diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-07 03:47:44 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-07 03:47:44 +0000 |
| commit | 6a022364a836d2d8faa0dc6d271cf5e0d35fac1b (patch) | |
| tree | be6c301326c3c19ab5051dc5d6b1e5e1d6ae684d /sys/kern/kern_tame.c | |
| parent | 5bc2278c41735474e004741c164a0fb5617c6c96 (diff) | |
Add the tame "exec" request. This allows processes which request
"exec" to call execve(2), potentially fork(2) beforehands if they
asked for "proc". Calling execve is what "shells" (ksh, tmux, etc)
have as their primary purpose. But meantime, if such a shell has a
nasty bug, we want to mitigate the process from opening a socket or
calling 100+ other system calls. Unfortunately silver bullets are in
short supply, so if our goal is to stay in a POSIX-y environment, we
have to let shells call execve(). POSIX ate the world, so choices do
we all have?
Warning for many: silver bullets are even more rare in other OS
ecosystems, so please accept this as a narrow lowering of the bar in a
very raised environment.
Commited from a machine running tame "proc exec" ksh, make, etc.
Diffstat (limited to 'sys/kern/kern_tame.c')
| -rw-r--r-- | sys/kern/kern_tame.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/sys/kern/kern_tame.c b/sys/kern/kern_tame.c index 40a2aa2b7dc..eda216a81e7 100644 --- a/sys/kern/kern_tame.c +++ b/sys/kern/kern_tame.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_tame.c,v 1.65 2015/10/06 18:35:09 deraadt Exp $ */ +/* $OpenBSD: kern_tame.c,v 1.66 2015/10/07 03:47:43 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -141,6 +141,8 @@ const u_int tame_syscalls[SYS_MAXSYSCALL] = { [SYS_sigsuspend] = TAME_PROC, [SYS_setrlimit] = TAME_PROC, + [SYS_execve] = TAME_EXEC, + [SYS_setgroups] = TAME_PROC, [SYS_setresgid] = TAME_PROC, [SYS_setresuid] = TAME_PROC, @@ -238,6 +240,7 @@ static const struct { { "ioctl", TAME_IOCTL }, { "tty", TAME_TTY }, { "proc", TAME_PROC }, + { "exec", TAME_EXEC }, { "cpath", TAME_CPATH }, { "abort", TAME_ABORT }, { "fattr", TAME_FATTR }, @@ -1115,6 +1118,20 @@ tame_dns_check(struct proc *p, in_port_t port) return (EPERM); } +void +tame_dropwpaths(struct process *pr) +{ + if (pr->ps_tamepaths && --pr->ps_tamepaths->wl_ref == 0) { + struct whitepaths *wl = pr->ps_tamepaths; + int i; + + for (i = 0; i < wl->wl_count; i++) + free(wl->wl_paths[i].name, M_TEMP, wl->wl_paths[i].len); + free(wl, M_TEMP, wl->wl_size); + } + pr->ps_tamepaths = NULL; +} + int canonpath(const char *input, char *buf, size_t bufsize) { |