1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-13 10:02:38 +00:00

Audit arguments to System V IPC system calls implementing sempahores,

message queues, and shared memory.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL
This commit is contained in:
Robert Watson 2017-03-30 22:26:15 +00:00
parent f907080983
commit 1c2da02938
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=316308
4 changed files with 81 additions and 2 deletions

View File

@ -18,6 +18,7 @@
*/
/*-
* Copyright (c) 2003-2005 McAfee, Inc.
* Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by McAfee
@ -25,6 +26,11 @@
* contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
* program.
*
* Portions of this software were developed by BAE Systems, the University of
* Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
* contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
* Computing (TC) research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -508,6 +514,8 @@ kern_msgctl(td, msqid, cmd, msqbuf)
if (rpr == NULL)
return (ENOSYS);
AUDIT_ARG_SVIPC_CMD(cmd);
AUDIT_ARG_SVIPC_ID(msqid);
msqix = IPCID_TO_IX(msqid);
if (msqix < 0 || msqix >= msginfo.msgmni) {
@ -579,6 +587,7 @@ kern_msgctl(td, msqid, cmd, msqbuf)
break;
case IPC_SET:
AUDIT_ARG_SVIPC_PERM(&msqbuf->msg_perm);
if ((error = ipcperm(td, &msqkptr->u.msg_perm, IPC_M)))
goto done2;
if (msqbuf->msg_qbytes > msqkptr->u.msg_qbytes) {
@ -667,6 +676,8 @@ sys_msgget(td, uap)
error = EEXIST;
goto done2;
}
AUDIT_ARG_SVIPC_ID(IXSEQ_TO_IPCID(msqid,
msqkptr->u.msg_perm));
if ((error = ipcperm(td, &msqkptr->u.msg_perm,
msgflg & 0700))) {
DPRINTF(("requester doesn't have 0%o access\n",
@ -735,6 +746,7 @@ sys_msgget(td, uap)
#ifdef MAC
mac_sysvmsq_create(cred, msqkptr);
#endif
AUDIT_ARG_SVIPC_PERM(&msqkptr->u.msg_perm);
} else {
DPRINTF(("didn't find it and wasn't asked to create it\n"));
error = ENOENT;
@ -780,6 +792,7 @@ kern_msgsnd(td, msqid, msgp, msgsz, msgflg, mtype)
return (ENOSYS);
mtx_lock(&msq_mtx);
AUDIT_ARG_SVIPC_ID(msqid);
msqix = IPCID_TO_IX(msqid);
if (msqix < 0 || msqix >= msginfo.msgmni) {
@ -790,6 +803,7 @@ kern_msgsnd(td, msqid, msgp, msgsz, msgflg, mtype)
}
msqkptr = &msqids[msqix];
AUDIT_ARG_SVIPC_PERM(&msqkptr->u.msg_perm);
if (msqkptr->u.msg_qbytes == 0) {
DPRINTF(("no such message queue id\n"));
error = EINVAL;
@ -1152,6 +1166,7 @@ kern_msgrcv(td, msqid, msgp, msgsz, msgtyp, msgflg, mtype)
if (rpr == NULL)
return (ENOSYS);
AUDIT_ARG_SVIPC_ID(msqid);
msqix = IPCID_TO_IX(msqid);
if (msqix < 0 || msqix >= msginfo.msgmni) {
@ -1162,6 +1177,7 @@ kern_msgrcv(td, msqid, msgp, msgsz, msgtyp, msgflg, mtype)
msqkptr = &msqids[msqix];
mtx_lock(&msq_mtx);
AUDIT_ARG_SVIPC_PERM(&msqkptr->u.msg_perm);
if (msqkptr->u.msg_qbytes == 0) {
DPRINTF(("no such message queue id\n"));
error = EINVAL;

View File

@ -7,6 +7,7 @@
*/
/*-
* Copyright (c) 2003-2005 McAfee, Inc.
* Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by McAfee
@ -14,6 +15,11 @@
* contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
* program.
*
* Portions of this software were developed by BAE Systems, the University of
* Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
* contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
* Computing (TC) research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -691,6 +697,9 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd,
DPRINTF(("call to semctl(%d, %d, %d, 0x%p)\n",
semid, semnum, cmd, arg));
AUDIT_ARG_SVIPC_CMD(cmd);
AUDIT_ARG_SVIPC_ID(semid);
rpr = sem_find_prison(td->td_ucred);
if (sem == NULL)
return (ENOSYS);
@ -758,6 +767,7 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd,
break;
case IPC_SET:
AUDIT_ARG_SVIPC_PERM(&arg->buf->sem_perm);
if ((error = semvalid(semid, rpr, semakptr)) != 0)
goto done2;
if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_M)))
@ -948,6 +958,8 @@ sys_semget(struct thread *td, struct semget_args *uap)
DPRINTF(("semget(0x%x, %d, 0%o)\n", key, nsems, semflg));
AUDIT_ARG_VALUE(semflg);
if (sem_find_prison(cred) == NULL)
return (ENOSYS);
@ -961,6 +973,7 @@ sys_semget(struct thread *td, struct semget_args *uap)
break;
}
if (semid < seminfo.semmni) {
AUDIT_ARG_SVIPC_ID(semid);
DPRINTF(("found public key\n"));
if ((semflg & IPC_CREAT) && (semflg & IPC_EXCL)) {
DPRINTF(("not exclusive\n"));
@ -1090,6 +1103,8 @@ sys_semop(struct thread *td, struct semop_args *uap)
#endif
DPRINTF(("call to semop(%d, %p, %u)\n", semid, sops, nsops));
AUDIT_ARG_SVIPC_ID(semid);
rpr = sem_find_prison(td->td_ucred);
if (sem == NULL)
return (ENOSYS);

View File

@ -30,6 +30,7 @@
*/
/*-
* Copyright (c) 2003-2005 McAfee, Inc.
* Copyright (c) 2016-2017 Robert N. M. Watson
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by McAfee
@ -37,6 +38,11 @@
* contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
* program.
*
* Portions of this software were developed by BAE Systems, the University of
* Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
* contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
* Computing (TC) research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -324,8 +330,10 @@ kern_shmdt_locked(struct thread *td, const void *shmaddr)
{
struct proc *p = td->td_proc;
struct shmmap_state *shmmap_s;
#ifdef MAC
#if defined(AUDIT) || defined(MAC)
struct shmid_kernel *shmsegptr;
#endif
#ifdef MAC
int error;
#endif
int i;
@ -336,6 +344,7 @@ kern_shmdt_locked(struct thread *td, const void *shmaddr)
shmmap_s = p->p_vmspace->vm_shm;
if (shmmap_s == NULL)
return (EINVAL);
AUDIT_ARG_SVIPC_ID(shmmap_s->shmid);
for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) {
if (shmmap_s->shmid != -1 &&
shmmap_s->va == (vm_offset_t)shmaddr) {
@ -344,8 +353,10 @@ kern_shmdt_locked(struct thread *td, const void *shmaddr)
}
if (i == shminfo.shmseg)
return (EINVAL);
#ifdef MAC
#if (defined(AUDIT) && defined(KDTRACE_HOOKS)) || defined(MAC)
shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)];
#endif
#ifdef MAC
error = mac_sysvshm_check_shmdt(td->td_ucred, shmsegptr);
if (error != 0)
return (error);
@ -382,6 +393,9 @@ kern_shmat_locked(struct thread *td, int shmid, const void *shmaddr,
vm_size_t size;
int error, i, rv;
AUDIT_ARG_SVIPC_ID(shmid);
AUDIT_ARG_VALUE(shmflg);
SYSVSHM_ASSERT_LOCKED();
rpr = shm_find_prison(td->td_ucred);
if (rpr == NULL)
@ -493,6 +507,9 @@ kern_shmctl_locked(struct thread *td, int shmid, int cmd, void *buf,
if (rpr == NULL)
return (ENOSYS);
AUDIT_ARG_SVIPC_ID(shmid);
AUDIT_ARG_SVIPC_CMD(cmd);
switch (cmd) {
/*
* It is possible that kern_shmctl is being called from the Linux ABI
@ -550,6 +567,7 @@ kern_shmctl_locked(struct thread *td, int shmid, int cmd, void *buf,
break;
case IPC_SET:
shmidp = (struct shmid_ds *)buf;
AUDIT_ARG_SVIPC_PERM(&shmidp->shm_perm);
error = ipcperm(td, &shmseg->u.shm_perm, IPC_M);
if (error != 0)
return (error);

View File

@ -239,6 +239,11 @@ void audit_thread_free(struct thread *td);
audit_arg_pid((pid)); \
} while (0)
#define AUDIT_ARG_POSIX_IPC_PERM(uid, gid, mode) do { \
if (AUDITING_TD(curthread)) \
audit_arg_posix_ipc_perm((uid), (gid), (mod)); \
} while (0)
#define AUDIT_ARG_PROCESS(p) do { \
if (AUDITING_TD(curthread)) \
audit_arg_process((p)); \
@ -289,6 +294,26 @@ void audit_thread_free(struct thread *td);
audit_arg_suid((suid)); \
} while (0)
#define AUDIT_ARG_SVIPC_CMD(cmd) do { \
if (AUDITING_TD(curthread)) \
audit_arg_svipc_cmd((cmd)); \
} while (0)
#define AUDIT_ARG_SVIPC_PERM(perm) do { \
if (AUDITING_TD(curthread)) \
audit_arg_svipc_perm((perm)); \
} while (0)
#define AUDIT_ARG_SVIPC_ID(id) do { \
if (AUDITING_TD(curthread)) \
audit_arg_svipc_id((id)); \
} while (0)
#define AUDIT_ARG_SVIPC_ADDR(addr) do { \
if (AUDITING_TD(curthread)) \
audit_arg_svipc_addr((addr)); \
} while (0)
#define AUDIT_ARG_SVIPC_WHICH(which) do { \
if (AUDITING_TD(curthread)) \
audit_arg_svipc_which((which)); \
@ -375,6 +400,7 @@ void audit_thread_free(struct thread *td);
#define AUDIT_ARG_MODE(mode)
#define AUDIT_ARG_OWNER(uid, gid)
#define AUDIT_ARG_PID(pid)
#define AUDIT_ARG_POSIX_IPC_PERM(uid, gid, mode)
#define AUDIT_ARG_PROCESS(p)
#define AUDIT_ARG_RGID(rgid)
#define AUDIT_ARG_RIGHTS(rights)
@ -385,6 +411,10 @@ void audit_thread_free(struct thread *td);
#define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol)
#define AUDIT_ARG_SOCKADDR(td, dirfd, sa)
#define AUDIT_ARG_SUID(suid)
#define AUDIT_ARG_SVIPC_CMD(cmd)
#define AUDIT_ARG_SVIPC_PERM(perm)
#define AUDIT_ARG_SVIPC_ID(id)
#define AUDIT_ARG_SVIPC_ADDR(addr)
#define AUDIT_ARG_SVIPC_WHICH(which)
#define AUDIT_ARG_TEXT(text)
#define AUDIT_ARG_UID(uid)