1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Mike Karels at Berkeley Software Design, Inc. 7 * 8 * Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD --- 22 unchanged lines hidden (view full) --- 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 36 */ 37 38#include <sys/cdefs.h> |
39__FBSDID("$FreeBSD: head/sys/kern/kern_sysctl.c 224159 2011-07-17 23:05:24Z rwatson $"); |
40 |
41#include "opt_capsicum.h" |
42#include "opt_compat.h" 43#include "opt_ktrace.h" 44 45#include <sys/param.h> 46#include <sys/fail.h> 47#include <sys/systm.h> |
48#include <sys/capability.h> |
49#include <sys/kernel.h> 50#include <sys/sysctl.h> 51#include <sys/malloc.h> 52#include <sys/priv.h> 53#include <sys/proc.h> 54#include <sys/jail.h> 55#include <sys/lock.h> 56#include <sys/mutex.h> --- 665 unchanged lines hidden (view full) --- 722 lsp = lsp2; 723 } 724 error = SYSCTL_OUT(req, "", 1); 725 out: 726 SYSCTL_XUNLOCK(); 727 return (error); 728} 729 |
730/* 731 * XXXRW/JA: Shouldn't return name data for nodes that we don't permit in 732 * capability mode. 733 */ 734static SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD | CTLFLAG_CAPRD, 735 sysctl_sysctl_name, ""); |
736 737static int 738sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, int *name, u_int namelen, 739 int *next, int *len, int level, struct sysctl_oid **oidpp) 740{ 741 struct sysctl_oid *oidp; 742 743 SYSCTL_ASSERT_XLOCKED(); --- 64 unchanged lines hidden (view full) --- 808 i = sysctl_sysctl_next_ls(lsp, name, namelen, newoid, &j, 1, &oid); 809 SYSCTL_XUNLOCK(); 810 if (i) 811 return (ENOENT); 812 error = SYSCTL_OUT(req, newoid, j * sizeof (int)); 813 return (error); 814} 815 |
816/* 817 * XXXRW/JA: Shouldn't return next data for nodes that we don't permit in 818 * capability mode. 819 */ 820static SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD | CTLFLAG_CAPRD, 821 sysctl_sysctl_next, ""); |
822 823static int 824name2oid(char *name, int *oid, int *len, struct sysctl_oid **oidpp) 825{ 826 int i; 827 struct sysctl_oid *oidp; 828 struct sysctl_oid_list *lsp = &sysctl__children; 829 char *p; --- 79 unchanged lines hidden (view full) --- 909 910 if (error) 911 return (error); 912 913 error = SYSCTL_OUT(req, oid, len * sizeof *oid); 914 return (error); 915} 916 |
917/* 918 * XXXRW/JA: Shouldn't return name2oid data for nodes that we don't permit in 919 * capability mode. 920 */ |
921SYSCTL_PROC(_sysctl, 3, name2oid, |
922 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_ANYBODY | CTLFLAG_MPSAFE 923 | CTLFLAG_CAPRW, 0, 0, sysctl_sysctl_name2oid, "I", ""); |
924 925static int 926sysctl_sysctl_oidfmt(SYSCTL_HANDLER_ARGS) 927{ 928 struct sysctl_oid *oid; 929 int error; 930 931 SYSCTL_XLOCK(); --- 10 unchanged lines hidden (view full) --- 942 goto out; 943 error = SYSCTL_OUT(req, oid->oid_fmt, strlen(oid->oid_fmt) + 1); 944 out: 945 SYSCTL_XUNLOCK(); 946 return (error); 947} 948 949 |
950static SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD|CTLFLAG_MPSAFE|CTLFLAG_CAPRD, |
951 sysctl_sysctl_oidfmt, ""); 952 953static int 954sysctl_sysctl_oiddescr(SYSCTL_HANDLER_ARGS) 955{ 956 struct sysctl_oid *oid; 957 int error; 958 --- 7 unchanged lines hidden (view full) --- 966 goto out; 967 } 968 error = SYSCTL_OUT(req, oid->oid_descr, strlen(oid->oid_descr) + 1); 969 out: 970 SYSCTL_XUNLOCK(); 971 return (error); 972} 973 |
974static SYSCTL_NODE(_sysctl, 5, oiddescr, CTLFLAG_RD|CTLFLAG_CAPRD, 975 sysctl_sysctl_oiddescr, ""); |
976 977/* 978 * Default "handler" functions. 979 */ 980 981/* 982 * Handle an int, signed or unsigned. 983 * Two cases: --- 457 unchanged lines hidden (view full) --- 1441 } 1442 1443 /* Is this sysctl writable? */ 1444 if (req->newptr && !(oid->oid_kind & CTLFLAG_WR)) 1445 return (EPERM); 1446 1447 KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL")); 1448 |
1449#ifdef CAPABILITY_MODE 1450 /* 1451 * If the process is in capability mode, then don't permit reading or 1452 * writing unless specifically granted for the node. 1453 */ 1454 if (IN_CAPABILITY_MODE(req->td)) { 1455 if (req->oldptr && !(oid->oid_kind & CTLFLAG_CAPRD)) 1456 return (EPERM); 1457 if (req->newptr && !(oid->oid_kind & CTLFLAG_CAPWR)) 1458 return (EPERM); 1459 } 1460#endif 1461 |
1462 /* Is this sysctl sensitive to securelevels? */ 1463 if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) { 1464 lvl = (oid->oid_kind & CTLMASK_SECURE) >> CTLSHIFT_SECURE; 1465 error = securelevel_gt(req->td->td_ucred, lvl); 1466 if (error) 1467 return (error); 1468 } 1469 --- 199 unchanged lines hidden --- |