diff options
| author |   deraadt <deraadt@openbsd.org> | 1997-08-31 20:42:01 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 1997-08-31 20:42:01 +0000 |
| commit | 31e15491b0ac1938de22018ee666cadb4f082315 (patch) | |
| tree | 580db7b1abf7a7be9250a8b15b6b2dcf8c63308f | |
| parent | only check for ftp bounce in tcp, duh. for nonreserved ports, do not (diff) | |
| download | wireguard-openbsd-31e15491b0ac1938de22018ee666cadb4f082315.tar.xz wireguard-openbsd-31e15491b0ac1938de22018ee666cadb4f082315.zip | |
for non-tty TIOCSPGRP/F_SETOWN/FIOSETOWN pgid setting calls, store uid
and euid as well, then deliver them using new csignal() interface
which ensures that pgid setting process is permitted to signal the
pgid process(es). Thanks to newsham@aloha.net for extensive help and
discussion.
| -rw-r--r-- | sys/kern/kern_descrip.c | 10 | ||||
| -rw-r--r-- | sys/kern/kern_sig.c | 42 | ||||
| -rw-r--r-- | sys/kern/subr_log.c | 17 | ||||
| -rw-r--r-- | sys/kern/sys_generic.c | 8 | ||||
| -rw-r--r-- | sys/kern/sys_socket.c | 5 | ||||
| -rw-r--r-- | sys/kern/uipc_socket.c | 9 | ||||
| -rw-r--r-- | sys/kern/uipc_socket2.c | 12 | ||||
| -rw-r--r-- | sys/net/bpf.c | 12 | ||||
| -rw-r--r-- | sys/net/bpfdesc.h | 4 | ||||
| -rw-r--r-- | sys/net/if_tun.c | 24 | ||||
| -rw-r--r-- | sys/sys/signalvar.h | 3 | ||||
| -rw-r--r-- | sys/sys/socketvar.h | 4 |
12 files changed, 96 insertions, 54 deletions
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 9e4b42861ab..06eb363448f 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_descrip.c,v 1.13 1997/08/21 05:17:37 deraadt Exp $ */ +/* $OpenBSD: kern_descrip.c,v 1.14 1997/08/31 20:42:15 deraadt Exp $ */ /* $NetBSD: kern_descrip.c,v 1.42 1996/03/30 22:24:38 christos Exp $ */ /* @@ -55,6 +55,7 @@ #include <sys/fcntl.h> #include <sys/malloc.h> #include <sys/syslog.h> +#include <sys/ucred.h> #include <sys/unistd.h> #include <sys/resourcevar.h> #include <sys/conf.h> @@ -251,8 +252,11 @@ sys_fcntl(p, v, retval) case F_SETOWN: if (fp->f_type == DTYPE_SOCKET) { - ((struct socket *)fp->f_data)->so_pgid = - (long)SCARG(uap, arg); + struct socket *so = (struct socket *)fp->f_data; + + so->so_pgid = (long)SCARG(uap, arg); + so->so_siguid = p->p_cred->p_ruid; + so->so_sigeuid = p->p_ucred->cr_uid; return (0); } if ((long)SCARG(uap, arg) <= 0) { diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 4aa5bd87f1d..298f3caace6 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.16 1997/02/01 21:49:41 deraadt Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.17 1997/08/31 20:42:18 deraadt Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -483,6 +483,46 @@ killpg1(cp, signum, pgid, all) return (nfound ? 0 : ESRCH); } +#define CANDELIVER(uid, euid, p) \ + (euid == 0 || \ + (uid) == (p)->p_cred->p_ruid || \ + (uid) == (p)->p_cred->p_svuid || \ + (uid) == (p)->p_ucred->cr_uid || \ + (euid) == (p)->p_cred->p_ruid || \ + (euid) == (p)->p_cred->p_svuid || \ + (euid) == (p)->p_ucred->cr_uid) + +/* + * Deliver signum to pgid, but first check uid/euid against each + * process and see if it is permitted. + */ +void +csignal(pgid, signum, uid, euid) + pid_t pgid; + int signum; + uid_t uid, euid; +{ + struct pgrp *pgrp; + struct proc *p; + + if (pgid == 0) + return; + if (pgid < 0) { + pgid = -pgid; + if ((pgrp = pgfind(pgid)) == NULL) + return; + for (p = pgrp->pg_members.lh_first; p; + p = p->p_pglist.le_next) + if (CANDELIVER(uid, euid, p)) + psignal(p, signum); + } else { + if ((p = pfind(pgid)) == NULL) + return; + if (CANDELIVER(uid, euid, p)) + psignal(p, signum); + } +} + /* * Send a signal to a process group. */ diff --git a/sys/kern/subr_log.c b/sys/kern/subr_log.c index d874fe87a3f..29cf214531e 100644 --- a/sys/kern/subr_log.c +++ b/sys/kern/subr_log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_log.c,v 1.3 1996/04/21 22:27:17 deraadt Exp $ */ +/* $OpenBSD: subr_log.c,v 1.4 1997/08/31 20:42:20 deraadt Exp $ */ /* $NetBSD: subr_log.c,v 1.11 1996/03/30 22:24:44 christos Exp $ */ /* @@ -60,6 +60,8 @@ struct logsoftc { int sc_state; /* see above for possibilities */ struct selinfo sc_selp; /* process waiting on select call */ int sc_pgid; /* process/group for async I/O */ + uid_t sc_siguid; /* uid for process that set sc_pgid */ + uid_t sc_sigeuid; /* euid for process that set sc_pgid */ } logsoftc; int log_open; /* also used in log() */ @@ -179,17 +181,12 @@ logselect(dev, rw, p) void logwakeup() { - struct proc *p; - if (!log_open) return; selwakeup(&logsoftc.sc_selp); - if (logsoftc.sc_state & LOG_ASYNC) { - if (logsoftc.sc_pgid < 0) - gsignal(-logsoftc.sc_pgid, SIGIO); - else if ((p = pfind(logsoftc.sc_pgid)) != NULL) - psignal(p, SIGIO); - } + if (logsoftc.sc_state & LOG_ASYNC) + csignal(logsoftc.sc_pgid, SIGIO, + logsoftc.sc_siguid, logsoftc.sc_sigeuid); if (logsoftc.sc_state & LOG_RDWAIT) { wakeup((caddr_t)msgbufp); logsoftc.sc_state &= ~LOG_RDWAIT; @@ -232,6 +229,8 @@ logioctl(dev, com, data, flag, p) case TIOCSPGRP: logsoftc.sc_pgid = *(int *)data; + logsoftc.sc_siguid = p->p_cred->p_ruid; + logsoftc.sc_sigeuid = p->p_ucred->cr_uid; break; case TIOCGPGRP: diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c index 68953baf9d6..ef811b417ba 100644 --- a/sys/kern/sys_generic.c +++ b/sys/kern/sys_generic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_generic.c,v 1.7 1997/01/27 23:21:13 deraadt Exp $ */ +/* $OpenBSD: sys_generic.c,v 1.8 1997/08/31 20:42:21 deraadt Exp $ */ /* $NetBSD: sys_generic.c,v 1.24 1996/03/29 00:25:32 cgd Exp $ */ /* @@ -480,7 +480,11 @@ sys_ioctl(p, v, retval) case FIOSETOWN: tmp = *(int *)data; if (fp->f_type == DTYPE_SOCKET) { - ((struct socket *)fp->f_data)->so_pgid = tmp; + struct socket *so = (struct socket *)fp->f_data; + + so->so_pgid = tmp; + so->so_siguid = p->p_cred->p_ruid; + so->so_sigeuid = p->p_ucred->cr_uid; error = 0; break; } diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c index b0a67f398ce..f25e4b5d445 100644 --- a/sys/kern/sys_socket.c +++ b/sys/kern/sys_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_socket.c,v 1.2 1997/02/24 14:19:59 niklas Exp $ */ +/* $OpenBSD: sys_socket.c,v 1.3 1997/08/31 20:42:23 deraadt Exp $ */ /* $NetBSD: sys_socket.c,v 1.13 1995/08/12 23:59:09 mycroft Exp $ */ /* @@ -39,6 +39,7 @@ #include <sys/param.h> #include <sys/systm.h> #include <sys/file.h> +#include <sys/proc.h> #include <sys/mbuf.h> #include <sys/protosw.h> #include <sys/socket.h> @@ -112,6 +113,8 @@ soo_ioctl(fp, cmd, data, p) case SIOCSPGRP: so->so_pgid = *(int *)data; + so->so_siguid = p->p_cred->p_ruid; + so->so_sigeuid = p->p_ucred->cr_uid; return (0); case SIOCGPGRP: diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 3b86c9b985c..528b81bb3e8 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_socket.c,v 1.16 1997/08/31 06:29:35 deraadt Exp $ */ +/* $OpenBSD: uipc_socket.c,v 1.17 1997/08/31 20:42:24 deraadt Exp $ */ /* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */ /* @@ -1060,11 +1060,6 @@ void sohasoutofband(so) register struct socket *so; { - struct proc *p; - - if (so->so_pgid < 0) - gsignal(-so->so_pgid, SIGURG); - else if (so->so_pgid > 0 && (p = pfind(so->so_pgid)) != 0) - psignal(p, SIGURG); + csignal(so->so_pgid, SIGURG, so->so_siguid, so->so_sigeuid); selwakeup(&so->so_rcv.sb_sel); } diff --git a/sys/kern/uipc_socket2.c b/sys/kern/uipc_socket2.c index 1641822b28a..2455a06c052 100644 --- a/sys/kern/uipc_socket2.c +++ b/sys/kern/uipc_socket2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_socket2.c,v 1.5 1997/02/21 08:45:00 deraadt Exp $ */ +/* $OpenBSD: uipc_socket2.c,v 1.6 1997/08/31 20:42:26 deraadt Exp $ */ /* $NetBSD: uipc_socket2.c,v 1.11 1996/02/04 02:17:55 christos Exp $ */ /* @@ -315,20 +315,14 @@ sowakeup(so, sb) register struct socket *so; register struct sockbuf *sb; { - struct proc *p; - selwakeup(&sb->sb_sel); sb->sb_flags &= ~SB_SEL; if (sb->sb_flags & SB_WAIT) { sb->sb_flags &= ~SB_WAIT; wakeup((caddr_t)&sb->sb_cc); } - if (so->so_state & SS_ASYNC) { - if (so->so_pgid < 0) - gsignal(-so->so_pgid, SIGIO); - else if (so->so_pgid > 0 && (p = pfind(so->so_pgid)) != 0) - psignal(p, SIGIO); - } + if (so->so_state & SS_ASYNC) + csignal(so->so_pgid, SIGIO, so->so_siguid, so->so_sigeuid); } /* diff --git a/sys/net/bpf.c b/sys/net/bpf.c index 7a447e1f6ac..a3e4f17c32a 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.9 1997/03/17 16:29:37 niklas Exp $ */ +/* $OpenBSD: bpf.c,v 1.10 1997/08/31 20:42:29 deraadt Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -522,14 +522,10 @@ static __inline void bpf_wakeup(d) register struct bpf_d *d; { - struct proc *p; - wakeup((caddr_t)d); if (d->bd_async && d->bd_sig) - if (d->bd_pgid > 0) - gsignal (d->bd_pgid, d->bd_sig); - else if ((p = pfind (-d->bd_pgid)) != NULL) - psignal (p, d->bd_sig); + csignal(d->bd_pgid, d->bd_sig, + d->bd_siguid, d->bd_sigeuid); #if BSD >= 199103 selwakeup(&d->bd_sel); @@ -822,6 +818,8 @@ bpfioctl(dev, cmd, addr, flag, p) */ case TIOCSPGRP: /* Process or group to send signals to */ d->bd_pgid = *(int *)addr; + d->bd_siguid = p->p_cred->p_ruid; + d->bd_sigeuid = p->p_ucred->cr_uid; break; case TIOCGPGRP: diff --git a/sys/net/bpfdesc.h b/sys/net/bpfdesc.h index 5bf7e55418c..bd5f50179a9 100644 --- a/sys/net/bpfdesc.h +++ b/sys/net/bpfdesc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bpfdesc.h,v 1.2 1997/02/24 13:33:56 niklas Exp $ */ +/* $OpenBSD: bpfdesc.h,v 1.3 1997/08/31 20:42:30 deraadt Exp $ */ /* $NetBSD: bpfdesc.h,v 1.11 1995/09/27 18:30:42 thorpej Exp $ */ /* @@ -77,6 +77,8 @@ struct bpf_d { int bd_async; /* non-zero if packet reception should generate signal */ int bd_sig; /* signal to send upon packet reception */ pid_t bd_pgid; /* process or group id for signal */ + uid_t bd_siguid; /* uid for process that set pgid */ + uid_t bd_sigeuid; /* euid for process that set pgid */ #if BSD < 199103 u_char bd_selcoll; /* true if selects collide */ int bd_timedout; diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c index 29d27986cca..f5e7cdff9ff 100644 --- a/sys/net/if_tun.c +++ b/sys/net/if_tun.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_tun.c,v 1.19 1997/07/29 07:18:20 deraadt Exp $ */ +/* $OpenBSD: if_tun.c,v 1.20 1997/08/31 20:42:32 deraadt Exp $ */ /* $NetBSD: if_tun.c,v 1.24 1996/05/07 02:40:48 thorpej Exp $ */ /* @@ -84,7 +84,9 @@ struct tun_softc { u_short tun_flags; /* misc flags */ struct ifnet tun_if; /* the interface */ - int tun_pgrp; /* the process group - if any */ + pid_t tun_pgid; /* the process group - if any */ + uid_t tun_siguid; /* uid for process that set tun_pgid */ + uid_t tun_sigeuid; /* euid for process that set tun_pgid */ struct selinfo tun_rsel; /* read select */ struct selinfo tun_wsel; /* write select (not used) */ }; @@ -228,7 +230,7 @@ tunclose(dev, flag, mode, p) } splx(s); } - tp->tun_pgrp = 0; + tp->tun_pgid = 0; selwakeup(&tp->tun_rsel); TUNDEBUG(("%s: closed\n", ifp->if_xname)); @@ -331,7 +333,6 @@ tun_output(ifp, m0, dst, rt) { struct tun_softc *tp = ifp->if_softc; struct tunnel_header *th; - struct proc *p; int s; TUNDEBUG(("%s: tun_output\n", ifp->if_xname)); @@ -371,12 +372,9 @@ tun_output(ifp, m0, dst, rt) tp->tun_flags &= ~TUN_RWAIT; wakeup((caddr_t)tp); } - if (tp->tun_flags & TUN_ASYNC && tp->tun_pgrp) { - if (tp->tun_pgrp > 0) - gsignal(tp->tun_pgrp, SIGIO); - else if ((p = pfind(-tp->tun_pgrp)) != NULL) - psignal(p, SIGIO); - } + if (tp->tun_flags & TUN_ASYNC && tp->tun_pgid) + csignal(tp->tun_pgid, SIGIO, + tp->tun_siguid, tp->tun_sigeuid); selwakeup(&tp->tun_rsel); return 0; } @@ -446,10 +444,12 @@ tunioctl(dev, cmd, data, flag, p) splx(s); break; case TIOCSPGRP: - tp->tun_pgrp = *(int *)data; + tp->tun_pgid = *(int *)data; + tp->tun_siguid = p->p_cred->p_ruid; + tp->tun_sigeuid = p->p_ucred->cr_uid; break; case TIOCGPGRP: - *(int *)data = tp->tun_pgrp; + *(int *)data = tp->tun_pgid; break; default: splx(s); diff --git a/sys/sys/signalvar.h b/sys/sys/signalvar.h index bf84942038a..7c60cdd5897 100644 --- a/sys/sys/signalvar.h +++ b/sys/sys/signalvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: signalvar.h,v 1.6 1997/02/01 21:49:36 deraadt Exp $ */ +/* $OpenBSD: signalvar.h,v 1.7 1997/08/31 20:42:01 deraadt Exp $ */ /* $NetBSD: signalvar.h,v 1.17 1996/04/22 01:23:31 christos Exp $ */ /* @@ -156,6 +156,7 @@ int sigprop[NSIG + 1] = { int coredump __P((struct proc *p)); void execsigs __P((struct proc *p)); void gsignal __P((int pgid, int sig)); +void csignal __P((pid_t pgid, int signum, uid_t uid, uid_t euid)); int issignal __P((struct proc *p)); void pgsignal __P((struct pgrp *pgrp, int sig, int checkctty)); void postsig __P((int sig)); diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h index f3b2d2e7f70..5e85d1928f5 100644 --- a/sys/sys/socketvar.h +++ b/sys/sys/socketvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: socketvar.h,v 1.10 1997/02/28 04:04:13 angelos Exp $ */ +/* $OpenBSD: socketvar.h,v 1.11 1997/08/31 20:42:02 deraadt Exp $ */ /* $NetBSD: socketvar.h,v 1.18 1996/02/09 18:25:38 christos Exp $ */ /*- @@ -71,6 +71,8 @@ struct socket { short so_timeo; /* connection timeout */ u_short so_error; /* error affecting connection */ pid_t so_pgid; /* pgid for signals */ + uid_t so_siguid; /* uid of process who set so_pgid */ + uid_t so_sigeuid; /* euid of process who set so_pgid */ u_long so_oobmark; /* chars to oob mark */ /* * Variables for socket buffering. |