Branch: Tag:

1999-01-21

1999-01-21 09:15:55 by Fredrik Hübinette (Hubbe) <hubbe@hubbe.net>

security system v1.0E-100 checked in... (lots of work left to do)

Rev: src/array.c:1.43
Rev: src/array.h:1.15
Rev: src/builtin_functions.c:1.145
Rev: src/error.h:1.26
Rev: src/interpret.c:1.112
Rev: src/interpret.h:1.25
Rev: src/main.c:1.61
Rev: src/mapping.c:1.38
Rev: src/mapping.h:1.13
Rev: src/modules/files/file.c:1.133
Rev: src/modules/system/system.c:1.61
Rev: src/multiset.c:1.13
Rev: src/multiset.h:1.8
Rev: src/object.c:1.54
Rev: src/object.h:1.20
Rev: src/opcodes.c:1.35
Rev: src/otable.h:1.3(DEAD)
Rev: src/program.c:1.106
Rev: src/program.h:1.47
Rev: src/security.c:1.1
Rev: src/security.h:1.1
Rev: src/svalue.h:1.20
Rev: src/testsuite.in:1.139
Rev: src/threads.c:1.86

4:   ||| See the files COPYING and DISCLAIMER for more information.   \*/   #include "global.h" - RCSID("$Id: interpret.c,v 1.111 1998/11/22 11:02:53 hubbe Exp $"); + RCSID("$Id: interpret.c,v 1.112 1999/01/21 09:15:01 hubbe Exp $");   #include "interpret.h"   #include "object.h"   #include "program.h"
28:   #include "threads.h"   #include "callback.h"   #include "fd_control.h" + #include "security.h"      #include <fcntl.h>   #include <errno.h>
194:   #endif   }    - void check_stack(INT32 size) - { -  if(sp - evaluator_stack + size >= stack_size) -  error("Stack overflow.\n"); - } +     - void check_mark_stack(INT32 size) - { -  if(mark_sp - mark_stack + size >= stack_size) -  error("Mark stack overflow.\n"); - } +     - void check_c_stack(INT32 size) - { -  long x=((char *)&size) + STACK_DIRECTION * size - stack_top ; -  x*=STACK_DIRECTION; -  if(x>0) -  error("C stack overflow.\n"); - } -  -  +    static int eval_instruction(unsigned char *pc);      
230:      void lvalue_to_svalue_no_free(struct svalue *to,struct svalue *lval)   { + #ifdef PIKE_SECURITY +  if(lval->type <= MAX_COMPLEX) +  if(!CHECK_DATA_SECURITY(lval->u.array, SECURITY_BIT_INDEX)) +  error("Index permission denied.\n"); + #endif    switch(lval->type)    {    case T_ARRAY_LVALUE:
289:      void assign_lvalue(struct svalue *lval,struct svalue *from)   { + #ifdef PIKE_SECURITY +  if(lval->type <= MAX_COMPLEX) +  if(!CHECK_DATA_SECURITY(lval->u.array, SECURITY_BIT_SET_INDEX)) +  error("Assign index permission denied.\n"); + #endif +     switch(lval->type)    {    case T_ARRAY_LVALUE:
342:      union anything *get_pointer_if_this_type(struct svalue *lval, TYPE_T t)   { + #ifdef PIKE_SECURITY +  if(lval->type <= MAX_COMPLEX) +  if(!CHECK_DATA_SECURITY(lval->u.array, SECURITY_BIT_SET_INDEX)) +  error("Assign index permission denied.\n"); + #endif +     switch(lval->type)    {    case T_ARRAY_LVALUE:
1797:    free(s);   }    + #ifdef PIKE_SECURITY + static void restore_creds(struct object *creds) + { +  if(current_creds) free_object(current_creds); +  current_creds=creds; + }    - void mega_apply(enum apply_type type, INT32 args, void *arg1, void *arg2) + /* Magic trick */ + static +  + #else + #define mega_apply2 mega_apply + #endif +  + void mega_apply2(enum apply_type type, INT32 args, void *arg1, void *arg2)   {    struct object *o;    int fun, tailrecurse=-1;    struct svalue *save_sp=sp-args; -  +    #ifdef PROFILING   #ifdef HAVE_GETHRTIME    long long children_base = accounted_time;
1978:       function = new_frame.context.prog->identifiers + ref->identifier_offset;    + #ifdef PIKE_SECURITY +  CHECK_DATA_SECURITY_OR_ERROR(o, SECURITY_BIT_CALL, ("Function call permission denied.\n")); +  +  if(!CHECK_DATA_SECURITY(o, SECURITY_BIT_NOT_SETUID)) +  SET_CURRENT_CREDS(o->prot); + #endif +  +    #ifdef PROFILING    function->num_calls++;   #endif
2186:    }   }    + #ifdef PIKE_SECURITY + void mega_apply(enum apply_type type, INT32 args, void *arg1, void *arg2) + { +  ONERROR tmp; +  if(current_creds) +  add_ref(current_creds);    -  +  SET_ONERROR(tmp, restore_creds, current_creds); +  mega_apply2(type,args,arg1,arg2); +  CALL_AND_UNSET_ONERROR(tmp); + } + #endif +  +    /* Put catch outside of eval_instruction, so    * the setjmp won't affect the optimization of    * eval_instruction