src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	2015-12-06 17:50:22 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	2015-12-06 17:50:22 +0000
commit	bdfac6fb6d9c228b1e2bd1606d42f9f9879064ac (patch)
tree	d96ed497cb33d9561511009ee5e3f6d0b6bccab4 /sys
parent	e233eb94bf25a3f79f0da8fcff65fa4cb88b3df7 (diff)

Change kernel internal pledge variables to 64bit (to prepare for more

extensions). This change is exposed in ktrace.out files ok semarie

Diffstat (limited to 'sys')

-rw-r--r--

sys/kern/kern_ktrace.c

-rw-r--r--

sys/kern/kern_pledge.c

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

6 files changed, 56 insertions, 52 deletions

diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 14ed01c4bf6..aefc39319d3 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: kern_ktrace.c,v 1.85 2015/12/05 10:11:53 tedu Exp $ */

+/* $OpenBSD: kern_ktrace.c,v 1.86 2015/12/06 17:50:21 deraadt Exp $ */

/* $NetBSD: kern_ktrace.c,v 1.23 1996/02/09 18:59:36 christos Exp $ */

@@ -400,7 +400,7 @@ ktrexec(struct proc *p, int type, const char *data, ssize_t len)

}

void

-ktrpledge(struct proc *p, int error, int code, int syscall)

+ktrpledge(struct proc *p, int error, uint64_t code, int syscall)

{

struct ktr_header kth;

struct ktr_pledge kp;

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 75591b8583c..396d2cb64f6 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: kern_pledge.c,v 1.135 2015/12/05 19:21:49 deraadt Exp $ */

+/* $OpenBSD: kern_pledge.c,v 1.136 2015/12/06 17:50:21 deraadt Exp $ */

@@ -72,7 +72,7 @@ int substrcmp(const char *p1, size_t s1, const char *p2, size_t s2);

* Ordered in blocks starting with least risky and most required.

-const u_int pledge_syscalls[SYS_MAXSYSCALL] = {

+const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = {

* Minimum required

@@ -368,7 +368,7 @@ sys_pledge(struct proc *p, void *v, register_t *retval)

syscallarg(const char *)request;

syscallarg(const char **)paths;

} */ *uap = v;

- int flags = 0;

+ uint64_t flags = 0;

int error;

if (SCARG(uap, request)) {

@@ -563,7 +563,7 @@ pledge_syscall(struct proc *p, int code, int *tval)

}

int

-pledge_fail(struct proc *p, int error, int code)

+pledge_fail(struct proc *p, int error, uint64_t code)

{

char *codes = "";

int i;

diff --git a/sys/sys/ktrace.h b/sys/sys/ktrace.h
index f76ae3f487d..d492dde608f 100644
--- a/sys/sys/ktrace.h
+++ b/sys/sys/ktrace.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ktrace.h,v 1.26 2015/10/25 20:39:54 deraadt Exp $ */

+/* $OpenBSD: ktrace.h,v 1.27 2015/12/06 17:50:21 deraadt Exp $ */

/* $NetBSD: ktrace.h,v 1.12 1996/02/04 02:12:29 christos Exp $ */

@@ -171,8 +171,8 @@ struct ktr_user {

#define KTR_PLEDGE 12

struct ktr_pledge {

int error;

- int code;

int syscall;

+ int64_t code;

};

@@ -217,7 +217,7 @@ void ktrsysret(struct proc *, register_t, int, const register_t [2]);

void ktr_kuser(const char *, void *, size_t);

int ktruser(struct proc *, const char *, const void *, size_t);

void ktrexec(struct proc *, int, const char *, ssize_t);

-void ktrpledge(struct proc *, int, int, int);

+void ktrpledge(struct proc *, int, uint64_t, int);

void ktrcleartrace(struct process *);

void ktrsettrace(struct process *, int, struct vnode *, struct ucred *);

diff --git a/sys/sys/namei.h b/sys/sys/namei.h
index 1f93130f087..9b4c42e3654 100644
--- a/sys/sys/namei.h
+++ b/sys/sys/namei.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: namei.h,v 1.29 2015/11/02 16:31:55 semarie Exp $ */

+/* $OpenBSD: namei.h,v 1.30 2015/12/06 17:50:21 deraadt Exp $ */

/* $NetBSD: namei.h,v 1.11 1996/02/09 18:25:20 christos Exp $ */

@@ -62,7 +62,7 @@ struct nameidata {

/* struct ucred *ni_cred; credentials */

struct vnode *ni_startdir; /* starting directory */

struct vnode *ni_rootdir; /* logical root directory */

- int ni_pledge; /* expected pledge for namei */

+ uint64_t ni_pledge; /* expected pledge for namei */

* Results: returned from/manipulated by lookup

diff --git a/sys/sys/pledge.h b/sys/sys/pledge.h
index 7a35841019e..f01dd90a65b 100644
--- a/sys/sys/pledge.h
+++ b/sys/sys/pledge.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pledge.h,v 1.23 2015/12/04 07:33:05 deraadt Exp $ */

+/* $OpenBSD: pledge.h,v 1.24 2015/12/06 17:50:21 deraadt Exp $ */

@@ -22,47 +22,51 @@

#include <sys/cdefs.h>

-#define PLEDGE_ALWAYS 0xffffffff

-#define PLEDGE_RPATH 0x00000001 /* allow open for read */

-#define PLEDGE_WPATH 0x00000002 /* allow open for write */

-#define PLEDGE_CPATH 0x00000004 /* allow creat, mkdir, path creations */

-#define PLEDGE_STDIO 0x00000008 /* operate on own pid */

-#define PLEDGE_TMPPATH 0x00000010 /* for mk*temp() */

-#define PLEDGE_DNS 0x00000020 /* DNS services */

-#define PLEDGE_INET 0x00000040 /* AF_INET/AF_INET6 sockets */

-#define PLEDGE_FLOCK 0x00000080 /* file locking */

-#define PLEDGE_UNIX 0x00000100 /* AF_UNIX sockets */

-#define PLEDGE_ID 0x00000200 /* allow setuid, setgid, etc */

-#define PLEDGE_IOCTL 0x00000400 /* Select ioctl */

-#define PLEDGE_GETPW 0x00000800 /* YP enables if ypbind.lock */

-#define PLEDGE_PROC 0x00001000 /* fork, waitpid, etc */

-#define PLEDGE_SETTIME 0x00002000 /* able to set/adj time/freq */

-#define PLEDGE_FATTR 0x00004000 /* allow explicit file st_* mods */

-#define PLEDGE_PROTEXEC 0x00008000 /* allow use of PROT_EXEC */

-#define PLEDGE_TTY 0x00010000 /* tty setting */

-#define PLEDGE_SENDFD 0x00020000 /* AF_UNIX CMSG fd sending */

-#define PLEDGE_RECVFD 0x00040000 /* AF_UNIX CMSG fd receiving */

-#define PLEDGE_EXEC 0x00080000 /* execve, child is free of pledge */

-#define PLEDGE_ROUTE 0x00100000 /* routing lookups */

-#define PLEDGE_MCAST 0x00200000 /* multicast joins */

-#define PLEDGE_VMINFO 0x00400000 /* vminfo listings */

-#define PLEDGE_PS 0x00800000 /* ps listings */

-#define PLEDGE_COREDUMP 0x01000000 /* generates coredump (default) */

-#define PLEDGE_DISKLABEL 0x02000000 /* disklabels */

-#define PLEDGE_PF 0x04000000 /* pf ioctls */

-#define PLEDGE_AUDIO 0x08000000 /* audio ioctls */

-#define PLEDGE_DPATH 0x10000000 /* mknod & mkfifo */

-/* Following flags are set by kernel, as it learns things.

- * Not user settable. Should be moved to a seperate variable */

+/*

+ * pledge(2) requests

+ */

+#define PLEDGE_ALWAYS 0xffffffffffffffffULL

+#define PLEDGE_RPATH 0x0000000000000001ULL /* allow open for read */

+#define PLEDGE_WPATH 0x0000000000000002ULL /* allow open for write */

+#define PLEDGE_CPATH 0x0000000000000004ULL /* allow creat, mkdir, unlink etc */

+#define PLEDGE_STDIO 0x0000000000000008ULL /* operate on own pid */

+#define PLEDGE_TMPPATH 0x0000000000000010ULL /* for mk*temp() */

+#define PLEDGE_DNS 0x0000000000000020ULL /* DNS services */

+#define PLEDGE_INET 0x0000000000000040ULL /* AF_INET/AF_INET6 sockets */

+#define PLEDGE_FLOCK 0x0000000000000080ULL /* file locking */

+#define PLEDGE_UNIX 0x0000000000000100ULL /* AF_UNIX sockets */

+#define PLEDGE_ID 0x0000000000000200ULL /* allow setuid, setgid, etc */

+#define PLEDGE_IOCTL 0x0000000000000400ULL /* Select ioctl */

+#define PLEDGE_GETPW 0x0000000000000800ULL /* YP enables if ypbind.lock */

+#define PLEDGE_PROC 0x0000000000001000ULL /* fork, waitpid, etc */

+#define PLEDGE_SETTIME 0x0000000000002000ULL /* able to set/adj time/freq */

+#define PLEDGE_FATTR 0x0000000000004000ULL /* allow explicit file st_* mods */

+#define PLEDGE_PROTEXEC 0x0000000000008000ULL /* allow use of PROT_EXEC */

+#define PLEDGE_TTY 0x0000000000010000ULL /* tty setting */

+#define PLEDGE_SENDFD 0x0000000000020000ULL /* AF_UNIX CMSG fd sending */

+#define PLEDGE_RECVFD 0x0000000000040000ULL /* AF_UNIX CMSG fd receiving */

+#define PLEDGE_EXEC 0x0000000000080000ULL /* execve, child is free of pledge */

+#define PLEDGE_ROUTE 0x0000000000100000ULL /* routing lookups */

+#define PLEDGE_MCAST 0x0000000000200000ULL /* multicast joins */

+#define PLEDGE_VMINFO 0x0000000000400000ULL /* vminfo listings */

+#define PLEDGE_PS 0x0000000000800000ULL /* ps listings */

+#define PLEDGE_COREDUMP 0x0000000001000000ULL /* generates coredump (default) */

+#define PLEDGE_DISKLABEL 0x0000000002000000ULL /* disklabels */

+#define PLEDGE_PF 0x0000000004000000ULL /* pf ioctls */

+#define PLEDGE_AUDIO 0x0000000008000000ULL /* audio ioctls */

+#define PLEDGE_DPATH 0x0000000010000000ULL /* mknod & mkfifo */

-#define PLEDGE_STATLIE 0x40000000

-#define PLEDGE_YPACTIVE 0x80000000 /* YP use detected and allowed */

-#define PLEDGE_USERSET 0x3fffffff

+/*

+ * Bits outside PLEDGE_USERSET are used by the kernel itself

+ * to track program behaviours which have been observed.

+ */

+#define PLEDGE_USERSET 0x0fffffffffffffffULL

+#define PLEDGE_STATLIE 0x4000000000000000ULL

+#define PLEDGE_YPACTIVE 0x8000000000000000ULL /* YP use detected and allowed */

#ifdef PLEDGENAMES

static struct {

- u_int32_t bits;

+ uint64_t bits;

char *name;

} pledgenames[] = {

{ PLEDGE_RPATH, "rpath" },

@@ -101,7 +105,7 @@ static struct {

#ifdef _KERNEL

int pledge_syscall(struct proc *, int, int *);

-int pledge_fail(struct proc *, int, int);

+int pledge_fail(struct proc *, int, uint64_t);

struct mbuf;

struct nameidata;

diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index a6c31faf824..90fdc94b827 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: proc.h,v 1.212 2015/11/03 16:14:14 deraadt Exp $ */

+/* $OpenBSD: proc.h,v 1.213 2015/12/06 17:50:21 deraadt Exp $ */

/* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */

/*-

@@ -212,7 +212,7 @@ struct process {

u_short ps_acflag; /* Accounting flags. */

- u_int ps_pledge;

+ uint64_t ps_pledge;

struct whitepaths *ps_pledgepaths;

int64_t ps_kbind_cookie;