_traceflag = 0;
|
||||
tracevp = p->p_tracevp;
|
||||
|
@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/pioctl.h>
|
||||
#include <sys/resourcevar.h>
|
||||
@ -310,7 +311,7 @@ fork1(td, flags, pages, procp)
|
||||
*/
|
||||
sx_xlock(&allproc_lock);
|
||||
if ((nprocs >= maxproc - 10 &&
|
||||
suser_cred(td->td_ucred, SUSER_RUID) != 0) ||
|
||||
priv_check_cred(td->td_ucred, PRIV_MAXPROC, SUSER_RUID) != 0) ||
|
||||
nprocs >= maxproc) {
|
||||
error = EAGAIN;
|
||||
goto fail;
|
||||
@ -319,8 +320,11 @@ fork1(td, flags, pages, procp)
|
||||
/*
|
||||
* Increment the count of procs running with this uid. Don't allow
|
||||
* a nonprivileged user to exceed their current limit.
|
||||
*
|
||||
* XXXRW: Can we avoid privilege here if it's not needed?
|
||||
*/
|
||||
error = suser_cred(td->td_ucred, SUSER_RUID | SUSER_ALLOWJAIL);
|
||||
error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID |
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error == 0)
|
||||
ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0);
|
||||
else {
|
||||
|
@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/unistd.h>
|
||||
#include <sys/vnode.h>
|
||||
@ -807,7 +808,8 @@ ktrops(td, p, ops, facs, vp)
|
||||
p->p_tracecred = crhold(td->td_ucred);
|
||||
}
|
||||
p->p_traceflag |= facs;
|
||||
if (suser_cred(td->td_ucred, SUSER_ALLOWJAIL) == 0)
|
||||
if (priv_check_cred(td->td_ucred, PRIV_KTRACE,
|
||||
SUSER_ALLOWJAIL) == 0)
|
||||
p->p_traceflag |= KTRFAC_ROOT;
|
||||
} else {
|
||||
/* KTROP_CLEAR */
|
||||
@ -1013,7 +1015,7 @@ ktrcanset(td, targetp)
|
||||
|
||||
PROC_LOCK_ASSERT(targetp, MA_OWNED);
|
||||
if (targetp->p_traceflag & KTRFAC_ROOT &&
|
||||
suser_cred(td->td_ucred, SUSER_ALLOWJAIL))
|
||||
priv_check_cred(td->td_ucred, PRIV_KTRACE, SUSER_ALLOWJAIL))
|
||||
return (0);
|
||||
|
||||
if (p_candebug(td, targetp) != 0)
|
||||
|
@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/sysent.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
@ -854,7 +855,7 @@ kern_kldload(struct thread *td, const char *file, int *fileid)
|
||||
if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
|
||||
return (error);
|
||||
|
||||
if ((error = suser(td)) != 0)
|
||||
if ((error = priv_check(td, PRIV_KLD_LOAD)) != 0)
|
||||
return (error);
|
||||
|
||||
/*
|
||||
@ -921,7 +922,7 @@ kern_kldunload(struct thread *td, int fileid, int flags)
|
||||
if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
|
||||
return (error);
|
||||
|
||||
if ((error = suser(td)) != 0)
|
||||
if ((error = priv_check(td, PRIV_KLD_UNLOAD)) != 0)
|
||||
return (error);
|
||||
|
||||
KLD_LOCK();
|
||||
|
@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/systm.h>
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
@ -333,7 +334,7 @@ ntp_adjtime(struct thread *td, struct ntp_adjtime_args *uap)
|
||||
mtx_lock(&Giant);
|
||||
modes = ntv.modes;
|
||||
if (modes)
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_NTP_ADJTIME);
|
||||
if (error)
|
||||
goto done2;
|
||||
s = splclock();
|
||||
@ -954,7 +955,7 @@ kern_adjtime(struct thread *td, struct timeval *delta, struct timeval *olddelta)
|
||||
struct timeval atv;
|
||||
int error;
|
||||
|
||||
if ((error = suser(td)))
|
||||
if ((error = priv_check(td, PRIV_ADJTIME)))
|
||||
return (error);
|
||||
|
||||
mtx_lock(&Giant);
|
||||
|
@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/refcount.h>
|
||||
#include <sys/resourcevar.h>
|
||||
@ -264,7 +265,7 @@ donice(struct thread *td, struct proc *p, int n)
|
||||
n = PRIO_MAX;
|
||||
if (n < PRIO_MIN)
|
||||
n = PRIO_MIN;
|
||||
if (n < p->p_nice && suser(td) != 0)
|
||||
if (n < p->p_nice && priv_check(td, PRIV_SCHED_SETPRIORITY) != 0)
|
||||
return (EACCES);
|
||||
mtx_lock_spin(&sched_lock);
|
||||
sched_nice(p, n);
|
||||
@ -468,7 +469,7 @@ rtprio(td, uap)
|
||||
break;
|
||||
|
||||
/* Disallow setting rtprio in most cases if not superuser. */
|
||||
if (suser(td) != 0) {
|
||||
if (priv_check(td, PRIV_SCHED_RTPRIO) != 0) {
|
||||
/* can't set someone else's */
|
||||
if (uap->pid) {
|
||||
error = EPERM;
|
||||
@ -754,7 +755,8 @@ kern_setrlimit(td, which, limp)
|
||||
alimp = &oldlim->pl_rlimit[which];
|
||||
if (limp->rlim_cur > alimp->rlim_max ||
|
||||
limp->rlim_max > alimp->rlim_max)
|
||||
if ((error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL))) {
|
||||
if ((error = priv_check_cred(td->td_ucred,
|
||||
PRIV_PROC_SETRLIMIT, SUSER_ALLOWJAIL))) {
|
||||
PROC_UNLOCK(p);
|
||||
lim_free(newlim);
|
||||
return (error);
|
||||
|
@ -55,6 +55,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kthread.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/reboot.h>
|
||||
#include <sys/resourcevar.h>
|
||||
@ -164,7 +165,7 @@ reboot(struct thread *td, struct reboot_args *uap)
|
||||
error = mac_check_system_reboot(td->td_ucred, uap->opt);
|
||||
#endif
|
||||
if (error == 0)
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_REBOOT);
|
||||
if (error == 0) {
|
||||
mtx_lock(&Giant);
|
||||
boot(uap->opt);
|
||||
|
@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
@ -512,7 +513,7 @@ sysctl_sysctl_debug(SYSCTL_HANDLER_ARGS)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = suser(req->td);
|
||||
error = priv_check(req->td, PRIV_SYSCTL_DEBUG);
|
||||
if (error)
|
||||
return (error);
|
||||
sysctl_sysctl_debug_dump_node(&sysctl__children, 0);
|
||||
@ -1253,13 +1254,11 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
|
||||
|
||||
/* Is this sysctl writable by only privileged users? */
|
||||
if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
|
||||
int flags;
|
||||
|
||||
if (oid->oid_kind & CTLFLAG_PRISON)
|
||||
flags = SUSER_ALLOWJAIL;
|
||||
error = priv_check_cred(req->td->td_ucred,
|
||||
PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL);
|
||||
else
|
||||
flags = 0;
|
||||
error = suser_cred(req->td->td_ucred, flags);
|
||||
error = priv_check(req->td, PRIV_SYSCTL_WRITE);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
|
@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/resourcevar.h>
|
||||
#include <sys/sched.h>
|
||||
@ -164,7 +165,7 @@ create_thread(struct thread *td, mcontext_t *ctx,
|
||||
case RTP_PRIO_REALTIME:
|
||||
case RTP_PRIO_FIFO:
|
||||
/* Only root can set scheduler policy */
|
||||
if (suser(td) != 0)
|
||||
if (priv_check(td, PRIV_SCHED_SETPOLICY) != 0)
|
||||
return (EPERM);
|
||||
if (rtp->prio > RTP_PRIO_MAX)
|
||||
return (EINVAL);
|
||||
|
@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/syscallsubr.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/sysent.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/timers.h>
|
||||
@ -286,7 +287,7 @@ kern_clock_settime(struct thread *td, clockid_t clock_id, struct timespec *ats)
|
||||
if (error)
|
||||
return (error);
|
||||
#endif
|
||||
if ((error = suser(td)) != 0)
|
||||
if ((error = priv_check(td, PRIV_CLOCK_SETTIME)) != 0)
|
||||
return (error);
|
||||
if (clock_id != CLOCK_REALTIME)
|
||||
return (EINVAL);
|
||||
@ -504,7 +505,7 @@ kern_settimeofday(struct thread *td, struct timeval *tv, struct timezone *tzp)
|
||||
if (error)
|
||||
return (error);
|
||||
#endif
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_SETTIMEOFDAY);
|
||||
if (error)
|
||||
return (error);
|
||||
/* Verify all parameters before changing time. */
|
||||
|
@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/sched.h>
|
||||
#include <sys/sysctl.h>
|
||||
@ -1813,7 +1814,7 @@ _do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags, int timo,
|
||||
if ((error = umtx_key_get(m, TYPE_PP_UMUTEX, GET_SHARE(flags),
|
||||
&uq->uq_key)) != 0)
|
||||
return (error);
|
||||
su = (suser(td) == 0);
|
||||
su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
|
||||
for (;;) {
|
||||
old_inherited_pri = uq->uq_inherited_pri;
|
||||
umtxq_lock(&uq->uq_key);
|
||||
@ -1934,7 +1935,7 @@ do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags)
|
||||
|
||||
id = td->td_tid;
|
||||
uq = td->td_umtxq;
|
||||
su = (suser(td) == 0);
|
||||
su = (priv_check(td, PRIV_SCHED_RTPRIO) == 0);
|
||||
|
||||
/*
|
||||
* Make sure we own this mtx.
|
||||
|
@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/systm.h>
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
@ -139,7 +140,8 @@ osethostid(td, uap)
|
||||
{
|
||||
int error;
|
||||
|
||||
if ((error = suser(td)))
|
||||
error = priv_check(td, PRIV_SETHOSTID);
|
||||
if (error)
|
||||
return (error);
|
||||
mtx_lock(&Giant);
|
||||
hostid = uap->hostid;
|
||||
@ -295,9 +297,10 @@ setdomainname(td, uap)
|
||||
{
|
||||
int error, domainnamelen;
|
||||
|
||||
error = priv_check(td, PRIV_SETDOMAINNAME);
|
||||
if (error)
|
||||
return (error);
|
||||
mtx_lock(&Giant);
|
||||
if ((error = suser(td)))
|
||||
goto done2;
|
||||
if ((u_int)uap->len > sizeof (domainname) - 1) {
|
||||
error = EINVAL;
|
||||
goto done2;
|
||||
@ -309,4 +312,3 @@ setdomainname(td, uap)
|
||||
mtx_unlock(&Giant);
|
||||
return (error);
|
||||
}
|
||||
|
||||
|
@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/syscallsubr.h>
|
||||
#include <sys/sysctl.h>
|
||||
@ -186,9 +187,10 @@ sched_setscheduler(struct thread *td, struct sched_setscheduler_args *uap)
|
||||
struct thread *targettd;
|
||||
struct proc *targetp;
|
||||
|
||||
/* Don't allow non root user to set a scheduler policy */
|
||||
if (suser(td) != 0)
|
||||
return (EPERM);
|
||||
/* Don't allow non root user to set a scheduler policy. */
|
||||
e = priv_check(td, PRIV_SCHED_SET);
|
||||
if (e)
|
||||
return (e);
|
||||
|
||||
e = copyin(uap->param, &sched_param, sizeof(sched_param));
|
||||
if (e)
|
||||
|
@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/stat.h>
|
||||
@ -46,9 +47,9 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
/*
|
||||
* Implement a version of vaccess() that understands POSIX.1e ACL semantics;
|
||||
* the access ACL has already been prepared for evaluation by the file
|
||||
* system and is passed via 'uid', 'gid', and 'acl'. Return 0 on success,
|
||||
* else an errno value.
|
||||
* the access ACL has already been prepared for evaluation by the file system
|
||||
* and is passed via 'uid', 'gid', and 'acl'. Return 0 on success, else an
|
||||
* errno value.
|
||||
*/
|
||||
int
|
||||
vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
||||
@ -56,14 +57,14 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
||||
{
|
||||
struct acl_entry *acl_other, *acl_mask;
|
||||
mode_t dac_granted;
|
||||
mode_t cap_granted;
|
||||
mode_t priv_granted;
|
||||
mode_t acl_mask_granted;
|
||||
int group_matched, i;
|
||||
|
||||
/*
|
||||
* Look for a normal, non-privileged way to access the file/directory
|
||||
* as requested. If it exists, go with that. Otherwise, attempt to
|
||||
* use privileges granted via cap_granted. In some cases, which
|
||||
* use privileges granted via priv_granted. In some cases, which
|
||||
* privileges to use may be ambiguous due to "best match", in which
|
||||
* case fall back on first match for the time being.
|
||||
*/
|
||||
@ -72,40 +73,34 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
||||
|
||||
/*
|
||||
* Determine privileges now, but don't apply until we've found a DAC
|
||||
* entry that matches but has failed to allow access. POSIX.1e
|
||||
* capabilities are not implemented, but we document how they would
|
||||
* behave here if implemented.
|
||||
* entry that matches but has failed to allow access.
|
||||
*
|
||||
* XXXRW: Ideally, we'd determine the privileges required before
|
||||
* asking for them.
|
||||
*/
|
||||
#ifndef CAPABILITIES
|
||||
if (suser_cred(cred, SUSER_ALLOWJAIL) == 0)
|
||||
cap_granted = VALLPERM;
|
||||
else
|
||||
cap_granted = 0;
|
||||
#else
|
||||
cap_granted = 0;
|
||||
priv_granted = 0;
|
||||
|
||||
if (type == VDIR) {
|
||||
if ((acc_mode & VEXEC) && !cap_check(cred, NULL,
|
||||
CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
|
||||
cap_granted |= VEXEC;
|
||||
if ((acc_mode & VEXEC) && !priv_check_cred(cred,
|
||||
PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL))
|
||||
priv_granted |= VEXEC;
|
||||
} else {
|
||||
if ((acc_mode & VEXEC) && !cap_check(cred, NULL,
|
||||
CAP_DAC_EXECUTE, SUSER_ALLOWJAIL))
|
||||
cap_granted |= VEXEC;
|
||||
if ((acc_mode & VEXEC) && !priv_check_cred(cred,
|
||||
PRIV_VFS_EXEC, SUSER_ALLOWJAIL))
|
||||
priv_granted |= VEXEC;
|
||||
}
|
||||
|
||||
if ((acc_mode & VREAD) && !cap_check(cred, NULL, CAP_DAC_READ_SEARCH,
|
||||
if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ,
|
||||
SUSER_ALLOWJAIL))
|
||||
cap_granted |= VREAD;
|
||||
priv_granted |= VREAD;
|
||||
|
||||
if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) &&
|
||||
!cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
|
||||
cap_granted |= (VWRITE | VAPPEND);
|
||||
!priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL))
|
||||
priv_granted |= (VWRITE | VAPPEND);
|
||||
|
||||
if ((acc_mode & VADMIN) && !cap_check(cred, NULL, CAP_FOWNER,
|
||||
if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN,
|
||||
SUSER_ALLOWJAIL))
|
||||
cap_granted |= VADMIN;
|
||||
#endif /* CAPABILITIES */
|
||||
priv_granted |= VADMIN;
|
||||
|
||||
/*
|
||||
* The owner matches if the effective uid associated with the
|
||||
@ -129,7 +124,11 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
||||
dac_granted |= (VWRITE | VAPPEND);
|
||||
if ((acc_mode & dac_granted) == acc_mode)
|
||||
return (0);
|
||||
if ((acc_mode & (dac_granted | cap_granted)) ==
|
||||
|
||||
/*
|
||||
* XXXRW: Do privilege lookup here.
|
||||
*/
|
||||
if ((acc_mode & (dac_granted | priv_granted)) ==
|
||||
acc_mode) {
|
||||
if (privused != NULL)
|
||||
*privused = 1;
|
||||
@ -183,13 +182,9 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
||||
acl_mask_granted = VEXEC | VREAD | VWRITE | VAPPEND;
|
||||
|
||||
/*
|
||||
* Iterate through user ACL entries. Do checks twice, first without
|
||||
* privilege, and then if a match is found but failed, a second time
|
||||
* with privilege.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Check ACL_USER ACL entries.
|
||||
* Check ACL_USER ACL entries. There will either be one or no
|
||||
* matches; if there is one, we accept or rejected based on the
|
||||
* match; otherwise, we continue on to groups.
|
||||
*/
|
||||
for (i = 0; i < acl->acl_cnt; i++) {
|
||||
switch (acl->acl_entry[i].ae_tag) {
|
||||
@ -206,7 +201,10 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
||||
dac_granted &= acl_mask_granted;
|
||||
if ((acc_mode & dac_granted) == acc_mode)
|
||||
return (0);
|
||||
if ((acc_mode & (dac_granted | cap_granted)) !=
|
||||
/*
|
||||
* XXXRW: Do privilege lookup here.
|
||||
*/
|
||||
if ((acc_mode & (dac_granted | priv_granted)) !=
|
||||
acc_mode)
|
||||
goto error;
|
||||
|
||||
@ -286,8 +284,11 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
||||
dac_granted |= (VWRITE | VAPPEND);
|
||||
dac_granted &= acl_mask_granted;
|
||||
|
||||
if ((acc_mode & (dac_granted | cap_granted)) !=
|
||||
acc_mode)
|
||||
/*
|
||||
* XXXRW: Do privilege lookup here.
|
||||
*/
|
||||
if ((acc_mode & (dac_granted | priv_granted))
|
||||
!= acc_mode)
|
||||
break;
|
||||
|
||||
if (privused != NULL)
|
||||
@ -307,8 +308,11 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
||||
dac_granted |= (VWRITE | VAPPEND);
|
||||
dac_granted &= acl_mask_granted;
|
||||
|
||||
if ((acc_mode & (dac_granted | cap_granted)) !=
|
||||
acc_mode)
|
||||
/*
|
||||
* XXXRW: Do privilege lookup here.
|
||||
*/
|
||||
if ((acc_mode & (dac_granted | priv_granted))
|
||||
!= acc_mode)
|
||||
break;
|
||||
|
||||
if (privused != NULL)
|
||||
@ -339,7 +343,10 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
||||
|
||||
if ((acc_mode & dac_granted) == acc_mode)
|
||||
return (0);
|
||||
if ((acc_mode & (dac_granted | cap_granted)) == acc_mode) {
|
||||
/*
|
||||
* XXXRW: Do privilege lookup here.
|
||||
*/
|
||||
if ((acc_mode & (dac_granted | priv_granted)) == acc_mode) {
|
||||
if (privused != NULL)
|
||||
*privused = 1;
|
||||
return (0);
|
||||
|
@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/errno.h>
|
||||
#include <sys/linker.h>
|
||||
#include <sys/firmware.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/module.h>
|
||||
|
||||
@ -190,7 +191,8 @@ firmware_get(const char *imagename)
|
||||
return NULL;
|
||||
}
|
||||
td = curthread;
|
||||
if (suser(td) != 0 || securelevel_gt(td->td_ucred, 0) != 0) {
|
||||
if (priv_check(td, PRIV_FIRMWARE_LOAD) != 0 ||
|
||||
securelevel_gt(td->td_ucred, 0) != 0) {
|
||||
printf("%s: insufficient privileges to "
|
||||
"load firmware image %s\n", __func__, imagename);
|
||||
return NULL;
|
||||
|
@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/msgbuf.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/stddef.h>
|
||||
#include <sys/sysctl.h>
|
||||
@ -925,7 +926,7 @@ sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)
|
||||
int error, len;
|
||||
|
||||
if (!unprivileged_read_msgbuf) {
|
||||
error = suser(req->td);
|
||||
error = priv_check(req->td, PRIV_MSGBUF);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
|
@ -95,6 +95,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/lock.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/systm.h>
|
||||
@ -533,7 +534,10 @@ sysctl_debug_witness_watch(SYSCTL_HANDLER_ARGS)
|
||||
error = sysctl_handle_int(oidp, &value, 0, req);
|
||||
if (error != 0 || req->newptr == NULL)
|
||||
return (error);
|
||||
error = suser(req->td);
|
||||
/*
|
||||
* XXXRW: Why a priv check here?
|
||||
*/
|
||||
error = priv_check(req->td, PRIV_WITNESS);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
if (value == witness_watch)
|
||||
|
@ -1,8 +1,12 @@
|
||||
/* $NetBSD: sysv_ipc.c,v 1.7 1994/06/29 06:33:11 cgd Exp $ */
|
||||
/*-
|
||||
* Copyright (c) 1994 Herb Peyerl <hpeyerl@novatel.ca>
|
||||
* Copyright (c) 2006 nCircle Network Security, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed by Robert N. M. Watson for the TrustedBSD
|
||||
* Project under contract to nCircle Network Security, Inc.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -39,6 +43,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sem.h>
|
||||
#include <sys/shm.h>
|
||||
#include <sys/ipc.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/ucred.h>
|
||||
|
||||
@ -72,50 +77,73 @@ shmexit(struct vmspace *vm)
|
||||
* Note: The MAC Framework does not require any modifications to the
|
||||
* ipcperm() function, as access control checks are performed throughout the
|
||||
* implementation of each primitive. Those entry point calls complement the
|
||||
* ipcperm() discertionary checks.
|
||||
* ipcperm() discertionary checks. Unlike file system discretionary access
|
||||
* control, the original create of an object is given the same rights as the
|
||||
* current owner.
|
||||
*/
|
||||
int
|
||||
ipcperm(td, perm, mode)
|
||||
struct thread *td;
|
||||
struct ipc_perm *perm;
|
||||
int mode;
|
||||
ipcperm(struct thread *td, struct ipc_perm *perm, int acc_mode)
|
||||
{
|
||||
struct ucred *cred = td->td_ucred;
|
||||
int error;
|
||||
int error, obj_mode, dac_granted, priv_granted;
|
||||
|
||||
if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) {
|
||||
/*
|
||||
* For a non-create/owner, we require privilege to
|
||||
* modify the object protections. Note: some other
|
||||
* implementations permit IPC_M to be delegated to
|
||||
* unprivileged non-creator/owner uids/gids.
|
||||
*/
|
||||
if (mode & IPC_M) {
|
||||
error = suser(td);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
/*
|
||||
* Try to match against creator/owner group; if not, fall
|
||||
* back on other.
|
||||
*/
|
||||
mode >>= 3;
|
||||
if (!groupmember(perm->gid, cred) &&
|
||||
!groupmember(perm->cgid, cred))
|
||||
mode >>= 3;
|
||||
dac_granted = 0;
|
||||
if (cred->cr_uid == perm->cuid || cred->cr_uid == perm->uid) {
|
||||
obj_mode = perm->mode;
|
||||
dac_granted |= IPC_M;
|
||||
} else if (groupmember(perm->gid, cred) ||
|
||||
groupmember(perm->cgid, cred)) {
|
||||
obj_mode = perm->mode;
|
||||
obj_mode <<= 3;
|
||||
} else {
|
||||
/*
|
||||
* Always permit the creator/owner to update the object
|
||||
* protections regardless of whether the object mode
|
||||
* permits it.
|
||||
*/
|
||||
if (mode & IPC_M)
|
||||
return (0);
|
||||
obj_mode = perm->mode;
|
||||
obj_mode <<= 6;
|
||||
}
|
||||
|
||||
if ((mode & perm->mode) != mode) {
|
||||
if (suser(td) != 0)
|
||||
/*
|
||||
* While the System V IPC permission model allows IPC_M to be
|
||||
* granted, as part of the mode, our implementation requires
|
||||
* privilege to adminster the object if not the owner or creator.
|
||||
*/
|
||||
#if 0
|
||||
if (obj_mode & IPC_M)
|
||||
dac_granted |= IPC_M;
|
||||
#endif
|
||||
if (obj_mode & IPC_R)
|
||||
dac_granted |= IPC_R;
|
||||
if (obj_mode & IPC_W)
|
||||
dac_granted |= IPC_W;
|
||||
|
||||
/*
|
||||
* Simple case: all required rights are granted by DAC.
|
||||
*/
|
||||
if ((dac_granted & acc_mode) == acc_mode)
|
||||
return (0);
|
||||
|
||||
/*
|
||||
* Privilege is required to satisfy the request.
|
||||
*/
|
||||
priv_granted = 0;
|
||||
if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) {
|
||||
error = priv_check(td, PRIV_IPC_ADMIN);
|
||||
if (error == 0)
|
||||
priv_granted |= IPC_M;
|
||||
}
|
||||
|
||||
if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) {
|
||||
error = priv_check(td, PRIV_IPC_READ);
|
||||
if (error == 0)
|
||||
priv_granted |= IPC_R;
|
||||
}
|
||||
|
||||
if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) {
|
||||
error = priv_check(td, PRIV_IPC_WRITE);
|
||||
if (error == 0)
|
||||
priv_granted |= IPC_W;
|
||||
}
|
||||
|
||||
if (((dac_granted | priv_granted) & acc_mode) == acc_mode)
|
||||
return (0);
|
||||
else
|
||||
return (EACCES);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/systm.h>
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
@ -507,7 +508,7 @@ kern_msgctl(td, msqid, cmd, msqbuf)
|
||||
if ((error = ipcperm(td, &msqkptr->u.msg_perm, IPC_M)))
|
||||
goto done2;
|
||||
if (msqbuf->msg_qbytes > msqkptr->u.msg_qbytes) {
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_IPC_MSGSIZE);
|
||||
if (error)
|
||||
goto done2;
|
||||
}
|
||||
|
@ -86,6 +86,7 @@ __FBSDID("$FreeBSD$");
|
||||
#if defined(COMPAT_43TTY)
|
||||
#include <sys/ioctl_compat.h>
|
||||
#endif
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#define TTYDEFCHARS
|
||||
#include <sys/tty.h>
|
||||
@ -1020,7 +1021,7 @@ ttioctl(struct tty *tp, u_long cmd, void *data, int flag)
|
||||
break;
|
||||
case TIOCMSDTRWAIT:
|
||||
/* must be root since the wait applies to following logins */
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_TTY_DTRWAIT);
|
||||
if (error)
|
||||
return (error);
|
||||
tp->t_dtr_wait = *(int *)data * hz / 100;
|
||||
@ -1169,9 +1170,9 @@ ttioctl(struct tty *tp, u_long cmd, void *data, int flag)
|
||||
splx(s);
|
||||
break;
|
||||
case TIOCSTI: /* simulate terminal input */
|
||||
if ((flag & FREAD) == 0 && suser(td))
|
||||
if ((flag & FREAD) == 0 && priv_check(td, PRIV_TTY_STI))
|
||||
return (EPERM);
|
||||
if (!isctty(p, tp) && suser(td))
|
||||
if (!isctty(p, tp) && priv_check(td, PRIV_TTY_STI))
|
||||
return (EACCES);
|
||||
s = spltty();
|
||||
ttyld_rint(tp, *(u_char *)data);
|
||||
@ -1244,7 +1245,7 @@ ttioctl(struct tty *tp, u_long cmd, void *data, int flag)
|
||||
}
|
||||
break;
|
||||
case TIOCSDRAINWAIT:
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_TTY_DRAINWAIT);
|
||||
if (error)
|
||||
return (error);
|
||||
tp->t_timeout = *(int *)data * hz;
|
||||
@ -3114,7 +3115,8 @@ ttyopen(struct cdev *dev, int flag, int mode, struct thread *td)
|
||||
goto out;
|
||||
goto open_top;
|
||||
}
|
||||
if (tp->t_state & TS_XCLUDE && suser(td))
|
||||
if (tp->t_state & TS_XCLUDE && priv_check(td,
|
||||
PRIV_TTY_EXCLUSIVE))
|
||||
return (EBUSY);
|
||||
} else {
|
||||
/*
|
||||
@ -3340,7 +3342,7 @@ ttysioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *t
|
||||
ct = dev->si_drv2;
|
||||
switch (cmd) {
|
||||
case TIOCSETA:
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_TTY_SETA);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
*ct = *(struct termios *)data;
|
||||
|
@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/msgbuf.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/reboot.h>
|
||||
@ -510,7 +511,7 @@ cnioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td)
|
||||
* output from the "virtual" console.
|
||||
*/
|
||||
if (cmd == TIOCCONS && constty) {
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_TTY_CONSOLE);
|
||||
if (error)
|
||||
return (error);
|
||||
constty = NULL;
|
||||
|
@ -56,6 +56,7 @@ __FBSDID("$FreeBSD$");
|
||||
#if defined(COMPAT_43TTY)
|
||||
#include <sys/ioctl_compat.h>
|
||||
#endif
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/tty.h>
|
||||
@ -268,9 +269,11 @@ ptsopen(struct cdev *dev, int flag, int devtype, struct thread *td)
|
||||
tp = dev->si_tty;
|
||||
if ((tp->t_state & TS_ISOPEN) == 0)
|
||||
ttyinitmode(tp, 1, 0);
|
||||
else if (tp->t_state & TS_XCLUDE && suser(td)) {
|
||||
else if (tp->t_state & TS_XCLUDE && priv_check(td,
|
||||
PRIV_TTY_EXCLUSIVE)) {
|
||||
return (EBUSY);
|
||||
} else if (pt->pt_prison != td->td_ucred->cr_prison && suser(td)) {
|
||||
} else if (pt->pt_prison != td->td_ucred->cr_prison &&
|
||||
priv_check(td, PRIV_TTY_PRISON)) {
|
||||
return (EBUSY);
|
||||
}
|
||||
if (tp->t_oproc) /* Ctrlr still around. */
|
||||
|
@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
|
||||
#if defined(COMPAT_43TTY)
|
||||
#include <sys/ioctl_compat.h>
|
||||
#endif
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/tty.h>
|
||||
#include <sys/conf.h>
|
||||
@ -207,9 +208,11 @@ ptsopen(struct cdev *dev, int flag, int devtype, struct thread *td)
|
||||
|
||||
if ((tp->t_state & TS_ISOPEN) == 0) {
|
||||
ttyinitmode(tp, 1, 0);
|
||||
} else if (tp->t_state & TS_XCLUDE && suser(td))
|
||||
} else if (tp->t_state & TS_XCLUDE && priv_check(td,
|
||||
PRIV_TTY_EXCLUSIVE))
|
||||
return (EBUSY);
|
||||
else if (pt->pt_prison != td->td_ucred->cr_prison && suser(td))
|
||||
else if (pt->pt_prison != td->td_ucred->cr_prison &&
|
||||
priv_check(td, PRIV_TTY_PRISON))
|
||||
return (EBUSY);
|
||||
if (tp->t_oproc) /* Ctrlr still around. */
|
||||
(void)ttyld_modem(tp, 1);
|
||||
|
@ -65,6 +65,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/poll.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/sysproto.h>
|
||||
@ -955,8 +956,12 @@ int do_unlink(struct mqfs_node *pn, struct ucred *ucred)
|
||||
|
||||
sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
|
||||
|
||||
/*
|
||||
* XXXRW: Other instances of the message queue primitive are
|
||||
* allowed in jail?
|
||||
*/
|
||||
if (ucred->cr_uid != pn->mn_uid &&
|
||||
(error = suser_cred(ucred, 0)) != 0)
|
||||
(error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0)
|
||||
error = EACCES;
|
||||
else if (!pn->mn_deleted) {
|
||||
parent = pn->mn_parent;
|
||||
@ -1207,10 +1212,16 @@ mqfs_setattr(struct vop_setattr_args *ap)
|
||||
*/
|
||||
if ((error = VOP_ACCESS(vp, VADMIN, ap->a_cred, ap->a_td)))
|
||||
return (error);
|
||||
|
||||
/*
|
||||
* XXXRW: Why is there a privilege check here: shouldn't the
|
||||
* check in VOP_ACCESS() be enough? Also, are the group bits
|
||||
* below definitely right?
|
||||
*/
|
||||
if (((ap->a_cred->cr_uid != pn->mn_uid) || uid != pn->mn_uid ||
|
||||
(gid != pn->mn_gid && !groupmember(gid, ap->a_cred))) &&
|
||||
(error = suser_cred(ap->a_td->td_ucred, SUSER_ALLOWJAIL))
|
||||
!= 0)
|
||||
(error = priv_check_cred(ap->a_td->td_ucred,
|
||||
PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)) != 0)
|
||||
return (error);
|
||||
pn->mn_uid = uid;
|
||||
pn->mn_gid = gid;
|
||||
@ -1219,7 +1230,8 @@ mqfs_setattr(struct vop_setattr_args *ap)
|
||||
|
||||
if (vap->va_mode != (mode_t)VNOVAL) {
|
||||
if ((ap->a_cred->cr_uid != pn->mn_uid) &&
|
||||
(error = suser_cred(ap->a_td->td_ucred, SUSER_ALLOWJAIL)))
|
||||
(error = priv_check_cred(ap->a_td->td_ucred,
|
||||
PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)))
|
||||
return (error);
|
||||
pn->mn_mode = vap->va_mode;
|
||||
c = 1;
|
||||
|
@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/eventhandler.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
@ -419,15 +420,23 @@ sem_perm(struct thread *td, struct ksem *ks)
|
||||
{
|
||||
struct ucred *uc;
|
||||
|
||||
/*
|
||||
* XXXRW: This permission routine appears to be incorrect. If the
|
||||
* user matches, we shouldn't go on to the group if the user
|
||||
* permissions don't allow the action? Not changed for now. To fix,
|
||||
* change from a series of if (); if (); to if () else if () else...
|
||||
*/
|
||||
uc = td->td_ucred;
|
||||
DP(("sem_perm: uc(%d,%d) ks(%d,%d,%o)\n",
|
||||
uc->cr_uid, uc->cr_gid,
|
||||
ks->ks_uid, ks->ks_gid, ks->ks_mode));
|
||||
if ((uc->cr_uid == ks->ks_uid && (ks->ks_mode & S_IWUSR) != 0) ||
|
||||
(uc->cr_gid == ks->ks_gid && (ks->ks_mode & S_IWGRP) != 0) ||
|
||||
(ks->ks_mode & S_IWOTH) != 0 || suser(td) == 0)
|
||||
if ((uc->cr_uid == ks->ks_uid) && (ks->ks_mode & S_IWUSR) != 0)
|
||||
return (0);
|
||||
return (EPERM);
|
||||
if ((uc->cr_gid == ks->ks_gid) && (ks->ks_mode & S_IWGRP) != 0)
|
||||
return (0);
|
||||
if ((ks->ks_mode & S_IWOTH) != 0)
|
||||
return (0);
|
||||
return (priv_check(td, PRIV_SEM_WRITE));
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sx.h>
|
||||
#include <sys/unistd.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/dirent.h>
|
||||
#include <sys/extattr.h>
|
||||
@ -272,7 +273,7 @@ kern_statfs(struct thread *td, char *path, enum uio_seg pathseg,
|
||||
error = VFS_STATFS(mp, sp, td);
|
||||
if (error)
|
||||
goto out;
|
||||
if (suser(td)) {
|
||||
if (priv_check(td, PRIV_VFS_GENERATION)) {
|
||||
bcopy(sp, &sb, sizeof(sb));
|
||||
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
|
||||
prison_enforce_statfs(td->td_ucred, mp, &sb);
|
||||
@ -357,7 +358,7 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
|
||||
error = VFS_STATFS(mp, sp, td);
|
||||
if (error)
|
||||
goto out;
|
||||
if (suser(td)) {
|
||||
if (priv_check(td, PRIV_VFS_GENERATION)) {
|
||||
bcopy(sp, &sb, sizeof(sb));
|
||||
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
|
||||
prison_enforce_statfs(td->td_ucred, mp, &sb);
|
||||
@ -468,7 +469,7 @@ kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
|
||||
vfs_unbusy(mp, td);
|
||||
continue;
|
||||
}
|
||||
if (suser(td)) {
|
||||
if (priv_check(td, PRIV_VFS_GENERATION)) {
|
||||
bcopy(sp, &sb, sizeof(sb));
|
||||
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
|
||||
prison_enforce_statfs(td->td_ucred, mp, &sb);
|
||||
@ -842,7 +843,8 @@ chroot(td, uap)
|
||||
struct nameidata nd;
|
||||
int vfslocked;
|
||||
|
||||
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
||||
error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
||||
@ -896,8 +898,8 @@ change_dir(vp, td)
|
||||
|
||||
/*
|
||||
* Common routine for kern_chroot() and jail_attach(). The caller is
|
||||
* responsible for invoking suser() and mac_check_chroot() to authorize this
|
||||
* operation.
|
||||
* responsible for invoking priv_check() and mac_check_chroot() to authorize
|
||||
* this operation.
|
||||
*/
|
||||
int
|
||||
change_root(vp, td)
|
||||
@ -1186,10 +1188,16 @@ kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode,
|
||||
switch (mode & S_IFMT) {
|
||||
case S_IFCHR:
|
||||
case S_IFBLK:
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_MKNOD_DEV);
|
||||
break;
|
||||
case S_IFMT:
|
||||
error = priv_check(td, PRIV_VFS_MKNOD_BAD);
|
||||
break;
|
||||
case S_IFWHT:
|
||||
error = priv_check(td, PRIV_VFS_MKNOD_WHT);
|
||||
break;
|
||||
default:
|
||||
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
if (error)
|
||||
@ -1234,8 +1242,7 @@ kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode,
|
||||
whiteout = 1;
|
||||
break;
|
||||
default:
|
||||
error = EINVAL;
|
||||
break;
|
||||
panic("kern_mknod: invalid mode");
|
||||
}
|
||||
}
|
||||
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
|
||||
@ -1390,9 +1397,6 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
|
||||
struct vattr va;
|
||||
int error;
|
||||
|
||||
if (suser_cred(cred, SUSER_ALLOWJAIL) == 0)
|
||||
return (0);
|
||||
|
||||
if (!hardlink_check_uid && !hardlink_check_gid)
|
||||
return (0);
|
||||
|
||||
@ -1400,14 +1404,18 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
|
||||
if (error != 0)
|
||||
return (error);
|
||||
|
||||
if (hardlink_check_uid) {
|
||||
if (cred->cr_uid != va.va_uid)
|
||||
return (EPERM);
|
||||
if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_LINK,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
|
||||
if (hardlink_check_gid) {
|
||||
if (!groupmember(va.va_gid, cred))
|
||||
return (EPERM);
|
||||
if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_LINK,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
|
||||
return (0);
|
||||
@ -2361,7 +2369,8 @@ setfflags(td, vp, flags)
|
||||
* chown can't fail when done as root.
|
||||
*/
|
||||
if (vp->v_type == VCHR || vp->v_type == VBLK) {
|
||||
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
||||
error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
@ -3894,7 +3903,8 @@ revoke(td, uap)
|
||||
if (error)
|
||||
goto out;
|
||||
if (td->td_ucred->cr_uid != vattr.va_uid) {
|
||||
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
||||
error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
goto out;
|
||||
}
|
||||
@ -3960,7 +3970,7 @@ lgetfh(td, uap)
|
||||
int vfslocked;
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_GETFH);
|
||||
if (error)
|
||||
return (error);
|
||||
NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
||||
@ -3999,7 +4009,7 @@ getfh(td, uap)
|
||||
int vfslocked;
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_GETFH);
|
||||
if (error)
|
||||
return (error);
|
||||
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
||||
@ -4022,10 +4032,10 @@ getfh(td, uap)
|
||||
}
|
||||
|
||||
/*
|
||||
* syscall for the rpc.lockd to use to translate a NFS file handle into
|
||||
* an open descriptor.
|
||||
* syscall for the rpc.lockd to use to translate a NFS file handle into an
|
||||
* open descriptor.
|
||||
*
|
||||
* warning: do not remove the suser() call or this becomes one giant
|
||||
* warning: do not remove the priv_check() call or this becomes one giant
|
||||
* security hole.
|
||||
*
|
||||
* MP SAFE
|
||||
@ -4058,7 +4068,7 @@ fhopen(td, uap)
|
||||
int vfslocked;
|
||||
int indx;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_FHOPEN);
|
||||
if (error)
|
||||
return (error);
|
||||
fmode = FFLAGS(uap->flags);
|
||||
@ -4242,7 +4252,7 @@ fhstat(td, uap)
|
||||
int vfslocked;
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_FHSTAT);
|
||||
if (error)
|
||||
return (error);
|
||||
error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
|
||||
@ -4307,7 +4317,7 @@ kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
|
||||
int vfslocked;
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_FHSTATFS);
|
||||
if (error)
|
||||
return (error);
|
||||
if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
|
||||
|
@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/mount.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/filedesc.h>
|
||||
#include <sys/reboot.h>
|
||||
@ -808,23 +809,31 @@ vfs_domount(
|
||||
if (jailed(td->td_ucred))
|
||||
return (EPERM);
|
||||
if (usermount == 0) {
|
||||
if ((error = suser(td)) != 0)
|
||||
if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0)
|
||||
return (error);
|
||||
}
|
||||
|
||||
/*
|
||||
* Do not allow NFS export or MNT_SUIDDIR by unprivileged users.
|
||||
*/
|
||||
if (fsflags & (MNT_EXPORTED | MNT_SUIDDIR)) {
|
||||
if ((error = suser(td)) != 0)
|
||||
if (fsflags & MNT_EXPORTED) {
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
if (fsflags & MNT_SUIDDIR) {
|
||||
error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
}
|
||||
/*
|
||||
* Silently enforce MNT_NOSUID and MNT_USER for
|
||||
* unprivileged users.
|
||||
* Silently enforce MNT_NOSUID and MNT_USER for unprivileged users.
|
||||
*/
|
||||
if (suser(td) != 0)
|
||||
if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) {
|
||||
if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0)
|
||||
fsflags |= MNT_NOSUID | MNT_USER;
|
||||
}
|
||||
|
||||
/* Load KLDs before we lock the covered vnode to avoid reversals. */
|
||||
vfsp = NULL;
|
||||
@ -906,7 +915,9 @@ vfs_domount(
|
||||
return (error);
|
||||
}
|
||||
if (va.va_uid != td->td_ucred->cr_uid) {
|
||||
if ((error = suser(td)) != 0) {
|
||||
error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error) {
|
||||
vput(vp);
|
||||
return (error);
|
||||
}
|
||||
@ -1078,7 +1089,8 @@ unmount(td, uap)
|
||||
if (jailed(td->td_ucred))
|
||||
return (EPERM);
|
||||
if (usermount == 0) {
|
||||
if ((error = suser(td)) != 0)
|
||||
error = priv_check(td, PRIV_VFS_UNMOUNT);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
|
||||
|
@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/reboot.h>
|
||||
#include <sys/sleepqueue.h>
|
||||
#include <sys/stat.h>
|
||||
@ -412,7 +413,7 @@ vfs_suser(struct mount *mp, struct thread *td)
|
||||
|
||||
if ((mp->mnt_flag & MNT_USER) == 0 ||
|
||||
mp->mnt_cred->cr_uid != td->td_ucred->cr_uid) {
|
||||
if ((error = suser(td)) != 0)
|
||||
if ((error = priv_check(td, PRIV_VFS_MOUNT_OWNER)) != 0)
|
||||
return (error);
|
||||
}
|
||||
return (0);
|
||||
@ -3178,9 +3179,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid,
|
||||
mode_t acc_mode, struct ucred *cred, int *privused)
|
||||
{
|
||||
mode_t dac_granted;
|
||||
#ifdef CAPABILITIES
|
||||
mode_t cap_granted;
|
||||
#endif
|
||||
mode_t priv_granted;
|
||||
|
||||
/*
|
||||
* Look for a normal, non-privileged way to access the file/directory
|
||||
@ -3234,59 +3233,46 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid,
|
||||
return (0);
|
||||
|
||||
privcheck:
|
||||
if (!suser_cred(cred, SUSER_ALLOWJAIL)) {
|
||||
/* XXX audit: privilege used */
|
||||
if (privused != NULL)
|
||||
*privused = 1;
|
||||
return (0);
|
||||
}
|
||||
|
||||
#ifdef CAPABILITIES
|
||||
/*
|
||||
* Build a capability mask to determine if the set of capabilities
|
||||
* Build a privilege mask to determine if the set of privileges
|
||||
* satisfies the requirements when combined with the granted mask
|
||||
* from above. For each capability, if the capability is required,
|
||||
* bitwise or the request type onto the cap_granted mask.
|
||||
*
|
||||
* Note: This is never actually used, but is here for reference
|
||||
* purposes.
|
||||
* from above. For each privilege, if the privilege is required,
|
||||
* bitwise or the request type onto the priv_granted mask.
|
||||
*/
|
||||
cap_granted = 0;
|
||||
priv_granted = 0;
|
||||
|
||||
if (type == VDIR) {
|
||||
/*
|
||||
* For directories, use CAP_DAC_READ_SEARCH to satisfy
|
||||
* VEXEC requests, instead of CAP_DAC_EXECUTE.
|
||||
* For directories, use PRIV_VFS_LOOKUP to satisfy VEXEC
|
||||
* requests, instead of PRIV_VFS_EXEC.
|
||||
*/
|
||||
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
|
||||
!cap_check(cred, NULL, CAP_DAC_READ_SEARCH,
|
||||
SUSER_ALLOWJAIL))
|
||||
cap_granted |= VEXEC;
|
||||
!priv_check_cred(cred, PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL))
|
||||
priv_granted |= VEXEC;
|
||||
} else {
|
||||
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
|
||||
!cap_check(cred, NULL, CAP_DAC_EXECUTE, SUSER_ALLOWJAIL))
|
||||
cap_granted |= VEXEC;
|
||||
!priv_check_cred(cred, PRIV_VFS_EXEC, SUSER_ALLOWJAIL))
|
||||
priv_granted |= VEXEC;
|
||||
}
|
||||
|
||||
if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) &&
|
||||
!cap_check(cred, NULL, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
|
||||
cap_granted |= VREAD;
|
||||
!priv_check_cred(cred, PRIV_VFS_READ, SUSER_ALLOWJAIL))
|
||||
priv_granted |= VREAD;
|
||||
|
||||
if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
|
||||
!cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
|
||||
cap_granted |= (VWRITE | VAPPEND);
|
||||
!priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL))
|
||||
priv_granted |= (VWRITE | VAPPEND);
|
||||
|
||||
if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
|
||||
!cap_check(cred, NULL, CAP_FOWNER, SUSER_ALLOWJAIL))
|
||||
cap_granted |= VADMIN;
|
||||
!priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL))
|
||||
priv_granted |= VADMIN;
|
||||
|
||||
if ((acc_mode & (cap_granted | dac_granted)) == acc_mode) {
|
||||
if ((acc_mode & (priv_granted | dac_granted)) == acc_mode) {
|
||||
/* XXX audit: privilege used */
|
||||
if (privused != NULL)
|
||||
*privused = 1;
|
||||
return (0);
|
||||
}
|
||||
#endif
|
||||
|
||||
return ((acc_mode & VADMIN) ? EPERM : EACCES);
|
||||
}
|
||||
@ -3307,16 +3293,13 @@ extattr_check_cred(struct vnode *vp, int attrnamespace, struct ucred *cred,
|
||||
return (0);
|
||||
|
||||
/*
|
||||
* Do not allow privileged processes in jail to directly
|
||||
* manipulate system attributes.
|
||||
*
|
||||
* XXX What capability should apply here?
|
||||
* Probably CAP_SYS_SETFFLAG.
|
||||
* Do not allow privileged processes in jail to directly manipulate
|
||||
* system attributes.
|
||||
*/
|
||||
switch (attrnamespace) {
|
||||
case EXTATTR_NAMESPACE_SYSTEM:
|
||||
/* Potentially should be: return (EPERM); */
|
||||
return (suser_cred(cred, 0));
|
||||
return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM, 0));
|
||||
case EXTATTR_NAMESPACE_USER:
|
||||
return (VOP_ACCESS(vp, access, cred, td));
|
||||
default:
|
||||
|
@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/sx.h>
|
||||
#include <sys/unistd.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/dirent.h>
|
||||
#include <sys/extattr.h>
|
||||
@ -272,7 +273,7 @@ kern_statfs(struct thread *td, char *path, enum uio_seg pathseg,
|
||||
error = VFS_STATFS(mp, sp, td);
|
||||
if (error)
|
||||
goto out;
|
||||
if (suser(td)) {
|
||||
if (priv_check(td, PRIV_VFS_GENERATION)) {
|
||||
bcopy(sp, &sb, sizeof(sb));
|
||||
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
|
||||
prison_enforce_statfs(td->td_ucred, mp, &sb);
|
||||
@ -357,7 +358,7 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
|
||||
error = VFS_STATFS(mp, sp, td);
|
||||
if (error)
|
||||
goto out;
|
||||
if (suser(td)) {
|
||||
if (priv_check(td, PRIV_VFS_GENERATION)) {
|
||||
bcopy(sp, &sb, sizeof(sb));
|
||||
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
|
||||
prison_enforce_statfs(td->td_ucred, mp, &sb);
|
||||
@ -468,7 +469,7 @@ kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
|
||||
vfs_unbusy(mp, td);
|
||||
continue;
|
||||
}
|
||||
if (suser(td)) {
|
||||
if (priv_check(td, PRIV_VFS_GENERATION)) {
|
||||
bcopy(sp, &sb, sizeof(sb));
|
||||
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
|
||||
prison_enforce_statfs(td->td_ucred, mp, &sb);
|
||||
@ -842,7 +843,8 @@ chroot(td, uap)
|
||||
struct nameidata nd;
|
||||
int vfslocked;
|
||||
|
||||
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
||||
error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
||||
@ -896,8 +898,8 @@ change_dir(vp, td)
|
||||
|
||||
/*
|
||||
* Common routine for kern_chroot() and jail_attach(). The caller is
|
||||
* responsible for invoking suser() and mac_check_chroot() to authorize this
|
||||
* operation.
|
||||
* responsible for invoking priv_check() and mac_check_chroot() to authorize
|
||||
* this operation.
|
||||
*/
|
||||
int
|
||||
change_root(vp, td)
|
||||
@ -1186,10 +1188,16 @@ kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode,
|
||||
switch (mode & S_IFMT) {
|
||||
case S_IFCHR:
|
||||
case S_IFBLK:
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_MKNOD_DEV);
|
||||
break;
|
||||
case S_IFMT:
|
||||
error = priv_check(td, PRIV_VFS_MKNOD_BAD);
|
||||
break;
|
||||
case S_IFWHT:
|
||||
error = priv_check(td, PRIV_VFS_MKNOD_WHT);
|
||||
break;
|
||||
default:
|
||||
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
if (error)
|
||||
@ -1234,8 +1242,7 @@ kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode,
|
||||
whiteout = 1;
|
||||
break;
|
||||
default:
|
||||
error = EINVAL;
|
||||
break;
|
||||
panic("kern_mknod: invalid mode");
|
||||
}
|
||||
}
|
||||
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
|
||||
@ -1390,9 +1397,6 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
|
||||
struct vattr va;
|
||||
int error;
|
||||
|
||||
if (suser_cred(cred, SUSER_ALLOWJAIL) == 0)
|
||||
return (0);
|
||||
|
||||
if (!hardlink_check_uid && !hardlink_check_gid)
|
||||
return (0);
|
||||
|
||||
@ -1400,14 +1404,18 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
|
||||
if (error != 0)
|
||||
return (error);
|
||||
|
||||
if (hardlink_check_uid) {
|
||||
if (cred->cr_uid != va.va_uid)
|
||||
return (EPERM);
|
||||
if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_LINK,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
|
||||
if (hardlink_check_gid) {
|
||||
if (!groupmember(va.va_gid, cred))
|
||||
return (EPERM);
|
||||
if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
|
||||
error = priv_check_cred(cred, PRIV_VFS_LINK,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
|
||||
return (0);
|
||||
@ -2361,7 +2369,8 @@ setfflags(td, vp, flags)
|
||||
* chown can't fail when done as root.
|
||||
*/
|
||||
if (vp->v_type == VCHR || vp->v_type == VBLK) {
|
||||
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
||||
error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
@ -3894,7 +3903,8 @@ revoke(td, uap)
|
||||
if (error)
|
||||
goto out;
|
||||
if (td->td_ucred->cr_uid != vattr.va_uid) {
|
||||
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
||||
error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
|
||||
SUSER_ALLOWJAIL);
|
||||
if (error)
|
||||
goto out;
|
||||
}
|
||||
@ -3960,7 +3970,7 @@ lgetfh(td, uap)
|
||||
int vfslocked;
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_GETFH);
|
||||
if (error)
|
||||
return (error);
|
||||
NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
||||
@ -3999,7 +4009,7 @@ getfh(td, uap)
|
||||
int vfslocked;
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_GETFH);
|
||||
if (error)
|
||||
return (error);
|
||||
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
||||
@ -4022,10 +4032,10 @@ getfh(td, uap)
|
||||
}
|
||||
|
||||
/*
|
||||
* syscall for the rpc.lockd to use to translate a NFS file handle into
|
||||
* an open descriptor.
|
||||
* syscall for the rpc.lockd to use to translate a NFS file handle into an
|
||||
* open descriptor.
|
||||
*
|
||||
* warning: do not remove the suser() call or this becomes one giant
|
||||
* warning: do not remove the priv_check() call or this becomes one giant
|
||||
* security hole.
|
||||
*
|
||||
* MP SAFE
|
||||
@ -4058,7 +4068,7 @@ fhopen(td, uap)
|
||||
int vfslocked;
|
||||
int indx;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_FHOPEN);
|
||||
if (error)
|
||||
return (error);
|
||||
fmode = FFLAGS(uap->flags);
|
||||
@ -4242,7 +4252,7 @@ fhstat(td, uap)
|
||||
int vfslocked;
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_FHSTAT);
|
||||
if (error)
|
||||
return (error);
|
||||
error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
|
||||
@ -4307,7 +4317,7 @@ kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
|
||||
int vfslocked;
|
||||
int error;
|
||||
|
||||
error = suser(td);
|
||||
error = priv_check(td, PRIV_VFS_FHSTATFS);
|
||||
if (error)
|
||||
return (error);
|
||||
if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
|
||||
|
@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/file.h>
|
||||
#include <sys/kdb.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/limits.h>
|
||||
#include <sys/lock.h>
|
||||
@ -709,7 +710,7 @@ vn_stat(vp, sb, active_cred, file_cred, td)
|
||||
sb->st_blksize = PAGE_SIZE;
|
||||
|
||||
sb->st_flags = vap->va_flags;
|
||||
if (suser(td))
|
||||
if (priv_check(td, PRIV_VFS_GENERATION))
|
||||
sb->st_gen = 0;
|
||||
else
|
||||
sb->st_gen = vap->va_gen;
|
||||
|
@ -48,6 +48,7 @@
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/signalvar.h>
|
||||
#include <sys/filio.h>
|
||||
@ -1724,7 +1725,7 @@ bpf_stats_sysctl(SYSCTL_HANDLER_ARGS)
|
||||
* if the users who opened the devices were able to retrieve
|
||||
* the statistics for them, too.
|
||||
*/
|
||||
error = suser(req->td);
|
||||
error = priv_check(req->td, PRIV_NET_BPF);
|
||||
if (error)
|
||||
return (error);
|
||||
if (req->oldptr == NULL)
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user