diff options
author | Stephen J. Kiernan <stevek@FreeBSD.org> | 2019-05-17 18:02:26 +0000 |
---|---|---|
committer | Stephen J. Kiernan <stevek@FreeBSD.org> | 2019-05-17 18:02:26 +0000 |
commit | 9ce904dfde0ce588eea3f090adf79f54a56c6c2e (patch) | |
tree | ba075803a864a7fe14a3299ae05f87b5d72e6096 /sys | |
parent | 3da3012ace35d97e4e41ae256e63119786c36596 (diff) | |
download | src-9ce904dfde0ce588eea3f090adf79f54a56c6c2e.tar.gz src-9ce904dfde0ce588eea3f090adf79f54a56c6c2e.zip |
Protect commands that are considered dangerous with checks for kmem write
priv. This allows for MAC/veriexec to prevent apps that are not "trusted"
from using these commands.
Obtained from: Juniper Networks, Inc.
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=347934
Diffstat (limited to 'sys')
-rw-r--r-- | sys/dev/veriexec/verified_exec.c | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/sys/dev/veriexec/verified_exec.c b/sys/dev/veriexec/verified_exec.c index 8f255ed9efc2..12f69433e528 100644 --- a/sys/dev/veriexec/verified_exec.c +++ b/sys/dev/veriexec/verified_exec.c @@ -1,7 +1,7 @@ /* * $FreeBSD$ * - * Copyright (c) 2011-2013, 2015, Juniper Networks, Inc. + * Copyright (c) 2011-2013, 2015, 2019 Juniper Networks, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -44,6 +44,7 @@ #include <sys/mount.h> #include <sys/mutex.h> #include <sys/namei.h> +#include <sys/priv.h> #include <sys/proc.h> #include <sys/queue.h> #include <sys/vnode.h> @@ -70,6 +71,37 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cmd, caddr_t data, struct verified_exec_params *params; int error = 0; + /* + * These commands are considered safe requests for anyone who has + * permission to access to device node. + */ + switch (cmd) { + case VERIEXEC_GETSTATE: + { + int *ip = (int *)data; + + if (ip) + *ip = mac_veriexec_get_state(); + else + error = EINVAL; + + return (error); + } + break; + default: + break; + } + + /* + * Anything beyond this point is considered dangerous, so we need to + * only allow processes that have kmem write privs to do them. + * + * MAC/veriexec will grant kmem write privs to "trusted" processes. + */ + error = priv_check(td, PRIV_KMEM_WRITE); + if (error) + return (error); + params = (struct verified_exec_params *)data; switch (cmd) { case VERIEXEC_ACTIVE: @@ -106,16 +138,6 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cmd, caddr_t data, error = EINVAL; mtx_unlock(&ve_mutex); break; - case VERIEXEC_GETSTATE: - { - int *ip = (int *)data; - - if (ip) - *ip = mac_veriexec_get_state(); - else - error = EINVAL; - } - break; case VERIEXEC_LOCK: mtx_lock(&ve_mutex); mac_veriexec_set_state(VERIEXEC_STATE_LOCKED); |