Changeset View
Standalone View
sys/kern/kern_jail.c
Show First 20 Lines • Show All 42 Lines • ▼ Show 20 Lines | |||||
#include <sys/sysproto.h> | #include <sys/sysproto.h> | ||||
#include <sys/malloc.h> | #include <sys/malloc.h> | ||||
#include <sys/osd.h> | #include <sys/osd.h> | ||||
#include <sys/priv.h> | #include <sys/priv.h> | ||||
#include <sys/proc.h> | #include <sys/proc.h> | ||||
#include <sys/taskqueue.h> | #include <sys/taskqueue.h> | ||||
#include <sys/fcntl.h> | #include <sys/fcntl.h> | ||||
#include <sys/jail.h> | #include <sys/jail.h> | ||||
#include <sys/linker.h> | |||||
#include <sys/lock.h> | #include <sys/lock.h> | ||||
#include <sys/mutex.h> | #include <sys/mutex.h> | ||||
#include <sys/racct.h> | #include <sys/racct.h> | ||||
#include <sys/rctl.h> | #include <sys/rctl.h> | ||||
#include <sys/refcount.h> | #include <sys/refcount.h> | ||||
#include <sys/sx.h> | #include <sys/sx.h> | ||||
#include <sys/sysent.h> | #include <sys/sysent.h> | ||||
#include <sys/namei.h> | #include <sys/namei.h> | ||||
#include <sys/mount.h> | #include <sys/mount.h> | ||||
#include <sys/queue.h> | #include <sys/queue.h> | ||||
#include <sys/socket.h> | #include <sys/socket.h> | ||||
#include <sys/syscallsubr.h> | #include <sys/syscallsubr.h> | ||||
#include <sys/sysctl.h> | #include <sys/sysctl.h> | ||||
#include <sys/uuid.h> | |||||
#include <sys/vnode.h> | #include <sys/vnode.h> | ||||
#include <net/if.h> | #include <net/if.h> | ||||
#include <net/vnet.h> | #include <net/vnet.h> | ||||
#include <netinet/in.h> | #include <netinet/in.h> | ||||
#ifdef DDB | #ifdef DDB | ||||
#include <ddb/ddb.h> | #include <ddb/ddb.h> | ||||
#endif /* DDB */ | #endif /* DDB */ | ||||
#include <security/mac/mac_framework.h> | #include <security/mac/mac_framework.h> | ||||
#define DEFAULT_HOSTUUID "00000000-0000-0000-0000-000000000000" | #define DEFAULT_HOSTUUID "00000000-0000-0000-0000-000000000000" | ||||
#define PRISON0_HOSTUUID_MODULE "hostuuid" | |||||
MALLOC_DEFINE(M_PRISON, "prison", "Prison structures"); | MALLOC_DEFINE(M_PRISON, "prison", "Prison structures"); | ||||
static MALLOC_DEFINE(M_PRISON_RACCT, "prison_racct", "Prison racct structures"); | static MALLOC_DEFINE(M_PRISON_RACCT, "prison_racct", "Prison racct structures"); | ||||
/* Keep struct prison prison0 and some code in kern_jail_set() readable. */ | /* Keep struct prison prison0 and some code in kern_jail_set() readable. */ | ||||
#ifdef INET | #ifdef INET | ||||
#ifdef INET6 | #ifdef INET6 | ||||
#define _PR_IP_SADDRSEL PR_IP4_SADDRSEL|PR_IP6_SADDRSEL | #define _PR_IP_SADDRSEL PR_IP4_SADDRSEL|PR_IP6_SADDRSEL | ||||
▲ Show 20 Lines • Show All 127 Lines • ▼ Show 20 Lines | |||||
/* | /* | ||||
* Initialize the parts of prison0 that can't be static-initialized with | * Initialize the parts of prison0 that can't be static-initialized with | ||||
* constants. This is called from proc0_init() after creating thread0 cpuset. | * constants. This is called from proc0_init() after creating thread0 cpuset. | ||||
*/ | */ | ||||
void | void | ||||
prison0_init(void) | prison0_init(void) | ||||
{ | { | ||||
uint8_t *file, *data; | |||||
size_t size; | |||||
prison0.pr_cpuset = cpuset_ref(thread0.td_cpuset); | prison0.pr_cpuset = cpuset_ref(thread0.td_cpuset); | ||||
prison0.pr_osreldate = osreldate; | prison0.pr_osreldate = osreldate; | ||||
strlcpy(prison0.pr_osrelease, osrelease, sizeof(prison0.pr_osrelease)); | strlcpy(prison0.pr_osrelease, osrelease, sizeof(prison0.pr_osrelease)); | ||||
/* If we have a preloaded hostuuid, use it. */ | |||||
file = preload_search_by_type(PRISON0_HOSTUUID_MODULE); | |||||
if (file != NULL) { | |||||
data = preload_fetch_addr(file); | |||||
size = preload_fetch_size(file); | |||||
if (data != NULL) { | |||||
/* | |||||
* The preloaded may include trailing whitespace, almost | |||||
* certainly a newline; skip over any whitespace or | |||||
* non-printable characters to be safe. | |||||
*/ | |||||
while (size > 0 && data[size - 1] <= 0x20) { | |||||
karels: The code and comment don't quite agree; spaces are printable. I'm also not fond of hex… | |||||
Done Inline ActionsI guess the comment could read "and spaces" instead of "including spaces" as it currently does...I'm a bit unsure of enforcing anything else, as we don't seem to enforce actual uuid formatting elsewhere kevans: I guess the comment could read "and spaces" instead of "including spaces" as it currently does.. | |||||
Not Done Inline ActionsThe kernel doesn't enforce anything on the hostuuid content, but rc.d/hostid does. Should we make those same checks here? jamie: The kernel doesn't enforce anything on the hostuuid content, but rc.d/hostid does. Should we… | |||||
Not Done Inline ActionsTo be clear, I wasn't proposing syntax checks, but just to trim trailing characters that are not hex digits or hyphens, although even the latter shouldn't be last either. karels: To be clear, I wasn't proposing syntax checks, but just to trim trailing characters that are… | |||||
delphijUnsubmitted Not Done Inline ActionsShouldn't this be size > 36? (validate_uuid already checks for the contents, so it doesn't seem that we need to check the first 36 characters.). delphij: Shouldn't this be size > 36? (validate_uuid already checks for the contents, so it doesn't seem… | |||||
kevansAuthorUnsubmitted Done Inline ActionsSize check is just to make sure that we weren't passed an entirely string once the whitespace near the end is passed; the expectation is that we'll stop at character 36 because data[size - 1] > 0x20 and we're walking it backwards. kevans: Size check is just to make sure that we weren't passed an entirely string once the whitespace… | |||||
data[size--] = '\0'; | |||||
} | |||||
if (validate_uuid(data, size, NULL) == 0) { | |||||
(void)strlcpy(prison0.pr_hostuuid, data, | |||||
size + 1); | |||||
} else if (bootverbose) { | |||||
printf("hostuuid: preload data malformed: '%s'", | |||||
data); | |||||
} | |||||
} | |||||
} | |||||
if (bootverbose) | |||||
printf("hostuuid: using %s\n", prison0.pr_hostuuid); | |||||
} | } | ||||
/* | /* | ||||
* struct jail_args { | * struct jail_args { | ||||
* struct jail *jail; | * struct jail *jail; | ||||
* }; | * }; | ||||
*/ | */ | ||||
int | int | ||||
▲ Show 20 Lines • Show All 3,982 Lines • Show Last 20 Lines |
The code and comment don't quite agree; spaces are printable. I'm also not fond of hex constants. But maybe it would make sense to check for hex digits and hyphen, and skip anything else? Otherwise 0x20 could be ' ' (a space character)? Maybe the comment should be "non-printable characters and spaces".