secmodel_suser.c revision 1.26
1 1.26 elad /* $NetBSD: secmodel_suser.c,v 1.26 2009/10/03 03:59:39 elad Exp $ */ 2 1.1 elad /*- 3 1.1 elad * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org> 4 1.1 elad * All rights reserved. 5 1.1 elad * 6 1.1 elad * Redistribution and use in source and binary forms, with or without 7 1.1 elad * modification, are permitted provided that the following conditions 8 1.1 elad * are met: 9 1.1 elad * 1. Redistributions of source code must retain the above copyright 10 1.1 elad * notice, this list of conditions and the following disclaimer. 11 1.1 elad * 2. Redistributions in binary form must reproduce the above copyright 12 1.1 elad * notice, this list of conditions and the following disclaimer in the 13 1.1 elad * documentation and/or other materials provided with the distribution. 14 1.1 elad * 3. The name of the author may not be used to endorse or promote products 15 1.1 elad * derived from this software without specific prior written permission. 16 1.1 elad * 17 1.1 elad * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 1.1 elad * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 1.1 elad * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 1.1 elad * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 1.1 elad * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 1.1 elad * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 1.1 elad * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 1.1 elad * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 1.1 elad * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 1.1 elad * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 1.1 elad */ 28 1.1 elad 29 1.1 elad /* 30 1.1 elad * This file contains kauth(9) listeners needed to implement the traditional 31 1.1 elad * NetBSD superuser access restrictions. 32 1.1 elad * 33 1.1 elad * There are two main resources a request can be issued to: user-owned and 34 1.1 elad * system owned. For the first, traditional Unix access checks are done, as 35 1.1 elad * well as superuser checks. If needed, the request context is examined before 36 1.1 elad * a decision is made. For the latter, usually only superuser checks are done 37 1.1 elad * as normal users are not allowed to access system resources. 38 1.1 elad */ 39 1.1 elad 40 1.1 elad #include <sys/cdefs.h> 41 1.26 elad __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.26 2009/10/03 03:59:39 elad Exp $"); 42 1.1 elad 43 1.1 elad #include <sys/types.h> 44 1.1 elad #include <sys/param.h> 45 1.1 elad #include <sys/kauth.h> 46 1.1 elad 47 1.1 elad #include <sys/mutex.h> 48 1.1 elad #include <sys/mount.h> 49 1.1 elad #include <sys/socketvar.h> 50 1.1 elad #include <sys/sysctl.h> 51 1.1 elad #include <sys/vnode.h> 52 1.1 elad #include <sys/proc.h> 53 1.1 elad #include <sys/uidinfo.h> 54 1.1 elad #include <sys/module.h> 55 1.1 elad 56 1.1 elad #include <secmodel/suser/suser.h> 57 1.1 elad 58 1.1 elad MODULE(MODULE_CLASS_SECMODEL, suser, NULL); 59 1.1 elad 60 1.21 elad static int secmodel_suser_curtain; 61 1.1 elad /* static */ int dovfsusermount; 62 1.1 elad 63 1.1 elad static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, 64 1.1 elad l_device, l_vnode; 65 1.1 elad 66 1.1 elad static struct sysctllog *suser_sysctl_log; 67 1.1 elad 68 1.1 elad void 69 1.1 elad sysctl_security_suser_setup(struct sysctllog **clog) 70 1.1 elad { 71 1.1 elad const struct sysctlnode *rnode; 72 1.1 elad 73 1.1 elad sysctl_createv(clog, 0, NULL, &rnode, 74 1.1 elad CTLFLAG_PERMANENT, 75 1.1 elad CTLTYPE_NODE, "security", NULL, 76 1.1 elad NULL, 0, NULL, 0, 77 1.1 elad CTL_SECURITY, CTL_EOL); 78 1.1 elad 79 1.1 elad sysctl_createv(clog, 0, &rnode, &rnode, 80 1.1 elad CTLFLAG_PERMANENT, 81 1.1 elad CTLTYPE_NODE, "models", NULL, 82 1.1 elad NULL, 0, NULL, 0, 83 1.1 elad CTL_CREATE, CTL_EOL); 84 1.1 elad 85 1.1 elad sysctl_createv(clog, 0, &rnode, &rnode, 86 1.1 elad CTLFLAG_PERMANENT, 87 1.1 elad CTLTYPE_NODE, "suser", NULL, 88 1.1 elad NULL, 0, NULL, 0, 89 1.1 elad CTL_CREATE, CTL_EOL); 90 1.1 elad 91 1.1 elad sysctl_createv(clog, 0, &rnode, NULL, 92 1.1 elad CTLFLAG_PERMANENT, 93 1.1 elad CTLTYPE_STRING, "name", NULL, 94 1.1 elad NULL, 0, __UNCONST("Traditional NetBSD: Superuser"), 0, 95 1.1 elad CTL_CREATE, CTL_EOL); 96 1.1 elad 97 1.1 elad sysctl_createv(clog, 0, &rnode, NULL, 98 1.1 elad CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 99 1.1 elad CTLTYPE_INT, "curtain", 100 1.1 elad SYSCTL_DESCR("Curtain information about objects to "\ 101 1.1 elad "users not owning them."), 102 1.21 elad NULL, 0, &secmodel_suser_curtain, 0, 103 1.1 elad CTL_CREATE, CTL_EOL); 104 1.1 elad 105 1.1 elad sysctl_createv(clog, 0, &rnode, NULL, 106 1.1 elad CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 107 1.1 elad CTLTYPE_INT, "usermount", 108 1.1 elad SYSCTL_DESCR("Whether unprivileged users may mount " 109 1.1 elad "filesystems"), 110 1.1 elad NULL, 0, &dovfsusermount, 0, 111 1.1 elad CTL_CREATE, CTL_EOL); 112 1.1 elad 113 1.1 elad /* Compatibility: security.curtain */ 114 1.1 elad sysctl_createv(clog, 0, NULL, &rnode, 115 1.1 elad CTLFLAG_PERMANENT, 116 1.1 elad CTLTYPE_NODE, "security", NULL, 117 1.1 elad NULL, 0, NULL, 0, 118 1.1 elad CTL_SECURITY, CTL_EOL); 119 1.1 elad 120 1.1 elad sysctl_createv(clog, 0, &rnode, NULL, 121 1.1 elad CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 122 1.1 elad CTLTYPE_INT, "curtain", 123 1.1 elad SYSCTL_DESCR("Curtain information about objects to "\ 124 1.1 elad "users not owning them."), 125 1.21 elad NULL, 0, &secmodel_suser_curtain, 0, 126 1.1 elad CTL_CREATE, CTL_EOL); 127 1.1 elad 128 1.1 elad /* Compatibility: vfs.generic.usermount */ 129 1.1 elad sysctl_createv(clog, 0, NULL, NULL, 130 1.1 elad CTLFLAG_PERMANENT, 131 1.1 elad CTLTYPE_NODE, "vfs", NULL, 132 1.1 elad NULL, 0, NULL, 0, 133 1.1 elad CTL_VFS, CTL_EOL); 134 1.1 elad 135 1.1 elad sysctl_createv(clog, 0, NULL, NULL, 136 1.1 elad CTLFLAG_PERMANENT, 137 1.1 elad CTLTYPE_NODE, "generic", 138 1.1 elad SYSCTL_DESCR("Non-specific vfs related information"), 139 1.1 elad NULL, 0, NULL, 0, 140 1.1 elad CTL_VFS, VFS_GENERIC, CTL_EOL); 141 1.1 elad 142 1.1 elad sysctl_createv(clog, 0, NULL, NULL, 143 1.1 elad CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 144 1.1 elad CTLTYPE_INT, "usermount", 145 1.1 elad SYSCTL_DESCR("Whether unprivileged users may mount " 146 1.1 elad "filesystems"), 147 1.1 elad NULL, 0, &dovfsusermount, 0, 148 1.1 elad CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL); 149 1.1 elad } 150 1.1 elad 151 1.1 elad void 152 1.1 elad secmodel_suser_init(void) 153 1.1 elad { 154 1.21 elad secmodel_suser_curtain = 0; 155 1.1 elad dovfsusermount = 0; 156 1.1 elad } 157 1.1 elad 158 1.1 elad void 159 1.1 elad secmodel_suser_start(void) 160 1.1 elad { 161 1.1 elad l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, 162 1.1 elad secmodel_suser_generic_cb, NULL); 163 1.1 elad l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 164 1.1 elad secmodel_suser_system_cb, NULL); 165 1.1 elad l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 166 1.1 elad secmodel_suser_process_cb, NULL); 167 1.1 elad l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 168 1.1 elad secmodel_suser_network_cb, NULL); 169 1.1 elad l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 170 1.1 elad secmodel_suser_machdep_cb, NULL); 171 1.1 elad l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 172 1.1 elad secmodel_suser_device_cb, NULL); 173 1.1 elad l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, 174 1.1 elad secmodel_suser_vnode_cb, NULL); 175 1.1 elad } 176 1.1 elad 177 1.1 elad void 178 1.1 elad secmodel_suser_stop(void) 179 1.1 elad { 180 1.1 elad kauth_unlisten_scope(l_generic); 181 1.1 elad kauth_unlisten_scope(l_system); 182 1.1 elad kauth_unlisten_scope(l_process); 183 1.1 elad kauth_unlisten_scope(l_network); 184 1.1 elad kauth_unlisten_scope(l_machdep); 185 1.1 elad kauth_unlisten_scope(l_device); 186 1.1 elad kauth_unlisten_scope(l_vnode); 187 1.1 elad } 188 1.1 elad 189 1.1 elad static int 190 1.1 elad suser_modcmd(modcmd_t cmd, void *arg) 191 1.1 elad { 192 1.1 elad int error = 0; 193 1.1 elad 194 1.1 elad switch (cmd) { 195 1.1 elad case MODULE_CMD_INIT: 196 1.1 elad secmodel_suser_init(); 197 1.1 elad secmodel_suser_start(); 198 1.1 elad sysctl_security_suser_setup(&suser_sysctl_log); 199 1.1 elad break; 200 1.1 elad 201 1.1 elad case MODULE_CMD_FINI: 202 1.1 elad sysctl_teardown(&suser_sysctl_log); 203 1.1 elad secmodel_suser_stop(); 204 1.1 elad break; 205 1.1 elad 206 1.1 elad case MODULE_CMD_AUTOUNLOAD: 207 1.1 elad error = EPERM; 208 1.1 elad break; 209 1.1 elad 210 1.1 elad default: 211 1.1 elad error = ENOTTY; 212 1.1 elad break; 213 1.1 elad } 214 1.1 elad 215 1.1 elad return (error); 216 1.1 elad } 217 1.1 elad 218 1.1 elad /* 219 1.1 elad * kauth(9) listener 220 1.1 elad * 221 1.1 elad * Security model: Traditional NetBSD 222 1.1 elad * Scope: Generic 223 1.1 elad * Responsibility: Superuser access 224 1.1 elad */ 225 1.1 elad int 226 1.1 elad secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action, 227 1.9 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 228 1.1 elad { 229 1.1 elad bool isroot; 230 1.1 elad int result; 231 1.1 elad 232 1.1 elad isroot = (kauth_cred_geteuid(cred) == 0); 233 1.1 elad result = KAUTH_RESULT_DEFER; 234 1.1 elad 235 1.1 elad switch (action) { 236 1.1 elad case KAUTH_GENERIC_ISSUSER: 237 1.1 elad if (isroot) 238 1.1 elad result = KAUTH_RESULT_ALLOW; 239 1.1 elad break; 240 1.1 elad 241 1.1 elad case KAUTH_GENERIC_CANSEE: 242 1.21 elad if (!secmodel_suser_curtain) 243 1.1 elad result = KAUTH_RESULT_ALLOW; 244 1.1 elad else if (isroot || kauth_cred_uidmatch(cred, arg0)) 245 1.1 elad result = KAUTH_RESULT_ALLOW; 246 1.1 elad 247 1.1 elad break; 248 1.1 elad 249 1.1 elad default: 250 1.1 elad break; 251 1.1 elad } 252 1.1 elad 253 1.1 elad return (result); 254 1.1 elad } 255 1.1 elad 256 1.1 elad /* 257 1.1 elad * kauth(9) listener 258 1.1 elad * 259 1.1 elad * Security model: Traditional NetBSD 260 1.1 elad * Scope: System 261 1.1 elad * Responsibility: Superuser access 262 1.1 elad */ 263 1.1 elad int 264 1.1 elad secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action, 265 1.9 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 266 1.1 elad { 267 1.1 elad bool isroot; 268 1.1 elad int result; 269 1.1 elad enum kauth_system_req req; 270 1.1 elad 271 1.1 elad isroot = (kauth_cred_geteuid(cred) == 0); 272 1.1 elad result = KAUTH_RESULT_DEFER; 273 1.1 elad req = (enum kauth_system_req)arg0; 274 1.1 elad 275 1.1 elad switch (action) { 276 1.1 elad case KAUTH_SYSTEM_CPU: 277 1.1 elad switch (req) { 278 1.1 elad case KAUTH_REQ_SYSTEM_CPU_SETSTATE: 279 1.1 elad if (isroot) 280 1.1 elad result = KAUTH_RESULT_ALLOW; 281 1.1 elad 282 1.1 elad break; 283 1.1 elad 284 1.1 elad default: 285 1.1 elad break; 286 1.1 elad } 287 1.1 elad 288 1.1 elad break; 289 1.1 elad 290 1.1 elad case KAUTH_SYSTEM_FS_QUOTA: 291 1.1 elad switch (req) { 292 1.1 elad case KAUTH_REQ_SYSTEM_FS_QUOTA_GET: 293 1.1 elad case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF: 294 1.1 elad case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE: 295 1.1 elad case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT: 296 1.1 elad if (isroot) 297 1.1 elad result = KAUTH_RESULT_ALLOW; 298 1.1 elad break; 299 1.1 elad 300 1.1 elad default: 301 1.1 elad break; 302 1.1 elad } 303 1.1 elad 304 1.1 elad break; 305 1.1 elad 306 1.1 elad case KAUTH_SYSTEM_FS_RESERVEDSPACE: 307 1.1 elad if (isroot) 308 1.1 elad result = KAUTH_RESULT_ALLOW; 309 1.1 elad break; 310 1.1 elad 311 1.1 elad case KAUTH_SYSTEM_MOUNT: 312 1.1 elad switch (req) { 313 1.1 elad case KAUTH_REQ_SYSTEM_MOUNT_GET: 314 1.1 elad result = KAUTH_RESULT_ALLOW; 315 1.1 elad break; 316 1.1 elad 317 1.1 elad case KAUTH_REQ_SYSTEM_MOUNT_NEW: 318 1.1 elad if (isroot) 319 1.1 elad result = KAUTH_RESULT_ALLOW; 320 1.1 elad else if (dovfsusermount) { 321 1.1 elad struct vnode *vp = arg1; 322 1.1 elad u_long flags = (u_long)arg2; 323 1.1 elad 324 1.1 elad if (!(flags & MNT_NODEV) || 325 1.1 elad !(flags & MNT_NOSUID)) 326 1.1 elad break; 327 1.1 elad 328 1.1 elad if ((vp->v_mount->mnt_flag & MNT_NOEXEC) && 329 1.1 elad !(flags & MNT_NOEXEC)) 330 1.1 elad break; 331 1.1 elad 332 1.1 elad result = KAUTH_RESULT_ALLOW; 333 1.1 elad } 334 1.1 elad 335 1.1 elad break; 336 1.1 elad 337 1.1 elad case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 338 1.1 elad if (isroot) 339 1.1 elad result = KAUTH_RESULT_ALLOW; 340 1.1 elad else { 341 1.1 elad struct mount *mp = arg1; 342 1.1 elad 343 1.1 elad if (mp->mnt_stat.f_owner == 344 1.1 elad kauth_cred_geteuid(cred)) 345 1.1 elad result = KAUTH_RESULT_ALLOW; 346 1.1 elad } 347 1.1 elad 348 1.1 elad break; 349 1.1 elad 350 1.1 elad case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 351 1.1 elad if (isroot) 352 1.1 elad result = KAUTH_RESULT_ALLOW; 353 1.1 elad else if (dovfsusermount) { 354 1.1 elad struct mount *mp = arg1; 355 1.1 elad u_long flags = (u_long)arg2; 356 1.1 elad 357 1.1 elad /* No exporting for non-root. */ 358 1.1 elad if (flags & MNT_EXPORTED) 359 1.1 elad break; 360 1.1 elad 361 1.1 elad if (!(flags & MNT_NODEV) || 362 1.1 elad !(flags & MNT_NOSUID)) 363 1.1 elad break; 364 1.1 elad 365 1.1 elad /* 366 1.1 elad * Only super-user, or user that did the mount, 367 1.1 elad * can update. 368 1.1 elad */ 369 1.1 elad if (mp->mnt_stat.f_owner != 370 1.1 elad kauth_cred_geteuid(cred)) 371 1.1 elad break; 372 1.1 elad 373 1.1 elad /* Retain 'noexec'. */ 374 1.1 elad if ((mp->mnt_flag & MNT_NOEXEC) && 375 1.1 elad !(flags & MNT_NOEXEC)) 376 1.1 elad break; 377 1.1 elad 378 1.1 elad result = KAUTH_RESULT_ALLOW; 379 1.1 elad } 380 1.1 elad 381 1.1 elad break; 382 1.1 elad 383 1.1 elad default: 384 1.1 elad break; 385 1.1 elad } 386 1.1 elad 387 1.1 elad break; 388 1.1 elad 389 1.3 elad case KAUTH_SYSTEM_PSET: 390 1.1 elad switch (req) { 391 1.1 elad case KAUTH_REQ_SYSTEM_PSET_ASSIGN: 392 1.1 elad case KAUTH_REQ_SYSTEM_PSET_BIND: 393 1.1 elad case KAUTH_REQ_SYSTEM_PSET_CREATE: 394 1.1 elad case KAUTH_REQ_SYSTEM_PSET_DESTROY: 395 1.1 elad if (isroot) 396 1.1 elad result = KAUTH_RESULT_ALLOW; 397 1.1 elad 398 1.1 elad break; 399 1.1 elad 400 1.1 elad default: 401 1.1 elad break; 402 1.1 elad } 403 1.1 elad 404 1.1 elad break; 405 1.1 elad 406 1.1 elad case KAUTH_SYSTEM_TIME: 407 1.1 elad switch (req) { 408 1.1 elad case KAUTH_REQ_SYSTEM_TIME_ADJTIME: 409 1.1 elad case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: 410 1.1 elad case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS: 411 1.22 elad case KAUTH_REQ_SYSTEM_TIME_SYSTEM: 412 1.1 elad case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 413 1.1 elad if (isroot) 414 1.1 elad result = KAUTH_RESULT_ALLOW; 415 1.1 elad break; 416 1.1 elad 417 1.1 elad default: 418 1.1 elad break; 419 1.1 elad } 420 1.1 elad break; 421 1.1 elad 422 1.1 elad case KAUTH_SYSTEM_SYSCTL: 423 1.1 elad switch (req) { 424 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 425 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 426 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 427 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY: 428 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_PRVT: 429 1.1 elad if (isroot) 430 1.1 elad result = KAUTH_RESULT_ALLOW; 431 1.1 elad break; 432 1.1 elad 433 1.1 elad default: 434 1.1 elad break; 435 1.1 elad } 436 1.1 elad 437 1.1 elad break; 438 1.1 elad 439 1.1 elad case KAUTH_SYSTEM_SWAPCTL: 440 1.1 elad case KAUTH_SYSTEM_ACCOUNTING: 441 1.1 elad case KAUTH_SYSTEM_REBOOT: 442 1.1 elad case KAUTH_SYSTEM_CHROOT: 443 1.1 elad case KAUTH_SYSTEM_FILEHANDLE: 444 1.1 elad case KAUTH_SYSTEM_MKNOD: 445 1.23 elad case KAUTH_SYSTEM_SETIDCORE: 446 1.23 elad case KAUTH_SYSTEM_MODULE: 447 1.1 elad if (isroot) 448 1.1 elad result = KAUTH_RESULT_ALLOW; 449 1.1 elad break; 450 1.1 elad 451 1.1 elad case KAUTH_SYSTEM_CHSYSFLAGS: 452 1.1 elad /* 453 1.1 elad * Needs to be checked in conjunction with the immutable and 454 1.1 elad * append-only flags (usually). Should be handled differently. 455 1.1 elad * Infects ufs, ext2fs, tmpfs, and rump. 456 1.1 elad */ 457 1.1 elad if (isroot) 458 1.1 elad result = KAUTH_RESULT_ALLOW; 459 1.1 elad 460 1.1 elad break; 461 1.1 elad 462 1.1 elad default: 463 1.1 elad break; 464 1.1 elad } 465 1.1 elad 466 1.1 elad return (result); 467 1.1 elad } 468 1.1 elad 469 1.1 elad /* 470 1.1 elad * kauth(9) listener 471 1.1 elad * 472 1.1 elad * Security model: Traditional NetBSD 473 1.1 elad * Scope: Process 474 1.1 elad * Responsibility: Superuser access 475 1.1 elad */ 476 1.1 elad int 477 1.1 elad secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action, 478 1.1 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 479 1.1 elad { 480 1.1 elad struct proc *p; 481 1.1 elad bool isroot; 482 1.1 elad int result; 483 1.1 elad 484 1.1 elad isroot = (kauth_cred_geteuid(cred) == 0); 485 1.1 elad result = KAUTH_RESULT_DEFER; 486 1.1 elad p = arg0; 487 1.1 elad 488 1.1 elad switch (action) { 489 1.12 elad case KAUTH_PROCESS_SIGNAL: 490 1.23 elad case KAUTH_PROCESS_KTRACE: 491 1.23 elad case KAUTH_PROCESS_PROCFS: 492 1.23 elad case KAUTH_PROCESS_PTRACE: 493 1.23 elad case KAUTH_PROCESS_SCHEDULER_GETPARAM: 494 1.23 elad case KAUTH_PROCESS_SCHEDULER_SETPARAM: 495 1.23 elad case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 496 1.23 elad case KAUTH_PROCESS_SETID: 497 1.23 elad case KAUTH_PROCESS_KEVENT_FILTER: 498 1.23 elad case KAUTH_PROCESS_NICE: 499 1.25 elad case KAUTH_PROCESS_FORK: 500 1.25 elad case KAUTH_PROCESS_CORENAME: 501 1.25 elad case KAUTH_PROCESS_STOPFLAG: 502 1.12 elad if (isroot) 503 1.12 elad result = KAUTH_RESULT_ALLOW; 504 1.1 elad 505 1.1 elad break; 506 1.1 elad 507 1.1 elad case KAUTH_PROCESS_CANSEE: { 508 1.1 elad unsigned long req; 509 1.1 elad 510 1.1 elad req = (unsigned long)arg1; 511 1.1 elad 512 1.1 elad switch (req) { 513 1.1 elad case KAUTH_REQ_PROCESS_CANSEE_ARGS: 514 1.1 elad case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 515 1.1 elad case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 516 1.25 elad if (isroot) { 517 1.1 elad result = KAUTH_RESULT_ALLOW; 518 1.25 elad break; 519 1.25 elad } 520 1.25 elad 521 1.25 elad if (secmodel_suser_curtain) { 522 1.25 elad if (kauth_cred_uidmatch(cred, p->p_cred) != 0) 523 1.25 elad result = KAUTH_RESULT_DENY; 524 1.25 elad } 525 1.25 elad 526 1.1 elad break; 527 1.1 elad 528 1.1 elad case KAUTH_REQ_PROCESS_CANSEE_ENV: 529 1.25 elad if (isroot) 530 1.1 elad result = KAUTH_RESULT_ALLOW; 531 1.1 elad 532 1.1 elad break; 533 1.1 elad 534 1.1 elad default: 535 1.1 elad break; 536 1.1 elad } 537 1.1 elad 538 1.1 elad break; 539 1.1 elad } 540 1.1 elad 541 1.1 elad case KAUTH_PROCESS_RLIMIT: { 542 1.6 elad enum kauth_process_req req; 543 1.1 elad 544 1.6 elad req = (enum kauth_process_req)(unsigned long)arg1; 545 1.1 elad 546 1.1 elad switch (req) { 547 1.6 elad case KAUTH_REQ_PROCESS_RLIMIT_SET: 548 1.6 elad case KAUTH_REQ_PROCESS_RLIMIT_GET: 549 1.6 elad if (isroot) 550 1.1 elad result = KAUTH_RESULT_ALLOW; 551 1.1 elad 552 1.1 elad break; 553 1.1 elad 554 1.1 elad default: 555 1.1 elad break; 556 1.1 elad } 557 1.1 elad 558 1.1 elad break; 559 1.1 elad } 560 1.1 elad 561 1.1 elad default: 562 1.1 elad break; 563 1.1 elad } 564 1.1 elad 565 1.1 elad return (result); 566 1.1 elad } 567 1.1 elad 568 1.1 elad /* 569 1.1 elad * kauth(9) listener 570 1.1 elad * 571 1.1 elad * Security model: Traditional NetBSD 572 1.1 elad * Scope: Network 573 1.1 elad * Responsibility: Superuser access 574 1.1 elad */ 575 1.1 elad int 576 1.1 elad secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action, 577 1.9 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 578 1.1 elad { 579 1.1 elad bool isroot; 580 1.1 elad int result; 581 1.1 elad enum kauth_network_req req; 582 1.1 elad 583 1.1 elad isroot = (kauth_cred_geteuid(cred) == 0); 584 1.1 elad result = KAUTH_RESULT_DEFER; 585 1.1 elad req = (enum kauth_network_req)arg0; 586 1.1 elad 587 1.1 elad switch (action) { 588 1.1 elad case KAUTH_NETWORK_ALTQ: 589 1.1 elad switch (req) { 590 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_AFMAP: 591 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_BLUE: 592 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_CBQ: 593 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_CDNR: 594 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_CONF: 595 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: 596 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_HFSC: 597 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_JOBS: 598 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_PRIQ: 599 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_RED: 600 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_RIO: 601 1.1 elad case KAUTH_REQ_NETWORK_ALTQ_WFQ: 602 1.1 elad if (isroot) 603 1.1 elad result = KAUTH_RESULT_ALLOW; 604 1.1 elad break; 605 1.1 elad 606 1.1 elad default: 607 1.1 elad break; 608 1.1 elad } 609 1.1 elad 610 1.1 elad break; 611 1.1 elad 612 1.1 elad case KAUTH_NETWORK_BIND: 613 1.1 elad switch (req) { 614 1.1 elad case KAUTH_REQ_NETWORK_BIND_PRIVPORT: 615 1.1 elad if (isroot) 616 1.1 elad result = KAUTH_RESULT_ALLOW; 617 1.1 elad break; 618 1.1 elad 619 1.1 elad default: 620 1.1 elad break; 621 1.1 elad } 622 1.1 elad break; 623 1.1 elad 624 1.1 elad case KAUTH_NETWORK_FORWSRCRT: 625 1.23 elad case KAUTH_NETWORK_ROUTE: 626 1.1 elad if (isroot) 627 1.1 elad result = KAUTH_RESULT_ALLOW; 628 1.1 elad 629 1.1 elad break; 630 1.1 elad 631 1.1 elad case KAUTH_NETWORK_INTERFACE: 632 1.1 elad switch (req) { 633 1.1 elad case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV: 634 1.1 elad case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV: 635 1.1 elad if (isroot) 636 1.1 elad result = KAUTH_RESULT_ALLOW; 637 1.1 elad break; 638 1.1 elad 639 1.1 elad default: 640 1.1 elad break; 641 1.1 elad } 642 1.1 elad break; 643 1.1 elad 644 1.1 elad case KAUTH_NETWORK_INTERFACE_PPP: 645 1.1 elad switch (req) { 646 1.1 elad case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD: 647 1.1 elad if (isroot) 648 1.1 elad result = KAUTH_RESULT_ALLOW; 649 1.1 elad break; 650 1.1 elad 651 1.1 elad default: 652 1.1 elad break; 653 1.1 elad } 654 1.1 elad 655 1.1 elad break; 656 1.1 elad 657 1.1 elad case KAUTH_NETWORK_INTERFACE_SLIP: 658 1.1 elad switch (req) { 659 1.1 elad case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD: 660 1.1 elad if (isroot) 661 1.1 elad result = KAUTH_RESULT_ALLOW; 662 1.1 elad break; 663 1.1 elad 664 1.1 elad default: 665 1.1 elad break; 666 1.1 elad } 667 1.1 elad 668 1.1 elad break; 669 1.1 elad 670 1.1 elad case KAUTH_NETWORK_INTERFACE_STRIP: 671 1.1 elad switch (req) { 672 1.1 elad case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD: 673 1.1 elad if (isroot) 674 1.1 elad result = KAUTH_RESULT_ALLOW; 675 1.1 elad break; 676 1.1 elad 677 1.1 elad default: 678 1.1 elad break; 679 1.1 elad } 680 1.1 elad 681 1.1 elad break; 682 1.1 elad 683 1.1 elad case KAUTH_NETWORK_INTERFACE_TUN: 684 1.1 elad switch (req) { 685 1.1 elad case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD: 686 1.1 elad if (isroot) 687 1.1 elad result = KAUTH_RESULT_ALLOW; 688 1.1 elad break; 689 1.1 elad 690 1.1 elad default: 691 1.1 elad break; 692 1.1 elad } 693 1.1 elad 694 1.1 elad break; 695 1.1 elad 696 1.1 elad case KAUTH_NETWORK_NFS: 697 1.1 elad switch (req) { 698 1.1 elad case KAUTH_REQ_NETWORK_NFS_EXPORT: 699 1.1 elad case KAUTH_REQ_NETWORK_NFS_SVC: 700 1.1 elad if (isroot) 701 1.1 elad result = KAUTH_RESULT_ALLOW; 702 1.1 elad 703 1.1 elad break; 704 1.1 elad 705 1.1 elad default: 706 1.1 elad break; 707 1.1 elad } 708 1.1 elad break; 709 1.1 elad 710 1.1 elad case KAUTH_NETWORK_SOCKET: 711 1.1 elad switch (req) { 712 1.1 elad case KAUTH_REQ_NETWORK_SOCKET_DROP: 713 1.1 elad case KAUTH_REQ_NETWORK_SOCKET_OPEN: 714 1.1 elad case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: 715 1.13 elad case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: 716 1.1 elad if (isroot) 717 1.1 elad result = KAUTH_RESULT_ALLOW; 718 1.1 elad break; 719 1.1 elad 720 1.1 elad case KAUTH_REQ_NETWORK_SOCKET_CANSEE: 721 1.13 elad if (isroot) { 722 1.13 elad result = KAUTH_RESULT_ALLOW; 723 1.13 elad break; 724 1.13 elad } 725 1.13 elad 726 1.21 elad if (secmodel_suser_curtain) { 727 1.19 elad struct socket *so; 728 1.1 elad uid_t so_uid; 729 1.1 elad 730 1.19 elad so = (struct socket *)arg1; 731 1.19 elad so_uid = so->so_uidinfo->ui_uid; 732 1.19 elad if (kauth_cred_geteuid(cred) != so_uid) 733 1.19 elad result = KAUTH_RESULT_DENY; 734 1.19 elad } 735 1.1 elad 736 1.1 elad break; 737 1.1 elad 738 1.1 elad default: 739 1.1 elad break; 740 1.1 elad } 741 1.1 elad 742 1.1 elad break; 743 1.1 elad 744 1.1 elad 745 1.1 elad default: 746 1.1 elad break; 747 1.1 elad } 748 1.1 elad 749 1.1 elad return (result); 750 1.1 elad } 751 1.1 elad 752 1.1 elad /* 753 1.1 elad * kauth(9) listener 754 1.1 elad * 755 1.1 elad * Security model: Traditional NetBSD 756 1.1 elad * Scope: Machdep 757 1.1 elad * Responsibility: Superuser access 758 1.1 elad */ 759 1.1 elad int 760 1.1 elad secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, 761 1.9 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 762 1.1 elad { 763 1.1 elad bool isroot; 764 1.1 elad int result; 765 1.1 elad 766 1.1 elad isroot = (kauth_cred_geteuid(cred) == 0); 767 1.1 elad result = KAUTH_RESULT_DEFER; 768 1.1 elad 769 1.1 elad switch (action) { 770 1.1 elad case KAUTH_MACHDEP_IOPERM_GET: 771 1.1 elad case KAUTH_MACHDEP_LDT_GET: 772 1.1 elad case KAUTH_MACHDEP_LDT_SET: 773 1.1 elad case KAUTH_MACHDEP_MTRR_GET: 774 1.1 elad result = KAUTH_RESULT_ALLOW; 775 1.1 elad break; 776 1.1 elad 777 1.1 elad case KAUTH_MACHDEP_CACHEFLUSH: 778 1.1 elad case KAUTH_MACHDEP_IOPERM_SET: 779 1.1 elad case KAUTH_MACHDEP_IOPL: 780 1.1 elad case KAUTH_MACHDEP_MTRR_SET: 781 1.1 elad case KAUTH_MACHDEP_NVRAM: 782 1.1 elad case KAUTH_MACHDEP_UNMANAGEDMEM: 783 1.1 elad if (isroot) 784 1.1 elad result = KAUTH_RESULT_ALLOW; 785 1.1 elad break; 786 1.1 elad 787 1.1 elad default: 788 1.1 elad break; 789 1.1 elad } 790 1.1 elad 791 1.1 elad return (result); 792 1.1 elad } 793 1.1 elad 794 1.1 elad /* 795 1.1 elad * kauth(9) listener 796 1.1 elad * 797 1.1 elad * Security model: Traditional NetBSD 798 1.1 elad * Scope: Device 799 1.1 elad * Responsibility: Superuser access 800 1.1 elad */ 801 1.1 elad int 802 1.1 elad secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, 803 1.9 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 804 1.1 elad { 805 1.1 elad bool isroot; 806 1.1 elad int result; 807 1.1 elad 808 1.1 elad isroot = (kauth_cred_geteuid(cred) == 0); 809 1.1 elad result = KAUTH_RESULT_DEFER; 810 1.1 elad 811 1.1 elad switch (action) { 812 1.1 elad case KAUTH_DEVICE_BLUETOOTH_SETPRIV: 813 1.1 elad case KAUTH_DEVICE_BLUETOOTH_SEND: 814 1.1 elad case KAUTH_DEVICE_BLUETOOTH_RECV: 815 1.23 elad case KAUTH_DEVICE_TTY_OPEN: 816 1.23 elad case KAUTH_DEVICE_TTY_PRIVSET: 817 1.23 elad case KAUTH_DEVICE_TTY_STI: 818 1.23 elad case KAUTH_DEVICE_RND_ADDDATA: 819 1.23 elad case KAUTH_DEVICE_RND_GETPRIV: 820 1.23 elad case KAUTH_DEVICE_RND_SETPRIV: 821 1.1 elad if (isroot) 822 1.1 elad result = KAUTH_RESULT_ALLOW; 823 1.1 elad break; 824 1.1 elad 825 1.1 elad case KAUTH_DEVICE_BLUETOOTH_BCSP: 826 1.1 elad case KAUTH_DEVICE_BLUETOOTH_BTUART: { 827 1.1 elad enum kauth_device_req req; 828 1.1 elad 829 1.1 elad req = (enum kauth_device_req)arg0; 830 1.1 elad switch (req) { 831 1.1 elad case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD: 832 1.1 elad case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD: 833 1.1 elad if (isroot) 834 1.1 elad result = KAUTH_RESULT_ALLOW; 835 1.1 elad break; 836 1.1 elad 837 1.1 elad default: 838 1.1 elad break; 839 1.1 elad } 840 1.1 elad 841 1.1 elad break; 842 1.1 elad } 843 1.1 elad 844 1.1 elad case KAUTH_DEVICE_RAWIO_SPEC: 845 1.1 elad case KAUTH_DEVICE_RAWIO_PASSTHRU: 846 1.1 elad /* 847 1.1 elad * Decision is root-agnostic. 848 1.1 elad * 849 1.1 elad * Both requests can be issued on devices subject to their 850 1.1 elad * permission bits. 851 1.1 elad */ 852 1.1 elad result = KAUTH_RESULT_ALLOW; 853 1.1 elad break; 854 1.1 elad 855 1.1 elad case KAUTH_DEVICE_GPIO_PINSET: 856 1.1 elad /* 857 1.1 elad * root can access gpio pins, secmodel_securlevel can veto 858 1.1 elad * this decision. 859 1.1 elad */ 860 1.1 elad if (isroot) 861 1.1 elad result = KAUTH_RESULT_ALLOW; 862 1.1 elad break; 863 1.1 elad 864 1.1 elad default: 865 1.1 elad break; 866 1.1 elad } 867 1.1 elad 868 1.1 elad return (result); 869 1.1 elad } 870 1.1 elad 871 1.1 elad int 872 1.1 elad secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action, 873 1.1 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 874 1.1 elad { 875 1.1 elad bool isroot; 876 1.1 elad int result; 877 1.1 elad 878 1.1 elad isroot = (kauth_cred_geteuid(cred) == 0); 879 1.1 elad result = KAUTH_RESULT_DEFER; 880 1.1 elad 881 1.1 elad if (isroot) 882 1.1 elad result = KAUTH_RESULT_ALLOW; 883 1.1 elad 884 1.1 elad return (result); 885 1.1 elad } 886 1.1 elad 887
Indexes created Tue Oct 14 00:09:49 GMT 2025