From: David van Moolenbroek <david@minix3.org>
Date: Wed, 8 Dec 2010 14:54:08 +0000 (+0000)
Subject: RS: fix IPC privilege computation bug
X-Git-Tag: v3.2.0~723
X-Git-Url: http://zhaoyanbai.com/repos/Bv9ARM.ch10.html?a=commitdiff_plain;h=9639af49d21e62b7eaa277143427c56cb2814126;p=minix.git

RS: fix IPC privilege computation bug

Take into account the ALL and ALL_SYS cases when constructing proper
symmetrical IPC send masks. Fix system.conf accordingly, to keep
userland processes from sending to several non-interface servers and
drivers. Also fix IS's F4 formatting.
---

diff --git a/etc/system.conf b/etc/system.conf
index 8671583d8..d7a1a405b 100644
--- a/etc/system.conf
+++ b/etc/system.conf
@@ -23,7 +23,7 @@ service rs
 service ds
 {
 	uid     0;
-	ipc	ALL;		# ALL ipc targets allowed
+	ipc	ALL_SYS;	# All system ipc targets allowed
 	system	ALL;		# ALL kernel calls allowed
 	vm	BASIC;		# Only basic VM calls allowed
 	io	NONE;		# No I/O range allowed
@@ -76,7 +76,7 @@ service pm
 service sched
 {
 	uid     0;
-	ipc	ALL;		# ALL ipc targets allowed
+	ipc	ALL_SYS;	# All system ipc targets allowed
 	system	ALL;		# ALL kernel calls allowed
 	vm	BASIC;		# Only basic VM calls allowed
 	io	NONE;		# No I/O range allowed
@@ -108,7 +108,7 @@ service vfs
 service mfs
 {
 	uid     0;
-	ipc	ALL;		# ALL ipc targets allowed
+	ipc	ALL_SYS;	# All system ipc targets allowed
 	system	BASIC;		# Only basic kernel calls allowed
 	vm	BASIC;		# Only basic VM calls allowed
 	io	NONE;		# No I/O range allowed
@@ -121,7 +121,7 @@ service mfs
 
 service ext2
 {
-	ipc	ALL;		# ALL ipc targets allowed
+	ipc	ALL_SYS;	# All system ipc targets allowed
 	system	BASIC;		# Only basic kernel calls allowed
 	vm	BASIC;		# Only basic VM calls allowed
 	io	NONE;		# No I/O range allowed
@@ -135,7 +135,7 @@ service ext2
 service pfs
 {
 	uid     0;
-	ipc	ALL;		# ALL ipc targets allowed
+	ipc	ALL_SYS;	# All system ipc targets allowed
 	system	BASIC;		# Only basic kernel calls allowed
 	vm	BASIC;		# Only basic VM calls allowed
 	io	NONE;		# No I/O range allowed
@@ -149,7 +149,7 @@ service pfs
 service tty
 {
 	uid     0;
-	ipc	ALL;		# ALL ipc targets allowed
+	ipc	ALL_SYS;	# All system ipc targets allowed
 	system			# Extra kernel calls allowed:
 		KILL		# 06
 		SEGCTL		# 12
@@ -177,7 +177,7 @@ service tty
 service memory
 {
 	uid     0;
-	ipc	ALL;		# ALL ipc targets allowed
+	ipc	ALL_SYS;	# All system ipc targets allowed
 	system			# Extra kernel calls allowed:
 		SEGCTL		# 12
 		UMAP		# 14
@@ -202,7 +202,7 @@ service memory
 service log
 {
 	uid     0;
-	ipc	ALL;		# ALL ipc targets allowed
+	ipc	ALL_SYS;	# All system ipc targets allowed
 	system			# Extra kernel calls allowed:
 		SEGCTL		# 12
 		UMAP		# 14
diff --git a/servers/is/dmp_kernel.c b/servers/is/dmp_kernel.c
index a69f1161d..3b92ffde7 100644
--- a/servers/is/dmp_kernel.c
+++ b/servers/is/dmp_kernel.c
@@ -326,7 +326,8 @@ PUBLIC void privileges_dmp()
       return;
   }
 
-  printf("-nr- -id- -name-- -flags-    traps  grants -ipc_to--  -kernel calls-\n");
+  printf("-nr- -id- -name-- -flags- traps grants -ipc_to--"
+    "            -kernel calls-\n");
 
   PROCLOOP(rp, oldrp)
         r = -1;
@@ -335,7 +336,7 @@ PUBLIC void privileges_dmp()
         if (r == -1 && !isemptyp(rp)) {
 	    sp = &priv[USER_PRIV_ID];
         }
-	printf("(%02u) %-7.7s %s    %s %7d",
+	printf("(%02u) %-7.7s %s %s %6d",
 	       sp->s_id, rp->p_name,
 	       s_flags_str(sp->s_flags), s_traps_str(sp->s_trap_mask),
 		sp->s_grant_entries);
diff --git a/servers/rs/manager.c b/servers/rs/manager.c
index 110dfaea0..969969f8d 100644
--- a/servers/rs/manager.c
+++ b/servers/rs/manager.c
@@ -1957,7 +1957,7 @@ struct priv *privp;
 	struct rproc *rrp;
 	struct rprocpub *rrpub;
 	char *proc_name;
-	int priv_id;
+	int priv_id, is_ipc_all, is_ipc_all_sys;
 
 	proc_name = rp->r_pub->proc_name;
 
@@ -1965,25 +1965,45 @@ struct priv *privp;
 		if (!(rrp->r_flags & RS_IN_USE))
 			continue;
 
-		/* If an IPC target list was provided for the process being
-		 * checked here, make sure that the name of the new process
+		if (!rrp->r_ipc_list[0])
+			continue;
+
+		/* If the process being checked is set to allow IPC to all
+		 * other processes, or for all other system processes and the
+		 * target process is a system process, add a permission bit.
+		 */
+		rrpub = rrp->r_pub;
+
+		is_ipc_all = !strcmp(rrp->r_ipc_list, RSS_IPC_ALL);
+		is_ipc_all_sys = !strcmp(rrp->r_ipc_list, RSS_IPC_ALL_SYS);
+
+		if (is_ipc_all ||
+			(is_ipc_all_sys && (privp->s_flags & SYS_PROC))) {
+#if PRIV_DEBUG
+			printf("  RS: add_backward_ipc: setting sendto bit "
+				"for %d...\n", rrpub->endpoint);
+#endif
+			priv_id= rrp->r_priv.s_id;
+			set_sys_bit(privp->s_ipc_to, priv_id);
+
+			continue;
+		}
+
+		/* An IPC target list was provided for the process being
+		 * checked here. Make sure that the name of the new process
 		 * is in that process's list. There may be multiple matches.
 		 */
-		if (rrp->r_ipc_list[0]) {
-			rrpub = rrp->r_pub;
-			p = rrp->r_ipc_list;
+		p = rrp->r_ipc_list;
 
-			while ((p = get_next_name(p, name,
-				rrpub->label)) != NULL) {
-				if (!strcmp(proc_name, name)) {
+		while ((p = get_next_name(p, name, rrpub->label)) != NULL) {
+			if (!strcmp(proc_name, name)) {
 #if PRIV_DEBUG
-					printf("  RS: add_backward_ipc: setting"
-						" sendto bit for %d...\n",
-						rrpub->endpoint);
+				printf("  RS: add_backward_ipc: setting sendto"
+					" bit for %d...\n",
+					rrpub->endpoint);
 #endif
-					priv_id= rrp->r_priv.s_id;
-					set_sys_bit(privp->s_ipc_to, priv_id);
-				}
+				priv_id= rrp->r_priv.s_id;
+				set_sys_bit(privp->s_ipc_to, priv_id);
 			}
 		}
 	}