Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src/sys/kern Pull-up patch requested by Luke Mewburn.
details: https://anonhg.NetBSD.org/src/rev/2ed0be0ae780
branches: netbsd-1-4
changeset: 471304:2ed0be0ae780
user: perry <perry%NetBSD.org@localhost>
date: Thu Jul 19 13:36:19 2001 +0000
description:
Pull-up patch requested by Luke Mewburn.
Original commit message:
In check_exec(), don't bother checking P_TRACED along with
MNT_NOSUID, just check MNT_NOSUID to clear the S{U,G}ID bits
in the attributes for the vnode we're about to exec.
We now check P_TRACED right before we would actually perform
the s{u,g}id function in the exec code.
This closes a race condition between exec of a setuid binary
and ptrace(2).
diffstat:
sys/kern/exec_script.c | 11 +++++++----
sys/kern/kern_exec.c | 20 ++++++++++++++------
2 files changed, 21 insertions(+), 10 deletions(-)
diffs (81 lines):
diff -r b49bb0bcdfdd -r 2ed0be0ae780 sys/kern/exec_script.c
--- a/sys/kern/exec_script.c Wed May 30 09:46:46 2001 +0000
+++ b/sys/kern/exec_script.c Thu Jul 19 13:36:19 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: exec_script.c,v 1.20.2.1 2000/02/01 23:11:20 he Exp $ */
+/* $NetBSD: exec_script.c,v 1.20.2.2 2001/07/19 13:36:19 perry Exp $ */
/*
* Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou
@@ -146,8 +146,9 @@
check_shell:
#ifdef SETUIDSCRIPTS
/*
- * MNT_NOSUID and STRC are already taken care of by check_exec,
- * so we don't need to worry about them now or later.
+ * MNT_NOSUID has already taken care of by check_exec,
+ * so we don't need to worry about it now or later. We
+ * will need to check P_TRACED later, however.
*/
script_sbits = epp->ep_vap->va_mode & (S_ISUID | S_ISGID);
if (script_sbits != 0) {
@@ -260,7 +261,9 @@
#ifdef SETUIDSCRIPTS
/*
* set thing up so that set-id scripts will be
- * handled appropriately
+ * handled appropriately. P_TRACED will be
+ * checked later when the shell is actually
+ * exec'd.
*/
epp->ep_vap->va_mode |= script_sbits;
if (script_sbits & S_ISUID)
diff -r b49bb0bcdfdd -r 2ed0be0ae780 sys/kern/kern_exec.c
--- a/sys/kern/kern_exec.c Wed May 30 09:46:46 2001 +0000
+++ b/sys/kern/kern_exec.c Thu Jul 19 13:36:19 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_exec.c,v 1.100.2.3 2000/02/01 22:55:07 he Exp $ */
+/* $NetBSD: kern_exec.c,v 1.100.2.4 2001/07/19 13:36:19 perry Exp $ */
/*-
* Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
@@ -123,7 +123,7 @@
error = EACCES;
goto bad1;
}
- if ((vp->v_mount->mnt_flag & MNT_NOSUID) || (p->p_flag & P_TRACED))
+ if (vp->v_mount->mnt_flag & MNT_NOSUID)
epp->ep_vap->va_mode &= ~(S_ISUID | S_ISGID);
/* try to open it */
@@ -444,10 +444,19 @@
/*
* deal with set[ug]id.
- * MNT_NOEXEC and P_TRACED have already been used to disable s[ug]id.
+ * MNT_NOSUID has already been used to disable s[ug]id.
*/
- if (((attr.va_mode & S_ISUID) != 0 && p->p_ucred->cr_uid != attr.va_uid)
- || ((attr.va_mode & S_ISGID) != 0 && p->p_ucred->cr_gid != attr.va_gid)){
+ if ((p->p_flag & P_TRACED) == 0 &&
+ (((attr.va_mode & S_ISUID) != 0 &&
+ p->p_ucred->cr_uid != attr.va_uid) ||
+ ((attr.va_mode & S_ISGID) != 0 &&
+ p->p_ucred->cr_gid != attr.va_gid))) {
+ /*
+ * Mark the process as SUGID before we do
+ * anything that might block.
+ */
+ p->p_flag |= P_SUGID;
+
p->p_ucred = crcopy(cred);
#ifdef KTRACE
/*
@@ -461,7 +470,6 @@
p->p_ucred->cr_uid = attr.va_uid;
if (attr.va_mode & S_ISGID)
p->p_ucred->cr_gid = attr.va_gid;
- p->p_flag |= P_SUGID;
} else
p->p_flag &= ~P_SUGID;
p->p_cred->p_svuid = p->p_ucred->cr_uid;
Home |
Main Index |
Thread Index |
Old Index