From ebec7389d6965d2ac1d940cf59f03fa5c3c3ca6e Mon Sep 17 00:00:00 2001 From: Thomas Bushnell Date: Tue, 16 Sep 1997 19:18:27 +0000 Subject: Tue Sep 16 14:37:51 1997 Thomas Bushnell, n/BSG * priv.h (nosuid, noexec): New variables. * init-init.c (nosuid, noexec): New variables, initialized to zero. * file-exec.c (diskfs_S_file_exec): If noexec is on, then prohibit all execution with EACCES. If nosuid is on, then prohibit setuid or setgid execution by silently omitting the uid substitution. * opts-std-startup.c (parse_startup_opt): Implement --no-suid and --no-exec. * opts-common.c (diskfs_common_options): Add --no-suid and --no-exec. * opts-std-runtime.c (struct parse_hook): Add nosuid and noexec. (parse_opt) [cases 'S', 'E', OPT_SUID_OK, OPT_EXEC_OK] Understand --no-suid, --no-exec, --suid-ok, and --exec-ok. (parse_opt) [case ARGP_KEY_INIT]: Initialize H->nosuid and H->noexec. (OPT_SUID_OK, OPT_EXEC_OK): New macros. (std_runtime_options): Add --suid-ok and --exec-ok. (set_opts): Set nosuid and noexec from H->nosuid and H->noexec. * opts-common.c (diskfs_common_options): Rename --nosync to --no-sync; leave --nosync as an alias. --- libdiskfs/ChangeLog | 23 +++++++++++++++++++++++ libdiskfs/file-exec.c | 5 ++++- libdiskfs/init-init.c | 4 +++- libdiskfs/opts-common.c | 7 +++++-- libdiskfs/opts-std-runtime.c | 18 +++++++++++++++++- libdiskfs/opts-std-startup.c | 7 ++++++- libdiskfs/priv.h | 3 +++ 7 files changed, 61 insertions(+), 6 deletions(-) diff --git a/libdiskfs/ChangeLog b/libdiskfs/ChangeLog index 1fbe0636..ce951baf 100644 --- a/libdiskfs/ChangeLog +++ b/libdiskfs/ChangeLog @@ -1,3 +1,26 @@ +Tue Sep 16 14:37:51 1997 Thomas Bushnell, n/BSG + + * priv.h (nosuid, noexec): New variables. + * init-init.c (nosuid, noexec): New variables, initialized to zero. + * file-exec.c (diskfs_S_file_exec): If noexec is on, then prohibit + all execution with EACCES. If nosuid is on, then prohibit setuid + or setgid execution by silently omitting the uid substitution. + * opts-std-startup.c (parse_startup_opt): Implement --no-suid and + --no-exec. + * opts-common.c (diskfs_common_options): Add --no-suid and + --no-exec. + * opts-std-runtime.c (struct parse_hook): Add nosuid and noexec. + (parse_opt) [cases 'S', 'E', OPT_SUID_OK, OPT_EXEC_OK] Understand + --no-suid, --no-exec, --suid-ok, and --exec-ok. + (parse_opt) [case ARGP_KEY_INIT]: Initialize H->nosuid and + H->noexec. + (OPT_SUID_OK, OPT_EXEC_OK): New macros. + (std_runtime_options): Add --suid-ok and --exec-ok. + (set_opts): Set nosuid and noexec from H->nosuid and H->noexec. + + * opts-common.c (diskfs_common_options): Rename --nosync to + --no-sync; leave --nosync as an alias. + Wed Aug 20 14:03:41 1997 Thomas Bushnell, n/BSG * diskfs.h: Doc fix. diff --git a/libdiskfs/file-exec.c b/libdiskfs/file-exec.c index f332e700..1c6f6f70 100644 --- a/libdiskfs/file-exec.c +++ b/libdiskfs/file-exec.c @@ -71,6 +71,9 @@ diskfs_S_file_exec (struct protid *cred, gid = np->dn_stat.st_uid; mutex_unlock (&np->lock); + if (noexec) + return EACCES; + if ((cred->po->openstat & O_EXEC) == 0) return EBADF; @@ -83,7 +86,7 @@ diskfs_S_file_exec (struct protid *cred, suid = mode & S_ISUID; sgid = mode & S_ISGID; - if (suid || sgid) + if (!nosuid && (suid || sgid)) { int secure = 0; error_t get_file_ids (struct idvec *uids, struct idvec *gids) diff --git a/libdiskfs/init-init.c b/libdiskfs/init-init.c index 14c6f84d..b575b625 100644 --- a/libdiskfs/init-init.c +++ b/libdiskfs/init-init.c @@ -1,5 +1,5 @@ /* - Copyright (C) 1994, 1995, 1996 Free Software Foundation + Copyright (C) 1994, 1995, 1996, 1997 Free Software Foundation This file is part of the GNU Hurd. @@ -30,6 +30,8 @@ mach_port_t diskfs_auth_server_port; volatile struct mapped_time_value *diskfs_mtime; mach_port_t diskfs_fsys_identity; +int nosuid = 0, noexec = 0; + spin_lock_t diskfs_node_refcnt_lock = SPIN_LOCK_INITIALIZER; spin_lock_t _diskfs_control_lock = SPIN_LOCK_INITIALIZER; diff --git a/libdiskfs/opts-common.c b/libdiskfs/opts-common.c index 5d94f7b4..41bf1a8b 100644 --- a/libdiskfs/opts-common.c +++ b/libdiskfs/opts-common.c @@ -1,6 +1,6 @@ /* Options common to both startup and runtime - Copyright (C) 1995, 1996 Free Software Foundation, Inc. + Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc. Written by Miles Bader @@ -32,6 +32,9 @@ const struct argp_option diskfs_common_options[] = "If INTERVAL is supplied, sync all data not actually written to disk" " every INTERVAL seconds, otherwise operate in synchronous mode (the" " default is to sync every 30 seconds)"}, - {"nosync", 'n', 0, 0, "Don't automatically sync data to disk"}, + {"no-sync", 'n', 0, 0, "Don't automatically sync data to disk"}, + {"nosync", 0, 0, OPTION_ALIAS | OPTION_HIDDEN}, + {"no-suid", 'S', 0, 0, "Don't permit set-uid or set-gid execution"}, + {"no-exec", 'E', 0, 0, "Don't permit any execution of files on this filesystem"}, {0, 0} }; diff --git a/libdiskfs/opts-std-runtime.c b/libdiskfs/opts-std-runtime.c index 41df2111..9892d1a2 100644 --- a/libdiskfs/opts-std-runtime.c +++ b/libdiskfs/opts-std-runtime.c @@ -22,17 +22,22 @@ #include "priv.h" +#define SUID_OK_OPT 600 +#define EXEC_OK_OPT 601 + static const struct argp_option std_runtime_options[] = { {"update", 'u', 0, 0, "Flush any meta-data cached in core"}, {"remount", 0, 0, OPTION_HIDDEN | OPTION_ALIAS}, /* deprecated */ + {"suid-ok", OPT_SUID_OK, 0, 0, "Enable set-uid execution"}, + {"exec-ok", OPT_EXEC_OK, 0, 0, "Enable execution of files"}, {0, 0} }; struct parse_hook { - int readonly, sync, sync_interval, remount; + int readonly, sync, sync_interval, remount, nosuid, noexec; }; /* Implement the options in H, and free H. */ @@ -71,6 +76,11 @@ set_opts (struct parse_hook *h) diskfs_set_sync_interval (h->sync_interval); } + if (h->nosuid != -1) + nosuid = h->nosuid; + if (h->noexec != -1) + noexec = h->noexec; + free (h); return err; @@ -86,6 +96,10 @@ parse_opt (int opt, char *arg, struct argp_state *state) case 'r': h->readonly = 1; break; case 'w': h->readonly = 0; break; case 'u': h->remount = 1; break; + case 'S': h->nosuid = 1; break; + case 'E': h->noexec = 1; break; + case OPT_SUID_OK: h->nosuid = 0; break; + case OPT_EXEC_OK: h->noexec = 0; break; case 'n': h->sync_interval = 0; h->sync = 0; break; case 's': if (arg) @@ -97,6 +111,7 @@ parse_opt (int opt, char *arg, struct argp_state *state) h->sync = 1; break; + case ARGP_KEY_INIT: if (state->input) state->hook = state->input; /* Share hook with parent. */ @@ -109,6 +124,7 @@ parse_opt (int opt, char *arg, struct argp_state *state) h->sync = diskfs_synchronous; h->sync_interval = -1; h->remount = 0; + h->nosuid = h->noexec = -1; /* We know that we have one child, with which we share our hook. */ state->child_inputs[0] = h; diff --git a/libdiskfs/opts-std-startup.c b/libdiskfs/opts-std-startup.c index 1488fdb5..1516b84e 100644 --- a/libdiskfs/opts-std-startup.c +++ b/libdiskfs/opts-std-startup.c @@ -1,6 +1,6 @@ /* Standard startup-time command line parser - Copyright (C) 1995, 1996 Free Software Foundation, Inc. + Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc. Written by Miles Bader @@ -59,6 +59,10 @@ parse_startup_opt (int opt, char *arg, struct argp_state *state) diskfs_readonly = 1; break; case 'w': diskfs_readonly = 0; break; + case 'S': + nosuid = 1; break; + case 'E': + noexec = 1; break; case 's': if (arg == NULL) diskfs_synchronous = 1; @@ -70,6 +74,7 @@ parse_startup_opt (int opt, char *arg, struct argp_state *state) diskfs_default_sync_interval = 0; break; + /* Boot options */ case OPT_DEVICE_MASTER_PORT: _hurd_device_master = atoi (arg); break; diff --git a/libdiskfs/priv.h b/libdiskfs/priv.h index eab1ed43..bd6e5304 100644 --- a/libdiskfs/priv.h +++ b/libdiskfs/priv.h @@ -29,6 +29,9 @@ extern mach_port_t fs_control_port; /* receive right */ +/* These inhibit setuid or exec. */ +extern int nosuid, noexec; + volatile struct mapped_time_value *_diskfs_mtime; extern struct argp_option diskfs_common_options[]; -- cgit v1.2.3