1/*- 2 * Copyright (c) 1993, David Greenman 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
28__FBSDID("$FreeBSD: head/sys/kern/kern_exec.c 194498 2009-06-19 17:10:35Z brooks $"); |
29 30#include "opt_hwpmc_hooks.h" 31#include "opt_kdtrace.h" 32#include "opt_ktrace.h" 33#include "opt_vm.h" 34 35#include <sys/param.h> 36#include <sys/systm.h> --- 537 unchanged lines hidden (view full) --- 574 575 /* 576 * For security and other reasons, signal handlers cannot 577 * be shared after an exec. The new process gets a copy of the old 578 * handlers. In execsigs(), the new process will have its signals 579 * reset. 580 */ 581 PROC_LOCK(p); |
582 oldcred = crcopysafe(p, newcred); |
583 if (sigacts_shared(p->p_sigacts)) { 584 oldsigacts = p->p_sigacts; 585 PROC_UNLOCK(p); 586 newsigacts = sigacts_alloc(); 587 sigacts_copy(newsigacts, oldsigacts); 588 PROC_LOCK(p); 589 p->p_sigacts = newsigacts; 590 } else --- 34 unchanged lines hidden (view full) --- 625 * Implement image setuid/setgid. 626 * 627 * Don't honor setuid/setgid if the filesystem prohibits it or if 628 * the process is being traced. 629 * 630 * XXXMAC: For the time being, use NOSUID to also prohibit 631 * transitions on the file system. 632 */ |
633 credential_changing = 0; 634 credential_changing |= (attr.va_mode & S_ISUID) && oldcred->cr_uid != 635 attr.va_uid; 636 credential_changing |= (attr.va_mode & S_ISGID) && oldcred->cr_gid != 637 attr.va_gid; 638#ifdef MAC 639 will_transition = mac_vnode_execve_will_transition(oldcred, imgp->vp, 640 interpvplabel, imgp); --- 37 unchanged lines hidden (view full) --- 678 error = fdcheckstd(td); 679 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY); 680 if (error != 0) 681 goto done1; 682 PROC_LOCK(p); 683 /* 684 * Set the new credentials. 685 */ |
686 if (attr.va_mode & S_ISUID) 687 change_euid(newcred, euip); 688 if (attr.va_mode & S_ISGID) 689 change_egid(newcred, attr.va_gid); 690#ifdef MAC 691 if (will_transition) { 692 mac_vnode_execve_transition(oldcred, newcred, imgp->vp, 693 interpvplabel, imgp); --- 23 unchanged lines hidden (view full) --- 717 * not equal to the old ruid, or the new euid is not equal 718 * to the old euid and the new euid is not equal to the old 719 * ruid. The FreeBSD code always updates the saved uid/gid. 720 * Also, this code uses the new (replaced) euid and egid as 721 * the source, which may or may not be the right ones to use. 722 */ 723 if (oldcred->cr_svuid != oldcred->cr_uid || 724 oldcred->cr_svgid != oldcred->cr_gid) { |
725 change_svuid(newcred, newcred->cr_uid); 726 change_svgid(newcred, newcred->cr_gid); 727 p->p_ucred = newcred; 728 newcred = NULL; 729 } 730 } 731 732 /* --- 689 unchanged lines hidden --- |