kern_exec.c (193643) | kern_exec.c (194498) |
---|---|
1/*- 2 * Copyright (c) 1993, David Greenman 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1993, David Greenman 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
28__FBSDID("$FreeBSD: head/sys/kern/kern_exec.c 193643 2009-06-07 19:38:26Z alc $"); | 28__FBSDID("$FreeBSD: head/sys/kern/kern_exec.c 194498 2009-06-19 17:10:35Z brooks $"); |
29 30#include "opt_hwpmc_hooks.h" 31#include "opt_kdtrace.h" 32#include "opt_ktrace.h" 33#include "opt_vm.h" 34 35#include <sys/param.h> 36#include <sys/systm.h> --- 537 unchanged lines hidden (view full) --- 574 575 /* 576 * For security and other reasons, signal handlers cannot 577 * be shared after an exec. The new process gets a copy of the old 578 * handlers. In execsigs(), the new process will have its signals 579 * reset. 580 */ 581 PROC_LOCK(p); | 29 30#include "opt_hwpmc_hooks.h" 31#include "opt_kdtrace.h" 32#include "opt_ktrace.h" 33#include "opt_vm.h" 34 35#include <sys/param.h> 36#include <sys/systm.h> --- 537 unchanged lines hidden (view full) --- 574 575 /* 576 * For security and other reasons, signal handlers cannot 577 * be shared after an exec. The new process gets a copy of the old 578 * handlers. In execsigs(), the new process will have its signals 579 * reset. 580 */ 581 PROC_LOCK(p); |
582 oldcred = crcopysafe(p, newcred); |
|
582 if (sigacts_shared(p->p_sigacts)) { 583 oldsigacts = p->p_sigacts; 584 PROC_UNLOCK(p); 585 newsigacts = sigacts_alloc(); 586 sigacts_copy(newsigacts, oldsigacts); 587 PROC_LOCK(p); 588 p->p_sigacts = newsigacts; 589 } else --- 34 unchanged lines hidden (view full) --- 624 * Implement image setuid/setgid. 625 * 626 * Don't honor setuid/setgid if the filesystem prohibits it or if 627 * the process is being traced. 628 * 629 * XXXMAC: For the time being, use NOSUID to also prohibit 630 * transitions on the file system. 631 */ | 583 if (sigacts_shared(p->p_sigacts)) { 584 oldsigacts = p->p_sigacts; 585 PROC_UNLOCK(p); 586 newsigacts = sigacts_alloc(); 587 sigacts_copy(newsigacts, oldsigacts); 588 PROC_LOCK(p); 589 p->p_sigacts = newsigacts; 590 } else --- 34 unchanged lines hidden (view full) --- 625 * Implement image setuid/setgid. 626 * 627 * Don't honor setuid/setgid if the filesystem prohibits it or if 628 * the process is being traced. 629 * 630 * XXXMAC: For the time being, use NOSUID to also prohibit 631 * transitions on the file system. 632 */ |
632 oldcred = p->p_ucred; | |
633 credential_changing = 0; 634 credential_changing |= (attr.va_mode & S_ISUID) && oldcred->cr_uid != 635 attr.va_uid; 636 credential_changing |= (attr.va_mode & S_ISGID) && oldcred->cr_gid != 637 attr.va_gid; 638#ifdef MAC 639 will_transition = mac_vnode_execve_will_transition(oldcred, imgp->vp, 640 interpvplabel, imgp); --- 37 unchanged lines hidden (view full) --- 678 error = fdcheckstd(td); 679 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY); 680 if (error != 0) 681 goto done1; 682 PROC_LOCK(p); 683 /* 684 * Set the new credentials. 685 */ | 633 credential_changing = 0; 634 credential_changing |= (attr.va_mode & S_ISUID) && oldcred->cr_uid != 635 attr.va_uid; 636 credential_changing |= (attr.va_mode & S_ISGID) && oldcred->cr_gid != 637 attr.va_gid; 638#ifdef MAC 639 will_transition = mac_vnode_execve_will_transition(oldcred, imgp->vp, 640 interpvplabel, imgp); --- 37 unchanged lines hidden (view full) --- 678 error = fdcheckstd(td); 679 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY); 680 if (error != 0) 681 goto done1; 682 PROC_LOCK(p); 683 /* 684 * Set the new credentials. 685 */ |
686 crcopy(newcred, oldcred); | |
687 if (attr.va_mode & S_ISUID) 688 change_euid(newcred, euip); 689 if (attr.va_mode & S_ISGID) 690 change_egid(newcred, attr.va_gid); 691#ifdef MAC 692 if (will_transition) { 693 mac_vnode_execve_transition(oldcred, newcred, imgp->vp, 694 interpvplabel, imgp); --- 23 unchanged lines hidden (view full) --- 718 * not equal to the old ruid, or the new euid is not equal 719 * to the old euid and the new euid is not equal to the old 720 * ruid. The FreeBSD code always updates the saved uid/gid. 721 * Also, this code uses the new (replaced) euid and egid as 722 * the source, which may or may not be the right ones to use. 723 */ 724 if (oldcred->cr_svuid != oldcred->cr_uid || 725 oldcred->cr_svgid != oldcred->cr_gid) { | 686 if (attr.va_mode & S_ISUID) 687 change_euid(newcred, euip); 688 if (attr.va_mode & S_ISGID) 689 change_egid(newcred, attr.va_gid); 690#ifdef MAC 691 if (will_transition) { 692 mac_vnode_execve_transition(oldcred, newcred, imgp->vp, 693 interpvplabel, imgp); --- 23 unchanged lines hidden (view full) --- 717 * not equal to the old ruid, or the new euid is not equal 718 * to the old euid and the new euid is not equal to the old 719 * ruid. The FreeBSD code always updates the saved uid/gid. 720 * Also, this code uses the new (replaced) euid and egid as 721 * the source, which may or may not be the right ones to use. 722 */ 723 if (oldcred->cr_svuid != oldcred->cr_uid || 724 oldcred->cr_svgid != oldcred->cr_gid) { |
726 crcopy(newcred, oldcred); | |
727 change_svuid(newcred, newcred->cr_uid); 728 change_svgid(newcred, newcred->cr_gid); 729 p->p_ucred = newcred; 730 newcred = NULL; 731 } 732 } 733 734 /* --- 689 unchanged lines hidden --- | 725 change_svuid(newcred, newcred->cr_uid); 726 change_svgid(newcred, newcred->cr_gid); 727 p->p_ucred = newcred; 728 newcred = NULL; 729 } 730 } 731 732 /* --- 689 unchanged lines hidden --- |