Page MenuHomeFreeBSD

New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
ClosedPublic

Authored by olce on Jun 20 2023, 1:44 PM.
Tags
None
Referenced Files
F102635744: D40627.diff
Fri, Nov 15, 3:34 AM
Unknown Object (File)
Sun, Nov 10, 3:42 AM
Unknown Object (File)
Wed, Nov 6, 5:02 PM
Unknown Object (File)
Wed, Nov 6, 10:42 AM
Unknown Object (File)
Wed, Oct 30, 3:57 PM
Unknown Object (File)
Oct 16 2024, 2:31 AM
Unknown Object (File)
Oct 15 2024, 5:49 PM
Unknown Object (File)
Oct 13 2024, 5:55 PM

Details

Summary

This is a new helper function that leverages existing code: It calls
successively cr_canseeotheruids(), cr_canseeothergids() and cr_canseejailproc()
(as long as the previous didn't deny access). Will be used in a subsequent
commit.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 52162
Build 49053: arc lint + arc unit

Event Timeline

olce requested review of this revision.Jun 20 2023, 1:44 PM
emaste added inline comments.
sys/kern/kern_prot.c
1431

Please mention return values for consistency with other function comments in this file

zlei added inline comments.
sys/kern/kern_prot.c
1434

Naming is hard.
cr_bsd_visible() seems to be consistent with current naming.

olce marked an inline comment as done.Jul 2 2023, 10:15 AM
olce added inline comments.
sys/kern/kern_prot.c
1434

Indeed.

The most important thing is that the name reflects that these are BSD-specific (actually, FreeBSD-specific, but anyway) security policies and that these affect object/subject visibility.

I considered naming the function cr_security_bsd_visibility so as to reference the sysctl security.bsd more explicitly, but then the name was longer and probably not more helpful than the short form to people that are not aware of the security.bsd nodes.

I'm not that pleased with the name, but it does the job and I couldn't come up with a better idea. Suggestions welcome.

olce marked an inline comment as done.

Some info about return codes.

olce marked an inline comment as done.Jul 3 2023, 8:05 AM
mhorne added a subscriber: mhorne.
mhorne added inline comments.
sys/kern/kern_prot.c
1434

I also think cr_bsd_visible() is very slightly better.

sys/sys/proc.h
1159

I think the comment is not so valuable here.

This revision is now accepted and ready to land.Jul 12 2023, 4:25 PM
olce retitled this revision from New cr_bsd_visibility(): Whether BSD policies deny seeing subjects/objects to New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects.

Rename cr_bsd_visibility() to cr_bsd_visible().

This revision now requires review to proceed.Jul 14 2023, 9:38 AM

Mark as accepted again, since the only change is the rename: cr_bsd_visibility() to cr_bsd_visible().

This revision is now accepted and ready to land.Jul 14 2023, 9:39 AM
olce marked 2 inline comments as done.Jul 14 2023, 9:43 AM

Fix context lines after update of D40626.

This revision now requires review to proceed.Jul 17 2023, 4:38 PM

Mark as accepted again, no diff change in the last update.

This revision is now accepted and ready to land.Jul 17 2023, 4:39 PM