[src/netbsd-1-4]: src/sys/kern Pull up revisions 1.149-1.150 (via patch, requ...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-4]: src/sys/kern Pull up revisions 1.149-1.150 (via patch, requ...
From: he <he%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 05:47:42 +0000

details:   https://anonhg.NetBSD.org/src/rev/479fe2f05e75
branches:  netbsd-1-4
changeset: 471317:479fe2f05e75
user:      he <he%NetBSD.org@localhost>
date:      Mon Jan 14 15:18:47 2002 +0000

description:
Pull up revisions 1.149-1.150 (via patch, requested by he):
  Fix a ptrace/execve race condition which could be used to modify
  the child process' image during execve.  This would be a security
  issue due to setuid programs.

diffstat:

 sys/kern/kern_exec.c |  15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diffs (50 lines):

diff -r 510bfdb0ba59 -r 479fe2f05e75 sys/kern/kern_exec.c
--- a/sys/kern/kern_exec.c      Mon Jan 14 15:07:13 2002 +0000
+++ b/sys/kern/kern_exec.c      Mon Jan 14 15:18:47 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_exec.c,v 1.100.2.4 2001/07/19 13:36:19 perry Exp $        */
+/*     $NetBSD: kern_exec.c,v 1.100.2.5 2002/01/14 15:18:47 he Exp $   */
 
 /*-
  * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
@@ -98,6 +98,15 @@
        struct nameidata *ndp;
        size_t resid;
 
+       /*
+        * Lock the process and set the P_INEXEC flag to indicate that
+        * it should be left alone until we're done here.  This is
+        * necessary to avoid race conditions - e.g. in ptrace() -
+        * that might allow a local user to illicitly obtain elevated
+        * privileges.
+        */
+       p->p_flag |= P_INEXEC;
+
        ndp = epp->ep_ndp;
        ndp->ni_cnd.cn_nameiop = LOOKUP;
        ndp->ni_cnd.cn_flags = FOLLOW | LOCKLEAF | SAVENAME;
@@ -498,9 +507,11 @@
                ktremul(p->p_tracep, p, p->p_emul->e_name);
 #endif
 
+       p->p_flag &= ~P_INEXEC;
        return (EJUSTRETURN);
 
 bad:
+       p->p_flag &= ~P_INEXEC;
        /* free the vmspace-creation commands, and release their references */
        kill_vmcmds(&pack.ep_vmcmds);
        /* kill any opened file descriptor, if necessary */
@@ -516,10 +527,12 @@
        uvm_km_free_wakeup(exec_map, (vaddr_t) argp, NCARGS);
 
 freehdr:
+       p->p_flag &= ~P_INEXEC;
        FREE(pack.ep_hdr, M_EXEC);
        return error;
 
 exec_abort:
+       p->p_flag &= ~P_INEXEC;
        /*
         * the old process doesn't exist anymore.  exit gracefully.
         * get rid of the (new) address space we have created, if any, get rid

Prev by Date: [src/netbsd-1-4]: src/lib/libc/stdlib Pull up revision 1.13 (requested by tho...
Next by Date: [src/netbsd-1-4]: src/lib/libc/stdlib Pull up revision 1.20 (via patch, reque...
Previous by Thread: [src/netbsd-1-4]: src/lib/libc/stdlib Pull up revision 1.13 (requested by tho...
Next by Thread: [src/netbsd-1-4]: src/lib/libc/stdlib Pull up revision 1.20 (via patch, reque...
Indexes:

Home | Main Index | Thread Index | Old Index