From 663eb314061b5b2443b485cc293cab001ff8bf1e Mon Sep 17 00:00:00 2001 From: Nikolay Sturm Date: Wed, 8 Oct 2003 16:32:45 +0000 Subject: originally from cb@openbsd.org, adapted by provos itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@ --- bin/systrace/intercept.h | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'bin/systrace/intercept.h') diff --git a/bin/systrace/intercept.h b/bin/systrace/intercept.h index 805d4e5083d..a1ccf6919b1 100644 --- a/bin/systrace/intercept.h +++ b/bin/systrace/intercept.h @@ -1,4 +1,4 @@ -/* $OpenBSD: intercept.h,v 1.18 2003/08/04 18:15:11 sturm Exp $ */ +/* $OpenBSD: intercept.h,v 1.19 2003/10/08 16:32:44 sturm Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -56,7 +56,7 @@ struct intercept_system { int (*newpolicy)(int); int (*assignpolicy)(int, pid_t, int); int (*policy)(int, int, int, short); - int (*replace)(int, pid_t, struct intercept_replace *); + int (*replace)(int, pid_t, u_int16_t, struct intercept_replace *); void (*clonepid)(struct intercept_pid *, struct intercept_pid *); void (*freepid)(struct intercept_pid *); }; @@ -75,6 +75,8 @@ struct intercept_system { #define ICFLAGS_RESULT 1 +#define ICTRANS_NOLINKS 1 /* translation should have no symlinks */ + /* Privilege elevation */ struct elevate { #define ELEVATE_UID 0x01 @@ -121,6 +123,7 @@ struct intercept_translate { void *trans_data; size_t trans_size; char *trans_print; + u_int trans_flags; TAILQ_ENTRY(intercept_translate) next; }; @@ -129,6 +132,7 @@ struct intercept_replace { int ind[INTERCEPT_MAXSYSCALLARGS]; u_char *address[INTERCEPT_MAXSYSCALLARGS]; size_t len[INTERCEPT_MAXSYSCALLARGS]; + u_int flags[INTERCEPT_MAXSYSCALLARGS]; }; TAILQ_HEAD(intercept_tlq, intercept_translate); @@ -147,12 +151,12 @@ void intercept_child_info(pid_t, pid_t); void intercept_policy_free(int); int intercept_replace_init(struct intercept_replace *); -int intercept_replace_add(struct intercept_replace *, int, u_char *, size_t); -int intercept_replace(int, pid_t, struct intercept_replace *); +int intercept_replace_add(struct intercept_replace *, int, u_char *, size_t, u_int); +int intercept_replace(int, pid_t, u_int16_t, struct intercept_replace *); int intercept_register_sccb(char *, char *, short (*)(int, pid_t, int, const char *, int, const char *, void *, int, - struct intercept_tlq *, void *), + struct intercept_replace *, struct intercept_tlq *, void *), void *); void *intercept_sccb_cbarg(char *, char *); -- cgit v1.2.3