kern_prot.c - OpenGrok cross reference for /freebsd/sys/kern/kern

Deleted Added

sdiffudifftextold (e07c897e..)new (64d19c2e..)

kern_prot.c (e07c897e61361afcfaadb834b8a1f085711f0aaa)	kern_prot.c (64d19c2ea7076554293329f9f2624d3937857527)
1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. --- 1309 unchanged lines hidden (view full) --- 1318 1319 if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { 1320 if (suser_cred(u1, PRISON_ROOT) != 0) 1321 return (ESRCH); 1322 } 1323 return (0); 1324} 1325	1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. --- 1309 unchanged lines hidden (view full) --- 1318 1319 if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { 1320 if (suser_cred(u1, PRISON_ROOT) != 0) 1321 return (ESRCH); 1322 } 1323 return (0); 1324} 1325
	1326/* 1327 * 'see_other_gids' determines whether or not visibility of processes 1328 * and sockets with credentials holding different real gids is possible 1329 * using a variety of system MIBs. 1330 * XXX: data declarations should be together near the beginning of the file. 1331 / 1332static int see_other_gids = 1; 1333SYSCTL_INT(_security_bsd, OID_AUTO, see_other_gids, CTLFLAG_RW, 1334 &see_other_gids, 0, 1335 "Unprivileged processes may see subjects/objects with different real gid"); 1336 1337/ 1338 * Determine if u1 can "see" the subject specified by u2, according to the 1339 * 'see_other_gids' policy. 1340 * Returns: 0 for permitted, ESRCH otherwise 1341 * Locks: none 1342 * References: u1 and u2 must not change during the call 1343 * u1 may equal u2, in which case only one reference is required 1344 / 1345static int 1346cr_seeothergids(struct ucred u1, struct ucred *u2) 1347{ 1348 int i, match; 1349 1350 if (!see_other_gids) { 1351 match = 0; 1352 for (i = 0; i < u1->cr_ngroups; i++) { 1353 if (groupmember(u1->cr_groups[i], u2)) 1354 match = 1; 1355 if (match) 1356 break; 1357 } 1358 if (!match) { 1359 if (suser_cred(u1, PRISON_ROOT) != 0) 1360 return (ESRCH); 1361 } 1362 } 1363 return (0); 1364} 1365
1326/- 1327 Determine if u1 "can see" the subject specified by u2. 1328 * Returns: 0 for permitted, an errno value otherwise 1329 * Locks: none 1330 * References: u1 and u2 must not change during the call 1331 * u1 may equal u2, in which case only one reference is required 1332 / 1333int --- 4 unchanged lines hidden* (view full) --- 1338 if ((error = prison_check(u1, u2))) 1339 return (error); 1340#ifdef MAC 1341 if ((error = mac_check_cred_visible(u1, u2))) 1342 return (error); 1343#endif 1344 if ((error = cr_seeotheruids(u1, u2))) 1345 return (error);	1366/- 1367 Determine if u1 "can see" the subject specified by u2. 1368 * Returns: 0 for permitted, an errno value otherwise 1369 * Locks: none 1370 * References: u1 and u2 must not change during the call 1371 * u1 may equal u2, in which case only one reference is required 1372 / 1373int --- 4 unchanged lines hidden* (view full) --- 1378 if ((error = prison_check(u1, u2))) 1379 return (error); 1380#ifdef MAC 1381 if ((error = mac_check_cred_visible(u1, u2))) 1382 return (error); 1383#endif 1384 if ((error = cr_seeotheruids(u1, u2))) 1385 return (error);
	1386 if ((error = cr_seeothergids(u1, u2))) 1387 return (error);
1346 return (0); 1347} 1348 1349/- 1350 Determine if td "can see" the subject specified by p. 1351 * Returns: 0 for permitted, an errno value otherwise 1352 * Locks: Sufficient locks to protect p->p_ucred must be held. td really 1353 * should be curthread. --- 41 unchanged lines hidden (view full) --- 1395 */ 1396 error = prison_check(cred, proc->p_ucred); 1397 if (error) 1398 return (error); 1399#ifdef MAC 1400 if ((error = mac_check_proc_signal(cred, proc, signum))) 1401 return (error); 1402#endif	1388 return (0); 1389} 1390 1391/- 1392 Determine if td "can see" the subject specified by p. 1393 * Returns: 0 for permitted, an errno value otherwise 1394 * Locks: Sufficient locks to protect p->p_ucred must be held. td really 1395 * should be curthread. --- 41 unchanged lines hidden (view full) --- 1437 */ 1438 error = prison_check(cred, proc->p_ucred); 1439 if (error) 1440 return (error); 1441#ifdef MAC 1442 if ((error = mac_check_proc_signal(cred, proc, signum))) 1443 return (error); 1444#endif
1403 error = cr_seeotheruids(cred, proc->p_ucred); 1404 if (error)	1445 if ((error = cr_seeotheruids(cred, proc->p_ucred)))
1405 return (error);	1446 return (error);
	1447 if ((error = cr_seeothergids(cred, proc->p_ucred))) 1448 return (error);
1406 1407 /* 1408 * UNIX signal semantics depend on the status of the P_SUGID 1409 * bit on the target process. If the bit is set, then additional 1410 * restrictions are placed on the set of available signals. 1411 / 1412 if (conservative_signals && (proc->p_flag & P_SUGID)) { 1413 switch (signum) { --- 89 unchanged lines hidden* (view full) --- 1503 if ((error = prison_check(td->td_ucred, p->p_ucred))) 1504 return (error); 1505#ifdef MAC 1506 if ((error = mac_check_proc_sched(td->td_ucred, p))) 1507 return (error); 1508#endif 1509 if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) 1510 return (error);	1449 1450 /* 1451 * UNIX signal semantics depend on the status of the P_SUGID 1452 * bit on the target process. If the bit is set, then additional 1453 * restrictions are placed on the set of available signals. 1454 / 1455 if (conservative_signals && (proc->p_flag & P_SUGID)) { 1456 switch (signum) { --- 89 unchanged lines hidden* (view full) --- 1546 if ((error = prison_check(td->td_ucred, p->p_ucred))) 1547 return (error); 1548#ifdef MAC 1549 if ((error = mac_check_proc_sched(td->td_ucred, p))) 1550 return (error); 1551#endif 1552 if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) 1553 return (error);
	1554 if ((error = cr_seeothergids(td->td_ucred, p->p_ucred))) 1555 return (error);
1511 if (td->td_ucred->cr_ruid == p->p_ucred->cr_ruid) 1512 return (0); 1513 if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid) 1514 return (0); 1515 if (suser_cred(td->td_ucred, PRISON_ROOT) == 0) 1516 return (0); 1517 1518#ifdef CAPABILITIES --- 45 unchanged lines hidden (view full) --- 1564 if ((error = prison_check(td->td_ucred, p->p_ucred))) 1565 return (error); 1566#ifdef MAC 1567 if ((error = mac_check_proc_debug(td->td_ucred, p))) 1568 return (error); 1569#endif 1570 if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) 1571 return (error);	1556 if (td->td_ucred->cr_ruid == p->p_ucred->cr_ruid) 1557 return (0); 1558 if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid) 1559 return (0); 1560 if (suser_cred(td->td_ucred, PRISON_ROOT) == 0) 1561 return (0); 1562 1563#ifdef CAPABILITIES --- 45 unchanged lines hidden (view full) --- 1609 if ((error = prison_check(td->td_ucred, p->p_ucred))) 1610 return (error); 1611#ifdef MAC 1612 if ((error = mac_check_proc_debug(td->td_ucred, p))) 1613 return (error); 1614#endif 1615 if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) 1616 return (error);
	1617 if ((error = cr_seeothergids(td->td_ucred, p->p_ucred))) 1618 return (error);
1572 1573 /* 1574 * Is p's group set a subset of td's effective group set? This 1575 * includes p's egid, group access list, rgid, and svgid. 1576 / 1577 grpsubset = 1; 1578 for (i = 0; i < p->p_ucred->cr_ngroups; i++) { 1579 if (!groupmember(p->p_ucred->cr_groups[i], td->td_ucred)) { --- 63 unchanged lines hidden* (view full) --- 1643 return (ENOENT); 1644#ifdef MAC 1645 error = mac_check_socket_visible(cred, so); 1646 if (error) 1647 return (error); 1648#endif 1649 if (cr_seeotheruids(cred, so->so_cred)) 1650 return (ENOENT);	1619 1620 /* 1621 * Is p's group set a subset of td's effective group set? This 1622 * includes p's egid, group access list, rgid, and svgid. 1623 / 1624 grpsubset = 1; 1625 for (i = 0; i < p->p_ucred->cr_ngroups; i++) { 1626 if (!groupmember(p->p_ucred->cr_groups[i], td->td_ucred)) { --- 63 unchanged lines hidden* (view full) --- 1690 return (ENOENT); 1691#ifdef MAC 1692 error = mac_check_socket_visible(cred, so); 1693 if (error) 1694 return (error); 1695#endif 1696 if (cr_seeotheruids(cred, so->so_cred)) 1697 return (ENOENT);
	1698 if (cr_seeothergids(cred, so->so_cred)) 1699 return (ENOENT);
1651 1652 return (0); 1653} 1654 1655/* 1656 * Allocate a zeroed cred structure. 1657 * MPSAFE 1658 / --- 329 unchanged lines hidden* ---	1700 1701 return (0); 1702} 1703 1704/* 1705 * Allocate a zeroed cred structure. 1706 * MPSAFE 1707 / --- 329 unchanged lines hidden* ---