mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-03 15:55:40 +00:00
Code Issues Releases Wiki Activity

Move all struct defs and prototypes into trace_systrace.h and mark all

Browse Source 
but systace_attach() static.
This commit is contained in:
Todd C. Miller
2004-09-30 22:27:33 +00:00
parent 33badbaeaa
commit 7edec19902
2 changed files with 69 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
mon_systrace.c
View File

@@ -50,41 +50,11 @@
static const char rcsid[] = "$Sudo$"; static const char rcsid[] = "$Sudo$";
#endif /* lint */ #endif /* lint */
struct listhead {
void *first;
};
struct childinfo {
pid_t pid;
struct passwd *pw;
struct syscallaction *action;
struct childinfo *next;
};
void check_syscall __P((int, struct str_msg_ask *,
struct systrace_answer *));
int decode_args __P((int, pid_t, struct str_msg_ask *));
int set_policy __P((int, struct childinfo *));
int systrace_open __P((void));
int systrace_read __P((int, pid_t, void *, void *, size_t));
int systrace_run __P((char *, char **, int));
int switch_emulation __P((int, struct str_message *));
ssize_t read_string __P((int, pid_t, void *, char *, size_t));
void new_child __P((pid_t, pid_t));
void rm_child __P((pid_t));
void update_child __P((pid_t, uid_t));
struct childinfo *find_child __P((pid_t));
extern struct passwd *sudo_pwdup __P((const struct passwd *, int));
extern struct passwd *sudo_getpwuid __P((uid_t));
static struct listhead children; /* list of children being traced */
static int initialized; /* set to true when we are inited */
/* /*
* Open the systrace device and return the fd or -1 on failure. * Open the systrace device and return the fd or -1 on failure.
* XXX - warn here on error or in caller? * XXX - warn here on error or in caller?
*/ */
int static int
systrace_open() systrace_open()
{ {
int serrno, fd; int serrno, fd;
@@ -113,7 +83,7 @@ bad:
return(-1); return(-1);
} }
void static void
sigusr1(signo) sigusr1(signo)
int signo; int signo;
{ {
@@ -124,7 +94,6 @@ sigusr1(signo)
* Fork a process that traces the command to be run and its descendents. * Fork a process that traces the command to be run and its descendents.
* *
* TODO: * TODO:
* note euid changes and update runas info
* set SUDO_* env variables for sub-execs * set SUDO_* env variables for sub-execs
*/ */
void void
@@ -296,7 +265,7 @@ fail:
* Push a new child to the head of the list, inheriting the struct pw * Push a new child to the head of the list, inheriting the struct pw
* of its parent. * of its parent.
*/ */
void static void
new_child(ppid, pid) new_child(ppid, pid)
pid_t ppid; pid_t ppid;
pid_t pid; pid_t pid;
@@ -327,7 +296,7 @@ new_child(ppid, pid)
children.first = entry; children.first = entry;
} }
int static int
switch_emulation(fd, msgp) switch_emulation(fd, msgp)
int fd; int fd;
struct str_message *msgp; struct str_message *msgp;
@@ -348,7 +317,7 @@ switch_emulation(fd, msgp)
/* /*
* Remove the named pid from the list. * Remove the named pid from the list.
*/ */
void static void
rm_child(pid) rm_child(pid)
pid_t pid; pid_t pid;
{ {
@@ -371,7 +340,7 @@ rm_child(pid)
/* /*
* Find a child by pid. * Find a child by pid.
*/ */
struct childinfo * static struct childinfo *
find_child(pid) find_child(pid)
pid_t pid; pid_t pid;
{ {
@@ -387,7 +356,7 @@ find_child(pid)
/* /*
* Update the uid associated with a pid. * Update the uid associated with a pid.
*/ */
void static void
update_child(pid, uid) update_child(pid, uid)
pid_t pid; pid_t pid;
uid_t uid; uid_t uid;
@@ -414,7 +383,7 @@ update_child(pid, uid)
/* /*
* Create a policy that intercepts execve and lets all others go free. * Create a policy that intercepts execve and lets all others go free.
*/ */
int static int
set_policy(fd, child) set_policy(fd, child)
int fd; int fd;
struct childinfo *child; struct childinfo *child;
@@ -454,7 +423,7 @@ set_policy(fd, child)
* Read from an address and store in buf. * Read from an address and store in buf.
* XXX - should deal with EBUSY from STRIOCIO * XXX - should deal with EBUSY from STRIOCIO
*/ */
int static int
systrace_read(fd, pid, addr, buf, bufsiz) systrace_read(fd, pid, addr, buf, bufsiz)
int fd; int fd;
pid_t pid; pid_t pid;
@@ -480,7 +449,7 @@ systrace_read(fd, pid, addr, buf, bufsiz)
* XXX - could pass a hint for chunksiz * XXX - could pass a hint for chunksiz
* XXX - need to indicate oflow * XXX - need to indicate oflow
*/ */
ssize_t static ssize_t
read_string(fd, pid, addr, buf, bufsiz) read_string(fd, pid, addr, buf, bufsiz)
int fd; int fd;
pid_t pid; pid_t pid;
@@ -510,7 +479,7 @@ read_string(fd, pid, addr, buf, bufsiz)
return(cp - buf); return(cp - buf);
} }
void static void
check_syscall(fd, askp, ansp) check_syscall(fd, askp, ansp)
int fd; int fd;
struct str_msg_ask *askp; struct str_msg_ask *askp;
@@ -538,7 +507,7 @@ check_syscall(fd, askp, ansp)
* Decode path and argv from systrace and fill in user_cmnd, * Decode path and argv from systrace and fill in user_cmnd,
* user_base and user_args. * user_base and user_args.
*/ */
int static int
decode_args(fd, pid, askp) decode_args(fd, pid, askp)
int fd; int fd;
pid_t pid; pid_t pid;
@@ -590,7 +559,7 @@ decode_args(fd, pid, askp)
/* /*
* Decode the args to exec and check the command in sudoers. * Decode the args to exec and check the command in sudoers.
*/ */
void static void
check_exec(fd, askp, ansp) check_exec(fd, askp, ansp)
int fd; int fd;
struct str_msg_ask *askp; struct str_msg_ask *askp;

72
mon_systrace.h
View File

@@ -14,16 +14,51 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
void check_exec __P((int, struct str_msg_ask *,
struct systrace_answer *));
struct childinfo;
extern struct passwd *sudo_pwdup __P((const struct passwd *, int));
extern struct passwd *sudo_getpwuid __P((uid_t));
static void check_exec __P((int, struct str_msg_ask *,
struct systrace_answer *));
static void check_syscall __P((int, struct str_msg_ask *,
struct systrace_answer *));
static int decode_args __P((int, pid_t, struct str_msg_ask *));
static int set_policy __P((int, struct childinfo *));
static int systrace_open __P((void));
static int systrace_read __P((int, pid_t, void *, void *, size_t));
static int switch_emulation __P((int, struct str_message *));
static ssize_t read_string __P((int, pid_t, void *, char *, size_t));
static void new_child __P((pid_t, pid_t));
static void rm_child __P((pid_t));
static void update_child __P((pid_t, uid_t));
static struct childinfo *find_child __P((pid_t));
static struct listhead children; /* list of children being traced */
static int initialized; /* set to true when we are inited */
struct listhead {
void *first;
};
struct childinfo {
pid_t pid;
struct passwd *pw;
struct syscallaction *action;
struct childinfo *next;
};
/*
* Each emulation has a list of actionable syscalls.
*/
struct syscallaction { struct syscallaction {
int code; int code;
int policy; int policy;
void (*handler) __P((int, struct str_msg_ask *, struct systrace_answer *)); void (*handler) __P((int, struct str_msg_ask *, struct systrace_answer *));
}; };
struct syscallaction syscalls_openbsd[] = { static struct syscallaction syscalls_openbsd[] = {
{ 23, SYSTR_POLICY_ASK, NULL}, /* OPENBSD_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* OPENBSD_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* OPENBSD_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* OPENBSD_SYS_execve */
{ 126, SYSTR_POLICY_ASK, NULL}, /* OPENBSD_SYS_setreuid */ { 126, SYSTR_POLICY_ASK, NULL}, /* OPENBSD_SYS_setreuid */
@@ -32,7 +67,7 @@ struct syscallaction syscalls_openbsd[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_bsdos[] = { static struct syscallaction syscalls_bsdos[] = {
{ 23, SYSTR_POLICY_ASK, NULL}, /* BSDOS_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* BSDOS_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* BSDOS_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* BSDOS_SYS_execve */
{ 126, SYSTR_POLICY_ASK, NULL}, /* BSDOS_SYS_setreuid */ { 126, SYSTR_POLICY_ASK, NULL}, /* BSDOS_SYS_setreuid */
@@ -40,7 +75,7 @@ struct syscallaction syscalls_bsdos[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_freebsd[] = { static struct syscallaction syscalls_freebsd[] = {
{ 23, SYSTR_POLICY_ASK, NULL}, /* FREEBSD_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* FREEBSD_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* FREEBSD_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* FREEBSD_SYS_execve */
{ 126, SYSTR_POLICY_ASK, NULL}, /* FREEBSD_SYS_setreuid */ { 126, SYSTR_POLICY_ASK, NULL}, /* FREEBSD_SYS_setreuid */
@@ -49,7 +84,7 @@ struct syscallaction syscalls_freebsd[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_netbsd[] = { static struct syscallaction syscalls_netbsd[] = {
{ 23, SYSTR_POLICY_ASK, NULL}, /* NETBSD_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* NETBSD_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* NETBSD_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* NETBSD_SYS_execve */
{ 126, SYSTR_POLICY_ASK, NULL}, /* NETBSD_SYS_setreuid */ { 126, SYSTR_POLICY_ASK, NULL}, /* NETBSD_SYS_setreuid */
@@ -57,7 +92,7 @@ struct syscallaction syscalls_netbsd[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_hpux[] = { static struct syscallaction syscalls_hpux[] = {
{ 11, SYSTR_POLICY_ASK, NULL}, /* HPUX_SYS_execv */ { 11, SYSTR_POLICY_ASK, NULL}, /* HPUX_SYS_execv */
{ 23, SYSTR_POLICY_ASK, NULL}, /* HPUX_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* HPUX_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* HPUX_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* HPUX_SYS_execve */
@@ -65,14 +100,14 @@ struct syscallaction syscalls_hpux[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_ibsc2[] = { static struct syscallaction syscalls_ibsc2[] = {
{ 11, SYSTR_POLICY_ASK, NULL}, /* ISCS2_SYS_execv */ { 11, SYSTR_POLICY_ASK, NULL}, /* ISCS2_SYS_execv */
{ 23, SYSTR_POLICY_ASK, NULL}, /* ISCS2_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* ISCS2_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* ISCS2_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* ISCS2_SYS_execve */
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_linux[] = { static struct syscallaction syscalls_linux[] = {
{ 11, SYSTR_POLICY_ASK, check_exec}, /* LINUX_SYS_execve */ { 11, SYSTR_POLICY_ASK, check_exec}, /* LINUX_SYS_execve */
{ 23, SYSTR_POLICY_ASK, NULL}, /* LINUX_SYS_setuid16 */ { 23, SYSTR_POLICY_ASK, NULL}, /* LINUX_SYS_setuid16 */
{ 70, SYSTR_POLICY_ASK, NULL}, /* LINUX_SYS_setreuid16 */ { 70, SYSTR_POLICY_ASK, NULL}, /* LINUX_SYS_setreuid16 */
@@ -85,14 +120,14 @@ struct syscallaction syscalls_linux[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_osf1[] = { static struct syscallaction syscalls_osf1[] = {
{ 23, SYSTR_POLICY_ASK, NULL}, /* OSF1_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* OSF1_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* OSF1_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* OSF1_SYS_execve */
{ 126, SYSTR_POLICY_ASK, NULL}, /* OSF1_SYS_setreuid */ { 126, SYSTR_POLICY_ASK, NULL}, /* OSF1_SYS_setreuid */
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_sunos[] = { static struct syscallaction syscalls_sunos[] = {
{ 11, SYSTR_POLICY_ASK, NULL}, /* SUNOS_SYS_execv */ { 11, SYSTR_POLICY_ASK, NULL}, /* SUNOS_SYS_execv */
{ 23, SYSTR_POLICY_ASK, NULL}, /* SUNOS_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* SUNOS_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* SUNOS_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* SUNOS_SYS_execve */
@@ -100,7 +135,7 @@ struct syscallaction syscalls_sunos[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_svr4[] = { static struct syscallaction syscalls_svr4[] = {
{ 11, SYSTR_POLICY_ASK, NULL}, /* SVR4_SYS_execv */ { 11, SYSTR_POLICY_ASK, NULL}, /* SVR4_SYS_execv */
{ 23, SYSTR_POLICY_ASK, NULL}, /* SVR4_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* SVR4_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* SVR4_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* SVR4_SYS_execve */
@@ -109,7 +144,7 @@ struct syscallaction syscalls_svr4[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_ultrix[] = { static struct syscallaction syscalls_ultrix[] = {
{ 11, SYSTR_POLICY_ASK, NULL}, /* ULTRIX_SYS_execv */ { 11, SYSTR_POLICY_ASK, NULL}, /* ULTRIX_SYS_execv */
{ 23, SYSTR_POLICY_ASK, NULL}, /* ULTRIX_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* ULTRIX_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* ULTRIX_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* ULTRIX_SYS_execve */
@@ -117,7 +152,7 @@ struct syscallaction syscalls_ultrix[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_irix[] = { static struct syscallaction syscalls_irix[] = {
{ 11, SYSTR_POLICY_ASK, NULL}, /* IRIX_SYS_execv */ { 11, SYSTR_POLICY_ASK, NULL}, /* IRIX_SYS_execv */
{ 23, SYSTR_POLICY_ASK, NULL}, /* IRIX_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* IRIX_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* IRIX_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* IRIX_SYS_execve */
@@ -125,7 +160,7 @@ struct syscallaction syscalls_irix[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct syscallaction syscalls_darwin[] = { static struct syscallaction syscalls_darwin[] = {
{ 23, SYSTR_POLICY_ASK, NULL}, /* DARWIN_SYS_setuid */ { 23, SYSTR_POLICY_ASK, NULL}, /* DARWIN_SYS_setuid */
{ 59, SYSTR_POLICY_ASK, check_exec}, /* DARWIN_SYS_execve */ { 59, SYSTR_POLICY_ASK, check_exec}, /* DARWIN_SYS_execve */
{ 126, SYSTR_POLICY_ASK, NULL}, /* DARWIN_SYS_setreuid */ { 126, SYSTR_POLICY_ASK, NULL}, /* DARWIN_SYS_setreuid */
@@ -133,7 +168,12 @@ struct syscallaction syscalls_darwin[] = {
{ -1, -1, NULL} { -1, -1, NULL}
}; };
struct emulation { /*
* List of emulations we support. Not all OSes support all emulations but
* they are all listed here to make things simpler.
* Attempts to run programs with unknown emulations will be rejected.
*/
static struct emulation {
const char *name; const char *name;
struct syscallaction *action; struct syscallaction *action;
} emulations[] = { } emulations[] = {