diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 2002-07-12 12:26:30 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 2002-07-12 12:26:30 +0000 |
| commit | b7300f4735468d52f521338865215c75f9f319f2 (patch) | |
| tree | 1074383738e9cec5612d3740e807edb5a5fda4bb | |
| parent | 64e656e7d9cd68a82ca9d23edfd658ddef483316 (diff) | |
some clean up. install argument replacements only if we are going to
permit the system call. translate some set[e]{g,u}id calls
| -rw-r--r-- | bin/systrace/intercept.c | 3 | ||||
| -rw-r--r-- | bin/systrace/intercept.h | 4 | ||||
| -rw-r--r-- | bin/systrace/register.c | 11 | ||||
| -rw-r--r-- | bin/systrace/systrace.c | 12 |
4 files changed, 19 insertions, 11 deletions
diff --git a/bin/systrace/intercept.c b/bin/systrace/intercept.c index 0ddb9590e0c..44c2accf41e 100644 --- a/bin/systrace/intercept.c +++ b/bin/systrace/intercept.c @@ -1,4 +1,4 @@ -/* $OpenBSD: intercept.c,v 1.14 2002/07/10 13:46:13 provos Exp $ */ +/* $OpenBSD: intercept.c,v 1.15 2002/07/12 12:26:29 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -32,6 +32,7 @@ #include <sys/types.h> #include <sys/param.h> #include <sys/tree.h> +#include <sys/wait.h> #include <signal.h> #include <stdlib.h> #include <string.h> diff --git a/bin/systrace/intercept.h b/bin/systrace/intercept.h index 029ac2b026f..137ba307c9d 100644 --- a/bin/systrace/intercept.h +++ b/bin/systrace/intercept.h @@ -1,4 +1,4 @@ -/* $OpenBSD: intercept.h,v 1.5 2002/07/09 20:46:18 provos Exp $ */ +/* $OpenBSD: intercept.h,v 1.6 2002/07/12 12:26:29 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -64,7 +64,7 @@ struct intercept_system { #define ICPOLICY_ASK 0 #define ICPOLICY_PERMIT -1 #define ICPOLICY_KILL -2 -#define ICPOLICY_NEVER 1 +#define ICPOLICY_NEVER 1 /* overloaded with errno values > 1 */ #define ICFLAGS_RESULT 1 diff --git a/bin/systrace/register.c b/bin/systrace/register.c index 6071bc5cdc6..bc07ffc41f6 100644 --- a/bin/systrace/register.c +++ b/bin/systrace/register.c @@ -1,4 +1,4 @@ -/* $OpenBSD: register.c,v 1.1 2002/07/11 12:57:41 provos Exp $ */ +/* $OpenBSD: register.c,v 1.2 2002/07/12 12:26:29 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -132,6 +132,15 @@ systrace_initcb(void) intercept_register_transstring("native", "symlink", 0); intercept_register_translink("native", "symlink", 1); + X(intercept_register_sccb("native", "setuid", trans_cb, NULL)); + intercept_register_translation("native", "setuid", 0, &uidt); + X(intercept_register_sccb("native", "seteuid", trans_cb, NULL)); + intercept_register_translation("native", "seteuid", 0, &uidt); + X(intercept_register_sccb("native", "setgid", trans_cb, NULL)); + intercept_register_translation("native", "setgid", 0, &gidt); + X(intercept_register_sccb("native", "setegid", trans_cb, NULL)); + intercept_register_translation("native", "setegid", 0, &gidt); + X(intercept_register_sccb("linux", "open", trans_cb, NULL)); tl = intercept_register_translink("linux", "open", 0); intercept_register_translation("linux", "open", 1, &linux_oflags); diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c index 779db20916e..cd0b4830a40 100644 --- a/bin/systrace/systrace.c +++ b/bin/systrace/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.25 2002/07/11 12:57:41 provos Exp $ */ +/* $OpenBSD: systrace.c,v 1.26 2002/07/12 12:26:29 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -70,9 +70,7 @@ make_output(char *output, size_t outlen, char *binname, pid_t pid, { struct intercept_translate *tl; char *p, *line; - int size, dorepl; - - dorepl = tl != NULL && repl != NULL; + int size; snprintf(output, outlen, "%s, pid: %d(%d), policy: %s, filters: %d, syscall: %s-%s(%d)", @@ -82,7 +80,7 @@ make_output(char *output, size_t outlen, char *binname, pid_t pid, p = output + strlen(output); size = outlen - strlen(output); - if (dorepl) + if (repl != NULL) intercept_replace_init(repl); TAILQ_FOREACH(tl, tls, next) { if (!tl->trans_valid) @@ -95,7 +93,7 @@ make_output(char *output, size_t outlen, char *binname, pid_t pid, p = output + strlen(output); size = sizeof(output) - strlen(output); - if (dorepl && tl->trans_size) + if (repl != NULL && tl->trans_size) intercept_replace_add(repl, tl->off, tl->trans_data, tl->trans_size); } @@ -193,7 +191,7 @@ trans_cb(int fd, pid_t pid, int policynr, action = ICPOLICY_NEVER; } replace: - if (action != ICPOLICY_NEVER) { + if (action < ICPOLICY_NEVER) { /* If we can not rewrite the arguments, system call fails */ if (intercept_replace(fd, pid, &repl) == -1) action = ICPOLICY_NEVER; |