Page MenuHomeFreeBSD
Differential D40627

New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
ClosedPublic
Actions

Authored by olce on Jun 20 2023, 1:44 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Nov 10, 3:42 AM
Unknown Object (File)
Wed, Nov 6, 5:02 PM
Unknown Object (File)
Wed, Nov 6, 10:42 AM
Unknown Object (File)
Wed, Oct 30, 3:57 PM
Unknown Object (File)
Oct 16 2024, 2:31 AM
Unknown Object (File)
Oct 15 2024, 5:49 PM
Unknown Object (File)
Oct 13 2024, 5:55 PM
Unknown Object (File)
Oct 13 2024, 2:11 AM
View All 85 Files
Subscribers
emaste
imp
mhorne
zlei

Details

Reviewers
mjg
kib
dchagin
mhorne
olce
Commits
rG0dafeb5bc874: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
rG768fe2300987: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
rG3ad322db8902: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
rGe4a7b4f99cfd: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
Summary

This is a new helper function that leverages existing code: It calls
successively cr_canseeotheruids(), cr_canseeothergids() and cr_canseejailproc()
(as long as the previous didn't deny access). Will be used in a subsequent
commit.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 52640
Build 49531: arc lint + arc unit

Event Timeline

olce created this revision.Jun 20 2023, 1:44 PM
Herald added a subscriber: imp. · View Herald TranscriptJun 20 2023, 1:44 PM
olce requested review of this revision.Jun 20 2023, 1:44 PM
Harbormaster completed remote builds in B52162: Diff 123493.Jun 20 2023, 1:44 PM
olce added a parent revision: D40626: cr_canseejailproc(): New privilege, no direct check for UID 0.Jun 20 2023, 2:04 PM
olce added a child revision: D40628: Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible().Jun 20 2023, 2:11 PM
olce added reviewers: mjg, kib, dchagin.Jun 20 2023, 9:03 PM
emaste added a subscriber: emaste.Jun 29 2023, 3:48 PM
emaste added inline comments.
sys/kern/kern_prot.c
1441

Please mention return values for consistency with other function comments in this file

zlei added a subscriber: zlei.Jul 2 2023, 6:49 AM
zlei added inline comments.
sys/kern/kern_prot.c
1444

Naming is hard.
cr_bsd_visible() seems to be consistent with current naming.

olce marked an inline comment as done.Jul 2 2023, 10:15 AM
olce added inline comments.
sys/kern/kern_prot.c
1444

Indeed.

The most important thing is that the name reflects that these are BSD-specific (actually, FreeBSD-specific, but anyway) security policies and that these affect object/subject visibility.

I considered naming the function cr_security_bsd_visibility so as to reference the sysctl security.bsd more explicitly, but then the name was longer and probably not more helpful than the short form to people that are not aware of the security.bsd nodes.

I'm not that pleased with the name, but it does the job and I couldn't come up with a better idea. Suggestions welcome.

olce updated this revision to Diff 124109.Jul 3 2023, 8:05 AM
olce marked an inline comment as done.

Some info about return codes.

Harbormaster completed remote builds in B52389: Diff 124109.Jul 3 2023, 8:05 AM
olce marked an inline comment as done.Jul 3 2023, 8:05 AM
mhorne accepted this revision.Jul 12 2023, 4:25 PM
mhorne added a subscriber: mhorne.
mhorne added inline comments.
sys/kern/kern_prot.c
1444

I also think cr_bsd_visible() is very slightly better.

sys/sys/proc.h
1162

I think the comment is not so valuable here.

This revision is now accepted and ready to land.Jul 12 2023, 4:25 PM
olce updated this revision to Diff 124662.Jul 14 2023, 9:38 AM
olce retitled this revision from New cr_bsd_visibility(): Whether BSD policies deny seeing subjects/objects to New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects.

Rename cr_bsd_visibility() to cr_bsd_visible().

This revision now requires review to proceed.Jul 14 2023, 9:38 AM
Harbormaster completed remote builds in B52640: Diff 124662.Jul 14 2023, 9:38 AM
olce accepted this revision.Jul 14 2023, 9:39 AM

Mark as accepted again, since the only change is the rename: cr_bsd_visibility() to cr_bsd_visible().

This revision is now accepted and ready to land.Jul 14 2023, 9:39 AM
olce marked 2 inline comments as done.Jul 14 2023, 9:43 AM
mhorne accepted this revision.Jul 14 2023, 2:40 PM
olce updated this revision to Diff 124765.Jul 17 2023, 4:38 PM

Fix context lines after update of D40626.

This revision now requires review to proceed.Jul 17 2023, 4:38 PM
Harbormaster completed remote builds in B52675: Diff 124765.Jul 17 2023, 4:38 PM
olce accepted this revision.Jul 17 2023, 4:39 PM

Mark as accepted again, no diff change in the last update.

This revision is now accepted and ready to land.Jul 17 2023, 4:39 PM
Closed by commit rGe4a7b4f99cfd: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects (authored by olce, committed by mhorne). · Explain WhySep 28 2023, 3:11 PM
This revision was automatically updated to reflect the committed changes.
mhorne added a commit: rGe4a7b4f99cfd: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects.
mhorne added a commit: rG3ad322db8902: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects.Oct 17 2023, 7:43 PM
mhorne added a commit: rG768fe2300987: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects.Oct 18 2023, 6:04 PM
olce added a commit: rG0dafeb5bc874: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects.Dec 21 2023, 1:45 PM

Revision Contents
Changeset List

PathSize
sys/
kern/
21 lines
sys/
1 line

Diff 124662

View Options

sys/kern/kern_prot.c

Loading...
View Options

sys/sys/proc.h

Loading...