d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Pass IO_NOMACCHECK to vn_rdwr() in the following checks to prevent

Browse Source 
enforcement of MAC policy on the read or write operations:

- In ext2fs, don't enforce MAC on loop-back reads and writes supporting
  directory read operations in lookup(), directory modifications in
  rename(), directory write operations in mkdir(), symlink write
  operations in symlink().

- In the NFS client locking code, perform vn_rdwr() on the NFS locking
  socket without enforcing MAC, since the write is done on behalf of
  the kernel NFS implementation rather than the user process.

- In UFS, don't enforce MAC on loop-back reads and writes supporting
  directory read operations in lookup(), and symlink write operations
  in symlink().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
This commit is contained in:
Robert Watson 2002-08-12 16:43:04 +00:00
parent 6ea9977209
commit c08b677fb5
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=101744
7 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/gnu/ext2fs/ext2_lookup.c
View File

@ -1009,8 +1009,9 @@ ext2_dirempty(ip, parentino, cred)
#define MINDIRSIZ (sizeof (struct dirtemplate) / 2)
for (off = 0; off < ip->i_size; off += dp->rec_len) {
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off,
UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0);
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ,
off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred,
&count, (struct thread *)0);
/*
* Since we read MINDIRSIZ, residual must
* be 0 unless we're at end of file.
@ -1074,7 +1075,8 @@ ext2_checkpath(source, target, cred)
}
error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf,
sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE,
IO_NODELOCKED, cred, (int *)0, (struct thread *)0);
IO_NODELOCKED | IO_NOMACCHECK, cred, (int *)0,
(struct thread *)0);
if (error != 0)
break;
namlen = dirbuf.dotdot_type; /* like ufs little-endian */

15
sys/gnu/ext2fs/ext2_vnops.c
View File

@ -1223,7 +1223,7 @@ ext2_rename(ap)
dp->i_flag |= IN_CHANGE;
error = vn_rdwr(UIO_READ, fvp, (caddr_t)&dirbuf,
sizeof (struct dirtemplate), (off_t)0,
UIO_SYSSPACE, IO_NODELOCKED,
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
tcnp->cn_cred, (int *)0, (struct thread *)0);
if (error == 0) {
/* Like ufs little-endian: */
@ -1239,9 +1239,9 @@ ext2_rename(ap)
(caddr_t)&dirbuf,
sizeof (struct dirtemplate),
(off_t)0, UIO_SYSSPACE,
IO_NODELOCKED|IO_SYNC,
tcnp->cn_cred, (int *)0,
(struct thread *)0);
IO_NODELOCKED | IO_SYNC |
IO_NOMACCHECK, tcnp->cn_cred,
(int *)0, (struct thread *)0);
cache_purge(fdvp);
}
}
@ -1376,7 +1376,8 @@ ext2_mkdir(ap)
dirtemplate.dotdot_reclen = DIRBLKSIZ - 12;
error = vn_rdwr(UIO_WRITE, tvp, (caddr_t)&dirtemplate,
sizeof (dirtemplate), (off_t)0, UIO_SYSSPACE,
IO_NODELOCKED|IO_SYNC, cnp->cn_cred, (int *)0, (struct thread *)0);
IO_NODELOCKED | IO_SYNC | IO_NOMACCHECK, cnp->cn_cred, (int *)0,
(struct thread *)0);
if (error) {
dp->i_nlink--;
dp->i_flag |= IN_CHANGE;
@ -1512,8 +1513,8 @@ ext2_symlink(ap)
ip->i_flag |= IN_CHANGE | IN_UPDATE;
} else
error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0,
(struct thread *)0);
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
ap->a_cnp->cn_cred, (int *)0, (struct thread *)0);
if (error)
vput(vp);
return (error);

8
sys/gnu/fs/ext2fs/ext2_lookup.c
View File

@ -1009,8 +1009,9 @@ ext2_dirempty(ip, parentino, cred)
#define MINDIRSIZ (sizeof (struct dirtemplate) / 2)
for (off = 0; off < ip->i_size; off += dp->rec_len) {
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off,
UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0);
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ,
off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred,
&count, (struct thread *)0);
/*
* Since we read MINDIRSIZ, residual must
* be 0 unless we're at end of file.
@ -1074,7 +1075,8 @@ ext2_checkpath(source, target, cred)
}
error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf,
sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE,
IO_NODELOCKED, cred, (int *)0, (struct thread *)0);
IO_NODELOCKED | IO_NOMACCHECK, cred, (int *)0,
(struct thread *)0);
if (error != 0)
break;
namlen = dirbuf.dotdot_type; /* like ufs little-endian */

15
sys/gnu/fs/ext2fs/ext2_vnops.c
View File

@ -1223,7 +1223,7 @@ ext2_rename(ap)
dp->i_flag |= IN_CHANGE;
error = vn_rdwr(UIO_READ, fvp, (caddr_t)&dirbuf,
sizeof (struct dirtemplate), (off_t)0,
UIO_SYSSPACE, IO_NODELOCKED,
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
tcnp->cn_cred, (int *)0, (struct thread *)0);
if (error == 0) {
/* Like ufs little-endian: */
@ -1239,9 +1239,9 @@ ext2_rename(ap)
(caddr_t)&dirbuf,
sizeof (struct dirtemplate),
(off_t)0, UIO_SYSSPACE,
IO_NODELOCKED|IO_SYNC,
tcnp->cn_cred, (int *)0,
(struct thread *)0);
IO_NODELOCKED | IO_SYNC |
IO_NOMACCHECK, tcnp->cn_cred,
(int *)0, (struct thread *)0);
cache_purge(fdvp);
}
}
@ -1376,7 +1376,8 @@ ext2_mkdir(ap)
dirtemplate.dotdot_reclen = DIRBLKSIZ - 12;
error = vn_rdwr(UIO_WRITE, tvp, (caddr_t)&dirtemplate,
sizeof (dirtemplate), (off_t)0, UIO_SYSSPACE,
IO_NODELOCKED|IO_SYNC, cnp->cn_cred, (int *)0, (struct thread *)0);
IO_NODELOCKED | IO_SYNC | IO_NOMACCHECK, cnp->cn_cred, (int *)0,
(struct thread *)0);
if (error) {
dp->i_nlink--;
dp->i_flag |= IN_CHANGE;
@ -1512,8 +1513,8 @@ ext2_symlink(ap)
ip->i_flag |= IN_CHANGE | IN_UPDATE;
} else
error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0,
(struct thread *)0);
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
ap->a_cnp->cn_cred, (int *)0, (struct thread *)0);
if (error)
vput(vp);
return (error);

2
sys/nfsclient/nfs_lock.c
View File

@ -163,7 +163,7 @@ nfs_dolock(struct vop_advlock_args *ap)
VOP_UNLOCK(wvp, 0, td); /* vn_open leaves it locked */
ioflg = IO_UNIT;
ioflg = IO_UNIT | IO_NOMACCHECK;
for (;;) {
VOP_LEASE(wvp, td, thread0.td_ucred, LEASE_WRITE);

8
sys/ufs/ufs/ufs_lookup.c
View File

@ -1151,8 +1151,9 @@ ufs_dirempty(ip, parentino, cred)
#define MINDIRSIZ (sizeof (struct dirtemplate) / 2)
for (off = 0; off < ip->i_size; off += dp->d_reclen) {
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off,
UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0);
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ,
off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred,
&count, (struct thread *)0);
/*
* Since we read MINDIRSIZ, residual must
* be 0 unless we're at end of file.
@ -1224,7 +1225,8 @@ ufs_checkpath(source, target, cred)
}
error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf,
sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE,
IO_NODELOCKED, cred, (int *)0, (struct thread *)0);
IO_NODELOCKED | IO_NOMACCHECK, cred, (int *)0,
(struct thread *)0);
if (error != 0)
break;
# if (BYTE_ORDER == LITTLE_ENDIAN)

4
sys/ufs/ufs/ufs_vnops.c
View File

@ -1821,8 +1821,8 @@ ufs_symlink(ap)
ip->i_flag |= IN_CHANGE | IN_UPDATE;
} else
error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0,
(struct thread *)0);
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
ap->a_cnp->cn_cred, (int *)0, (struct thread *)0);
if (error)
vput(vp);
return (error);