svn commit: r347934 - head/sys/dev/veriexec

Fri, 17 May 2019 11:03:53 -0700 

Author: stevek
Date: Fri May 17 18:02:26 2019
New Revision: 347934
URL: https://svnweb.freebsd.org/changeset/base/347934

Log:
  Protect commands that are considered dangerous with checks for kmem write
  priv. This allows for MAC/veriexec to prevent apps that are not "trusted"
  from using these commands.
  
  Obtained from:        Juniper Networks, Inc.
  MFC after:    1 week

Modified:
  head/sys/dev/veriexec/verified_exec.c

Modified: head/sys/dev/veriexec/verified_exec.c
==============================================================================
--- head/sys/dev/veriexec/verified_exec.c       Fri May 17 17:50:01 2019        
(r347933)
+++ head/sys/dev/veriexec/verified_exec.c       Fri May 17 18:02:26 2019        
(r347934)
@@ -1,7 +1,7 @@
 /*
  * $FreeBSD$
  *
- * Copyright (c) 2011-2013, 2015, Juniper Networks, Inc.
+ * Copyright (c) 2011-2013, 2015, 2019 Juniper Networks, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -44,6 +44,7 @@
 #include <sys/mount.h>
 #include <sys/mutex.h>
 #include <sys/namei.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/queue.h>
 #include <sys/vnode.h>
@@ -70,6 +71,37 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cm
        struct verified_exec_params *params;
        int error = 0;
 
+       /*
+        * These commands are considered safe requests for anyone who has
+        * permission to access to device node.
+        */
+       switch (cmd) {
+       case VERIEXEC_GETSTATE:
+               {
+                       int *ip = (int *)data;
+
+                       if (ip)
+                               *ip = mac_veriexec_get_state();
+                       else
+                           error = EINVAL;
+
+                       return (error);
+               }
+               break;
+       default:
+               break;
+       }
+
+       /*
+        * Anything beyond this point is considered dangerous, so we need to
+        * only allow processes that have kmem write privs to do them.
+        *
+        * MAC/veriexec will grant kmem write privs to "trusted" processes.
+        */
+       error = priv_check(td, PRIV_KMEM_WRITE);
+       if (error)
+               return (error);
+
        params = (struct verified_exec_params *)data;
        switch (cmd) {
        case VERIEXEC_ACTIVE:
@@ -105,16 +137,6 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cm
                else
                        error = EINVAL;
                mtx_unlock(&ve_mutex);
-               break;
-       case VERIEXEC_GETSTATE:
-               {
-                       int *ip = (int *)data;
-                       
-                       if (ip)
-                               *ip = mac_veriexec_get_state();
-                       else
-                           error = EINVAL;
-               }
                break;
        case VERIEXEC_LOCK:
                mtx_lock(&ve_mutex);
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to