diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2002-10-09 03:51:50 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2002-10-09 03:51:50 +0000 |
| commit | 4cfdfd9c10ffaed2194d3f0b1aa40e39045225f7 (patch) | |
| tree | ae8cfdd24000afd47423d7672c0a4a40e93426a1 | |
| parent | e44758286b4678265f4b2e0d1b284fbd4928be29 (diff) | |
new message to track uid/gid changes
from provos
| -rw-r--r-- | sys/dev/systrace.c | 32 | ||||
| -rw-r--r-- | sys/dev/systrace.h | 7 |
2 files changed, 39 insertions, 0 deletions
diff --git a/sys/dev/systrace.c b/sys/dev/systrace.c index 666355785cc..a2a51f42c17 100644 --- a/sys/dev/systrace.c +++ b/sys/dev/systrace.c @@ -134,6 +134,7 @@ int systrace_msg_ask(struct fsystrace *, struct str_process *, int systrace_msg_result(struct fsystrace *, struct str_process *, int, int, size_t, register_t [], register_t []); int systrace_msg_emul(struct fsystrace *, struct str_process *); +int systrace_msg_ugid(struct fsystrace *, struct str_process *); int systrace_make_msg(struct str_process *, int); static struct fileops systracefops = { @@ -730,6 +731,8 @@ systrace_redirect(int code, struct proc *p, void *v, register_t *retval) if (!error) { struct emul *oldemul = p->p_emul; + uid_t olduid = p->p_cred->p_ruid; + gid_t oldgid = p->p_cred->p_rgid; error = (*callp->sy_call)(p, v, retval); @@ -766,6 +769,23 @@ systrace_redirect(int code, struct proc *p, void *v, register_t *retval) } else systrace_unlock(); + /* Report if effective uid or gid changed */ + if (olduid != p->p_cred->p_ruid || + oldgid != p->p_cred->p_rgid) { + systrace_lock(); + if ((strp = p->p_systrace) == NULL) { + systrace_unlock(); + goto nougid; + } + + fst = strp->parent; + lockmgr(&fst->lock, LK_EXCLUSIVE, NULL, p); + systrace_unlock(); + + systrace_msg_ugid(fst, strp); + nougid: + } + /* Report result from system call */ systrace_lock(); if (report && (strp = p->p_systrace) != NULL) { @@ -1322,6 +1342,18 @@ systrace_msg_emul(struct fsystrace *fst, struct str_process *strp) } int +systrace_msg_ugid(struct fsystrace *fst, struct str_process *strp) +{ + struct str_msg_ugid *msg_ugid = &strp->msg.msg_data.msg_ugid; + struct proc *p = strp->proc; + + msg_ugid->uid = p->p_cred->p_ruid; + msg_ugid->gid = p->p_cred->p_rgid; + + return (systrace_make_msg(strp, SYSTR_MSG_UGID)); +} + +int systrace_make_msg(struct str_process *strp, int type) { struct str_message *msg = &strp->msg; diff --git a/sys/dev/systrace.h b/sys/dev/systrace.h index bd5fe3086ec..6f5a13cda6e 100644 --- a/sys/dev/systrace.h +++ b/sys/dev/systrace.h @@ -41,6 +41,11 @@ struct str_msg_emul { char emul[SYSTR_EMULEN]; }; +struct str_msg_ugid { + uid_t uid; + gid_t gid; +}; + #define SYSTR_MAX_POLICIES 64 #define SYSTR_MAXARGS 64 @@ -62,6 +67,7 @@ struct str_msg_child { #define SYSTR_MSG_RES 2 #define SYSTR_MSG_EMUL 3 #define SYSTR_MSG_CHILD 4 +#define SYSTR_MSG_UGID 5 #define SYSTR_MSG_NOPROCESS(x) \ ((x)->msg.msg_type == SYSTR_MSG_CHILD) @@ -73,6 +79,7 @@ struct str_message { short msg_policy; union { struct str_msg_emul msg_emul; + struct str_msg_ugid msg_ugid; struct str_msg_ask msg_ask; struct str_msg_child msg_child; } msg_data; |