diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-08-22 20:18:51 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-08-22 20:18:51 +0000 |
| commit | 2ac731a695734affb7b043d00704546556752caf (patch) | |
| tree | 40fb580f9f213bfdbc37b90b8a2165b679e27620 /sys/kern/kern_ktrace.c | |
| parent | 727aafc0b540434e1fd357c1d8f5f8c69edb767d (diff) | |
Move to tame(int flags, char *paths[]) API/ABI.
The pathlist is a whitelist of dirs and files; anything else returns ENOENT.
Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which
permits explicit change operations against "struct stat" fields. Some
other TAME_ flags are refined slightly.
Not cranking libc now, since nothing commited in base uses this and the
timing is uncomfortable for others. Discussed with many; thanks for a
few bug fixes from semarie, doug, guenther.
ok guenther
Diffstat (limited to 'sys/kern/kern_ktrace.c')
| -rw-r--r-- | sys/kern/kern_ktrace.c | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index aedc96f77fc..b4e930149b2 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_ktrace.c,v 1.75 2015/08/01 20:12:34 guenther Exp $ */ +/* $OpenBSD: kern_ktrace.c,v 1.76 2015/08/22 20:18:49 deraadt Exp $ */ /* $NetBSD: kern_ktrace.c,v 1.23 1996/02/09 18:59:36 christos Exp $ */ /* @@ -384,7 +384,7 @@ ktruser(struct proc *p, const char *id, const void *addr, size_t len) */ /* ARGSUSED */ int -sys_ktrace(struct proc *curp, void *v, register_t *retval) +sys_ktrace(struct proc *p, void *v, register_t *retval) { struct sys_ktrace_args /* { syscallarg(const char *) fname; @@ -407,14 +407,15 @@ sys_ktrace(struct proc *curp, void *v, register_t *retval) /* * an operation which requires a file argument. */ - cred = curp->p_ucred; + cred = p->p_ucred; + p->p_tamenote = TMN_CPATH; NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, fname), - curp); + p); if ((error = vn_open(&nd, FREAD|FWRITE|O_NOFOLLOW, 0)) != 0) goto done; vp = nd.ni_vp; - VOP_UNLOCK(vp, 0, curp); + VOP_UNLOCK(vp, 0, p); if (vp->v_type != VREG) { error = EACCES; goto done; @@ -426,7 +427,7 @@ sys_ktrace(struct proc *curp, void *v, register_t *retval) if (ops == KTROP_CLEARFILE) { LIST_FOREACH(pr, &allprocess, ps_list) { if (pr->ps_tracevp == vp) { - if (ktrcanset(curp, pr)) + if (ktrcanset(p, pr)) ktrcleartrace(pr); else error = EPERM; @@ -442,9 +443,9 @@ sys_ktrace(struct proc *curp, void *v, register_t *retval) goto done; } if (ops == KTROP_SET) { - if (suser(curp, 0) == 0) + if (suser(p, 0) == 0) facs |= KTRFAC_ROOT; - ktrstart(curp, vp, cred); + ktrstart(p, vp, cred); } /* * do it @@ -460,10 +461,10 @@ sys_ktrace(struct proc *curp, void *v, register_t *retval) } LIST_FOREACH(pr, &pg->pg_members, ps_pglist) { if (descend) - ret |= ktrsetchildren(curp, pr, ops, facs, vp, + ret |= ktrsetchildren(p, pr, ops, facs, vp, cred); else - ret |= ktrops(curp, pr, ops, facs, vp, cred); + ret |= ktrops(p, pr, ops, facs, vp, cred); } } else { /* @@ -475,15 +476,15 @@ sys_ktrace(struct proc *curp, void *v, register_t *retval) goto done; } if (descend) - ret |= ktrsetchildren(curp, pr, ops, facs, vp, cred); + ret |= ktrsetchildren(p, pr, ops, facs, vp, cred); else - ret |= ktrops(curp, pr, ops, facs, vp, cred); + ret |= ktrops(p, pr, ops, facs, vp, cred); } if (!ret) error = EPERM; done: if (vp != NULL) - (void) vn_close(vp, FREAD|FWRITE, cred, curp); + (void) vn_close(vp, FREAD|FWRITE, cred, p); return (error); } |