Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/sys/kern Pull up revision 1.200 (requested by elad in tic...
details: https://anonhg.NetBSD.org/src/rev/80fe7dabaa2d
branches: netbsd-3
changeset: 576419:80fe7dabaa2d
user: tron <tron%NetBSD.org@localhost>
date: Sat Jul 02 17:53:32 2005 +0000
description:
Pull up revision 1.200 (requested by elad in ticket #487):
>From marius@openbsd:
Add an exec message so that whenever a set-uid/gid process executes a new
image which we may control, the exec does not go by unnoticed.
diffstat:
sys/kern/kern_exec.c | 46 +++++++++++++++++++++++++++++++++++++++-------
1 files changed, 39 insertions(+), 7 deletions(-)
diffs (128 lines):
diff -r 00cfe39144b2 -r 80fe7dabaa2d sys/kern/kern_exec.c
--- a/sys/kern/kern_exec.c Sat Jul 02 17:53:25 2005 +0000
+++ b/sys/kern/kern_exec.c Sat Jul 02 17:53:32 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_exec.c,v 1.194.4.2 2005/06/11 08:53:53 tron Exp $ */
+/* $NetBSD: kern_exec.c,v 1.194.4.3 2005/07/02 17:53:32 tron Exp $ */
/*-
* Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
@@ -33,7 +33,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.194.4.2 2005/06/11 08:53:53 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.194.4.3 2005/07/02 17:53:32 tron Exp $");
#include "opt_ktrace.h"
#include "opt_syscall_debug.h"
@@ -67,6 +67,10 @@
#include <sys/verified_exec.h>
#endif
+#ifdef SYSTRACE
+#include <sys/systrace.h>
+#endif /* SYSTRACE */
+
#include <uvm/uvm_extern.h>
#include <machine/cpu.h>
@@ -199,7 +203,7 @@
* ON ENTRY:
* exec package with appropriate namei info
* proc pointer of exec'ing proc
- * iff verified exec enabled then flag indicating a direct exec or
+ * if verified exec enabled then flag indicating a direct exec or
* an indirect exec (i.e. for a shell script interpreter)
* NO SELF-LOCKED VNODES
*
@@ -220,7 +224,7 @@
*/
int
#ifdef VERIFIED_EXEC
-check_exec(struct proc *p, struct exec_package *epp, int direct_exec)
+check_exec(struct proc *p, struct exec_package *epp, int flag)
#else
check_exec(struct proc *p, struct exec_package *epp)
#endif
@@ -268,8 +272,8 @@
#ifdef VERIFIED_EXEC
/* Evaluate signature for file... */
- if ((error = veriexec_verify(p, vp, epp->ep_vap,
- epp->ep_name, direct_exec)) != 0)
+ if ((error = veriexec_verify(p, vp, epp->ep_vap, epp->ep_name,
+ flag, NULL)) != 0)
goto bad2;
#endif
@@ -389,6 +393,11 @@
int szsigcode;
struct exec_vmcmd *base_vcp;
int oldlwpflags;
+#ifdef SYSTRACE
+ int wassugid = ISSET(p->p_flag, P_SUGID);
+ char pathbuf[MAXPATHLEN];
+ size_t pathbuflen;
+#endif /* SYSTRACE */
/* Disable scheduler activation upcalls. */
oldlwpflags = l->l_flag & (L_SA | L_SA_UPCALL);
@@ -414,12 +423,25 @@
* functions call check_exec() recursively - for example,
* see exec_script_makecmds().
*/
+#ifdef SYSTRACE
+ error = copyinstr(SCARG(uap, path), pathbuf, sizeof(pathbuf),
+ &pathbuflen);
+ if (error)
+ goto clrflg;
+
+ NDINIT(&nid, LOOKUP, NOFOLLOW, UIO_SYSSPACE, pathbuf, p);
+#else
NDINIT(&nid, LOOKUP, NOFOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
+#endif /* SYSTRACE */
/*
* initialize the fields of the exec package.
*/
+#ifdef SYSTRACE
+ pack.ep_name = pathbuf;
+#else
pack.ep_name = SCARG(uap, path);
+#endif /* SYSTRACE */
pack.ep_hdr = malloc(exec_maxhdrsz, M_EXEC, M_WAITOK);
pack.ep_hdrlen = exec_maxhdrsz;
pack.ep_hdrvalid = 0;
@@ -840,6 +862,12 @@
splx(s);
}
+#ifdef SYSTRACE
+ if (ISSET(p->p_flag, P_SYSTRACE) &&
+ wassugid && !ISSET(p->p_flag, P_SUGID))
+ systrace_execve(pathbuf, p);
+#endif /* SYSTRACE */
+
return (EJUSTRETURN);
bad:
@@ -859,13 +887,17 @@
uvm_km_free_wakeup(exec_map, (vaddr_t) argp, NCARGS);
freehdr:
+ free(pack.ep_hdr, M_EXEC);
+
+#ifdef SYSTRACE
+ clrflg:
+#endif /* SYSTRACE */
l->l_flag |= oldlwpflags;
p->p_flag &= ~P_INEXEC;
#ifdef LKM
lockmgr(&exec_lock, LK_RELEASE, NULL);
#endif
- free(pack.ep_hdr, M_EXEC);
return error;
exec_abort:
Home |
Main Index |
Thread Index |
Old Index