Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/mac_seeotheruids/mac_seeotheruids.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2002 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * 9 * This software was developed for the FreeBSD Project in part by Network 10 * Associates Laboratories, the Security Research Division of Network 11 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 12 * as part of the DARPA CHATS research program. 13 * 14 * This software was enhanced by SPARTA ISSO under SPAWAR contract 15 * N66001-04-C-6019 ("SEFOS"). 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * $FreeBSD$ 39 */ 40 41 /* 42 * Developed by the TrustedBSD Project. 43 * 44 * Prevent processes owned by a particular uid from seeing various transient 45 * kernel objects associated with other uids. 46 */ 47 48 #include <sys/param.h> 49 #include <sys/kernel.h> 50 #include <sys/module.h> 51 #include <sys/priv.h> 52 #include <sys/proc.h> 53 #include <sys/systm.h> 54 #include <sys/socket.h> 55 #include <sys/socketvar.h> 56 #include <sys/sysctl.h> 57 58 #include <net/route.h> 59 #include <netinet/in.h> 60 #include <netinet/in_pcb.h> 61 62 #include <security/mac/mac_policy.h> 63 64 SYSCTL_DECL(_security_mac); 65 66 static SYSCTL_NODE(_security_mac, OID_AUTO, seeotheruids, 67 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 68 "TrustedBSD mac_seeotheruids policy controls"); 69 70 static int seeotheruids_enabled = 1; 71 SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, enabled, CTLFLAG_RW, 72 &seeotheruids_enabled, 0, "Enforce seeotheruids policy"); 73 74 /* 75 * Exception: allow credentials to be aware of other credentials with the 76 * same primary gid. 77 */ 78 static int primarygroup_enabled = 0; 79 SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, primarygroup_enabled, 80 CTLFLAG_RW, &primarygroup_enabled, 0, "Make an exception for credentials " 81 "with the same real primary group id"); 82 83 /* 84 * Exception: allow the root user to be aware of other credentials by virtue 85 * of privilege. 86 */ 87 static int suser_privileged = 1; 88 SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, suser_privileged, 89 CTLFLAG_RW, &suser_privileged, 0, "Make an exception for superuser"); 90 91 /* 92 * Exception: allow processes with a specific gid to be exempt from the 93 * policy. One sysctl enables this functionality; the other sets the 94 * exempt gid. 95 */ 96 static int specificgid_enabled = 0; 97 SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, specificgid_enabled, 98 CTLFLAG_RW, &specificgid_enabled, 0, "Make an exception for credentials " 99 "with a specific gid as their real primary group id or group set"); 100 101 static gid_t specificgid = 0; 102 SYSCTL_UINT(_security_mac_seeotheruids, OID_AUTO, specificgid, CTLFLAG_RW, 103 &specificgid, 0, "Specific gid to be exempt from seeotheruids policy"); 104 105 static int 106 seeotheruids_check(struct ucred *cr1, struct ucred *cr2) 107 { 108 109 if (!seeotheruids_enabled) 110 return (0); 111 112 if (primarygroup_enabled) { 113 if (cr1->cr_rgid == cr2->cr_rgid) 114 return (0); 115 } 116 117 if (specificgid_enabled) { 118 if (cr1->cr_rgid == specificgid || 119 groupmember(specificgid, cr1)) 120 return (0); 121 } 122 123 if (cr1->cr_ruid == cr2->cr_ruid) 124 return (0); 125 126 if (suser_privileged) { 127 if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS) == 0) 128 return (0); 129 } 130 131 return (ESRCH); 132 } 133 134 static int 135 seeotheruids_proc_check_debug(struct ucred *cred, struct proc *p) 136 { 137 138 return (seeotheruids_check(cred, p->p_ucred)); 139 } 140 141 static int 142 seeotheruids_proc_check_sched(struct ucred *cred, struct proc *p) 143 { 144 145 return (seeotheruids_check(cred, p->p_ucred)); 146 } 147 148 static int 149 seeotheruids_proc_check_signal(struct ucred *cred, struct proc *p, 150 int signum) 151 { 152 153 return (seeotheruids_check(cred, p->p_ucred)); 154 } 155 156 static int 157 seeotheruids_cred_check_visible(struct ucred *cr1, struct ucred *cr2) 158 { 159 160 return (seeotheruids_check(cr1, cr2)); 161 } 162 163 static int 164 seeotheruids_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 165 struct label *inplabel) 166 { 167 168 return (seeotheruids_check(cred, inp->inp_cred)); 169 } 170 171 static int 172 seeotheruids_socket_check_visible(struct ucred *cred, struct socket *so, 173 struct label *solabel) 174 { 175 176 return (seeotheruids_check(cred, so->so_cred)); 177 } 178 179 static struct mac_policy_ops seeotheruids_ops = 180 { 181 .mpo_proc_check_debug = seeotheruids_proc_check_debug, 182 .mpo_proc_check_sched = seeotheruids_proc_check_sched, 183 .mpo_proc_check_signal = seeotheruids_proc_check_signal, 184 .mpo_cred_check_visible = seeotheruids_cred_check_visible, 185 .mpo_inpcb_check_visible = seeotheruids_inpcb_check_visible, 186 .mpo_socket_check_visible = seeotheruids_socket_check_visible, 187 }; 188 189 MAC_POLICY_SET(&seeotheruids_ops, mac_seeotheruids, 190 "TrustedBSD MAC/seeotheruids", MPC_LOADTIME_FLAG_UNLOADOK, NULL);
Cache object: 1be805f08c99aee18b8100266d8bab7c
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]