RS: fix IPC privilege computation bug
Take into account the ALL and ALL_SYS cases when constructing proper symmetrical IPC send masks. Fix system.conf accordingly, to keep userland processes from sending to several non-interface servers and drivers. Also fix IS's F4 formatting.
This commit is contained in:
David van Moolenbroek
parent
7bef45ad3b
commit
9639af49d2
3 changed files with 46 additions and 25 deletions
|
|
@ -23,7 +23,7 @@ service rs
|
|||
service ds
|
||||
{
|
||||
uid 0;
|
||||
ipc ALL; # ALL ipc targets allowed
|
||||
ipc ALL_SYS; # All system ipc targets allowed
|
||||
system ALL; # ALL kernel calls allowed
|
||||
vm BASIC; # Only basic VM calls allowed
|
||||
io NONE; # No I/O range allowed
|
||||
|
|
@ -76,7 +76,7 @@ service pm
|
|||
service sched
|
||||
{
|
||||
uid 0;
|
||||
ipc ALL; # ALL ipc targets allowed
|
||||
ipc ALL_SYS; # All system ipc targets allowed
|
||||
system ALL; # ALL kernel calls allowed
|
||||
vm BASIC; # Only basic VM calls allowed
|
||||
io NONE; # No I/O range allowed
|
||||
|
|
@ -108,7 +108,7 @@ service vfs
|
|||
service mfs
|
||||
{
|
||||
uid 0;
|
||||
ipc ALL; # ALL ipc targets allowed
|
||||
ipc ALL_SYS; # All system ipc targets allowed
|
||||
system BASIC; # Only basic kernel calls allowed
|
||||
vm BASIC; # Only basic VM calls allowed
|
||||
io NONE; # No I/O range allowed
|
||||
|
|
@ -121,7 +121,7 @@ service mfs
|
|||
|
||||
service ext2
|
||||
{
|
||||
ipc ALL; # ALL ipc targets allowed
|
||||
ipc ALL_SYS; # All system ipc targets allowed
|
||||
system BASIC; # Only basic kernel calls allowed
|
||||
vm BASIC; # Only basic VM calls allowed
|
||||
io NONE; # No I/O range allowed
|
||||
|
|
@ -135,7 +135,7 @@ service ext2
|
|||
service pfs
|
||||
{
|
||||
uid 0;
|
||||
ipc ALL; # ALL ipc targets allowed
|
||||
ipc ALL_SYS; # All system ipc targets allowed
|
||||
system BASIC; # Only basic kernel calls allowed
|
||||
vm BASIC; # Only basic VM calls allowed
|
||||
io NONE; # No I/O range allowed
|
||||
|
|
@ -149,7 +149,7 @@ service pfs
|
|||
service tty
|
||||
{
|
||||
uid 0;
|
||||
ipc ALL; # ALL ipc targets allowed
|
||||
ipc ALL_SYS; # All system ipc targets allowed
|
||||
system # Extra kernel calls allowed:
|
||||
KILL # 06
|
||||
SEGCTL # 12
|
||||
|
|
@ -177,7 +177,7 @@ service tty
|
|||
service memory
|
||||
{
|
||||
uid 0;
|
||||
ipc ALL; # ALL ipc targets allowed
|
||||
ipc ALL_SYS; # All system ipc targets allowed
|
||||
system # Extra kernel calls allowed:
|
||||
SEGCTL # 12
|
||||
UMAP # 14
|
||||
|
|
@ -202,7 +202,7 @@ service memory
|
|||
service log
|
||||
{
|
||||
uid 0;
|
||||
ipc ALL; # ALL ipc targets allowed
|
||||
ipc ALL_SYS; # All system ipc targets allowed
|
||||
system # Extra kernel calls allowed:
|
||||
SEGCTL # 12
|
||||
UMAP # 14
|
||||
|
|
|
|||
|
|
@ -326,7 +326,8 @@ PUBLIC void privileges_dmp()
|
|||
return;
|
||||
}
|
||||
|
||||
printf("-nr- -id- -name-- -flags- traps grants -ipc_to-- -kernel calls-\n");
|
||||
printf("-nr- -id- -name-- -flags- traps grants -ipc_to--"
|
||||
" -kernel calls-\n");
|
||||
|
||||
PROCLOOP(rp, oldrp)
|
||||
r = -1;
|
||||
|
|
@ -335,7 +336,7 @@ PUBLIC void privileges_dmp()
|
|||
if (r == -1 && !isemptyp(rp)) {
|
||||
sp = &priv[USER_PRIV_ID];
|
||||
}
|
||||
printf("(%02u) %-7.7s %s %s %7d",
|
||||
printf("(%02u) %-7.7s %s %s %6d",
|
||||
sp->s_id, rp->p_name,
|
||||
s_flags_str(sp->s_flags), s_traps_str(sp->s_trap_mask),
|
||||
sp->s_grant_entries);
|
||||
|
|
|
|||
|
|
@ -1957,7 +1957,7 @@ struct priv *privp;
|
|||
struct rproc *rrp;
|
||||
struct rprocpub *rrpub;
|
||||
char *proc_name;
|
||||
int priv_id;
|
||||
int priv_id, is_ipc_all, is_ipc_all_sys;
|
||||
|
||||
proc_name = rp->r_pub->proc_name;
|
||||
|
||||
|
|
@ -1965,25 +1965,45 @@ struct priv *privp;
|
|||
if (!(rrp->r_flags & RS_IN_USE))
|
||||
continue;
|
||||
|
||||
/* If an IPC target list was provided for the process being
|
||||
* checked here, make sure that the name of the new process
|
||||
if (!rrp->r_ipc_list[0])
|
||||
continue;
|
||||
|
||||
/* If the process being checked is set to allow IPC to all
|
||||
* other processes, or for all other system processes and the
|
||||
* target process is a system process, add a permission bit.
|
||||
*/
|
||||
rrpub = rrp->r_pub;
|
||||
|
||||
is_ipc_all = !strcmp(rrp->r_ipc_list, RSS_IPC_ALL);
|
||||
is_ipc_all_sys = !strcmp(rrp->r_ipc_list, RSS_IPC_ALL_SYS);
|
||||
|
||||
if (is_ipc_all ||
|
||||
(is_ipc_all_sys && (privp->s_flags & SYS_PROC))) {
|
||||
#if PRIV_DEBUG
|
||||
printf(" RS: add_backward_ipc: setting sendto bit "
|
||||
"for %d...\n", rrpub->endpoint);
|
||||
#endif
|
||||
priv_id= rrp->r_priv.s_id;
|
||||
set_sys_bit(privp->s_ipc_to, priv_id);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
/* An IPC target list was provided for the process being
|
||||
* checked here. Make sure that the name of the new process
|
||||
* is in that process's list. There may be multiple matches.
|
||||
*/
|
||||
if (rrp->r_ipc_list[0]) {
|
||||
rrpub = rrp->r_pub;
|
||||
p = rrp->r_ipc_list;
|
||||
p = rrp->r_ipc_list;
|
||||
|
||||
while ((p = get_next_name(p, name,
|
||||
rrpub->label)) != NULL) {
|
||||
if (!strcmp(proc_name, name)) {
|
||||
while ((p = get_next_name(p, name, rrpub->label)) != NULL) {
|
||||
if (!strcmp(proc_name, name)) {
|
||||
#if PRIV_DEBUG
|
||||
printf(" RS: add_backward_ipc: setting"
|
||||
" sendto bit for %d...\n",
|
||||
rrpub->endpoint);
|
||||
printf(" RS: add_backward_ipc: setting sendto"
|
||||
" bit for %d...\n",
|
||||
rrpub->endpoint);
|
||||
#endif
|
||||
priv_id= rrp->r_priv.s_id;
|
||||
set_sys_bit(privp->s_ipc_to, priv_id);
|
||||
}
|
||||
priv_id= rrp->r_priv.s_id;
|
||||
set_sys_bit(privp->s_ipc_to, priv_id);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue