1/*
2 * Copyright (c) 1993, David Greenman
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
--- 11 unchanged lines hidden (view full) ---
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: head/sys/kern/kern_exec.c 121294 2003-10-21 01:13:49Z marcel $");
29
30#include "opt_ktrace.h"
31#include "opt_mac.h"
32
33#include <sys/param.h>
34#include <sys/systm.h>
35#include <sys/eventhandler.h>
36#include <sys/lock.h>
--- 125 unchanged lines hidden (view full) ---
162#ifdef KTRACE
163 struct vnode *tracevp = NULL;
164 struct ucred *tracecred = NULL;
165#endif
166 struct vnode *textvp = NULL;
167 int credential_changing;
168 int textset;
169#ifdef MAC
170 struct label interplabel; /* label of the interpreted vnode */
171 struct label execlabel; /* optional label argument */
172 int will_transition, interplabelvalid = 0;
173#endif
174
175 imgp = &image_params;
176
177 /*
178 * Lock the process and set the P_INEXEC flag to indicate that
179 * it should be left alone until we're done here. This is
180 * necessary to avoid race conditions - e.g. in ptrace() -
--- 36 unchanged lines hidden (view full) ---
217 imgp->auxargs = NULL;
218 imgp->vp = NULL;
219 imgp->object = NULL;
220 imgp->firstpage = NULL;
221 imgp->ps_strings = 0;
222 imgp->auxarg_size = 0;
223
224#ifdef MAC
225 error = mac_execve_enter(imgp, mac_p, &execlabel);
226 if (error) {
227 mtx_lock(&Giant);
228 goto exec_fail;
229 }
230#endif
231
232 /*
233 * Allocate temporary demand zeroed space for argument and
--- 97 unchanged lines hidden (view full) ---
331 * period before we determine that something is a script where
332 * VV_TEXT will be set. The vnode lock is held over this
333 * entire period so nothing should illegitimately be blocked.
334 */
335 imgp->vp->v_vflag &= ~VV_TEXT;
336 /* free name buffer and old vnode */
337 NDFREE(ndp, NDF_ONLY_PNBUF);
338#ifdef MAC
339 mac_init_vnode_label(&interplabel);
340 mac_copy_vnode_label(&ndp->ni_vp->v_label, &interplabel);
341 interplabelvalid = 1;
342#endif
343 vput(ndp->ni_vp);
344 vm_object_deallocate(imgp->object);
345 imgp->object = NULL;
346 /* set new name to that of the interpreter */
347 NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
348 UIO_SYSSPACE, imgp->interpreter_name, td);
349 goto interpret;
--- 97 unchanged lines hidden (view full) ---
447 oldcred = p->p_ucred;
448 credential_changing = 0;
449 credential_changing |= (attr.va_mode & VSUID) && oldcred->cr_uid !=
450 attr.va_uid;
451 credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid !=
452 attr.va_gid;
453#ifdef MAC
454 will_transition = mac_execve_will_transition(oldcred, imgp->vp,
455 interplabelvalid ? &interplabel : NULL, imgp);
456 credential_changing |= will_transition;
457#endif
458
459 if (credential_changing &&
460 (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
461 (p->p_flag & P_TRACED) == 0) {
462 /*
463 * Turn off syscall tracing for set-id programs, except for
--- 33 unchanged lines hidden (view full) ---
497 crcopy(newcred, oldcred);
498 if (attr.va_mode & VSUID)
499 change_euid(newcred, euip);
500 if (attr.va_mode & VSGID)
501 change_egid(newcred, attr.va_gid);
502#ifdef MAC
503 if (will_transition) {
504 mac_execve_transition(oldcred, newcred, imgp->vp,
505 interplabelvalid ? &interplabel : NULL, imgp);
506 }
507#endif
508 /*
509 * Implement correct POSIX saved-id behavior.
510 *
511 * XXXMAC: Note that the current logic will save the
512 * uid and gid if a MAC domain transition occurs, even
513 * though maybe it shouldn't.
--- 135 unchanged lines hidden (view full) ---
649 PROC_LOCK(p);
650 p->p_flag &= ~P_INEXEC;
651 PROC_UNLOCK(p);
652
653 if (imgp->vmspace_destroyed) {
654 /* sorry, no more process anymore. exit gracefully */
655#ifdef MAC
656 mac_execve_exit(imgp);
657 if (interplabelvalid)
658 mac_destroy_vnode_label(&interplabel);
659#endif
660 exit1(td, W_EXITCODE(0, SIGABRT));
661 /* NOT REACHED */
662 error = 0;
663 }
664done2:
665#ifdef MAC
666 mac_execve_exit(imgp);
667 if (interplabelvalid)
668 mac_destroy_vnode_label(&interplabel);
669#endif
670 mtx_unlock(&Giant);
671 return (error);
672}
673
674#ifndef _SYS_SYSPROTO_H_
675struct execve_args {
676 char *fname;
--- 525 unchanged lines hidden ---
2 * Copyright (c) 1993, David Greenman
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
--- 11 unchanged lines hidden (view full) ---
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: head/sys/kern/kern_exec.c 121294 2003-10-21 01:13:49Z marcel $");
29
30#include "opt_ktrace.h"
31#include "opt_mac.h"
32
33#include <sys/param.h>
34#include <sys/systm.h>
35#include <sys/eventhandler.h>
36#include <sys/lock.h>
--- 125 unchanged lines hidden (view full) ---
162#ifdef KTRACE
163 struct vnode *tracevp = NULL;
164 struct ucred *tracecred = NULL;
165#endif
166 struct vnode *textvp = NULL;
167 int credential_changing;
168 int textset;
169#ifdef MAC
170 struct label interplabel; /* label of the interpreted vnode */
171 struct label execlabel; /* optional label argument */
172 int will_transition, interplabelvalid = 0;
173#endif
174
175 imgp = &image_params;
176
177 /*
178 * Lock the process and set the P_INEXEC flag to indicate that
179 * it should be left alone until we're done here. This is
180 * necessary to avoid race conditions - e.g. in ptrace() -
--- 36 unchanged lines hidden (view full) ---
217 imgp->auxargs = NULL;
218 imgp->vp = NULL;
219 imgp->object = NULL;
220 imgp->firstpage = NULL;
221 imgp->ps_strings = 0;
222 imgp->auxarg_size = 0;
223
224#ifdef MAC
225 error = mac_execve_enter(imgp, mac_p, &execlabel);
226 if (error) {
227 mtx_lock(&Giant);
228 goto exec_fail;
229 }
230#endif
231
232 /*
233 * Allocate temporary demand zeroed space for argument and
--- 97 unchanged lines hidden (view full) ---
331 * period before we determine that something is a script where
332 * VV_TEXT will be set. The vnode lock is held over this
333 * entire period so nothing should illegitimately be blocked.
334 */
335 imgp->vp->v_vflag &= ~VV_TEXT;
336 /* free name buffer and old vnode */
337 NDFREE(ndp, NDF_ONLY_PNBUF);
338#ifdef MAC
339 mac_init_vnode_label(&interplabel);
340 mac_copy_vnode_label(&ndp->ni_vp->v_label, &interplabel);
341 interplabelvalid = 1;
342#endif
343 vput(ndp->ni_vp);
344 vm_object_deallocate(imgp->object);
345 imgp->object = NULL;
346 /* set new name to that of the interpreter */
347 NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
348 UIO_SYSSPACE, imgp->interpreter_name, td);
349 goto interpret;
--- 97 unchanged lines hidden (view full) ---
447 oldcred = p->p_ucred;
448 credential_changing = 0;
449 credential_changing |= (attr.va_mode & VSUID) && oldcred->cr_uid !=
450 attr.va_uid;
451 credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid !=
452 attr.va_gid;
453#ifdef MAC
454 will_transition = mac_execve_will_transition(oldcred, imgp->vp,
455 interplabelvalid ? &interplabel : NULL, imgp);
456 credential_changing |= will_transition;
457#endif
458
459 if (credential_changing &&
460 (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
461 (p->p_flag & P_TRACED) == 0) {
462 /*
463 * Turn off syscall tracing for set-id programs, except for
--- 33 unchanged lines hidden (view full) ---
497 crcopy(newcred, oldcred);
498 if (attr.va_mode & VSUID)
499 change_euid(newcred, euip);
500 if (attr.va_mode & VSGID)
501 change_egid(newcred, attr.va_gid);
502#ifdef MAC
503 if (will_transition) {
504 mac_execve_transition(oldcred, newcred, imgp->vp,
505 interplabelvalid ? &interplabel : NULL, imgp);
506 }
507#endif
508 /*
509 * Implement correct POSIX saved-id behavior.
510 *
511 * XXXMAC: Note that the current logic will save the
512 * uid and gid if a MAC domain transition occurs, even
513 * though maybe it shouldn't.
--- 135 unchanged lines hidden (view full) ---
649 PROC_LOCK(p);
650 p->p_flag &= ~P_INEXEC;
651 PROC_UNLOCK(p);
652
653 if (imgp->vmspace_destroyed) {
654 /* sorry, no more process anymore. exit gracefully */
655#ifdef MAC
656 mac_execve_exit(imgp);
657 if (interplabelvalid)
658 mac_destroy_vnode_label(&interplabel);
659#endif
660 exit1(td, W_EXITCODE(0, SIGABRT));
661 /* NOT REACHED */
662 error = 0;
663 }
664done2:
665#ifdef MAC
666 mac_execve_exit(imgp);
667 if (interplabelvalid)
668 mac_destroy_vnode_label(&interplabel);
669#endif
670 mtx_unlock(&Giant);
671 return (error);
672}
673
674#ifndef _SYS_SYSPROTO_H_
675struct execve_args {
676 char *fname;
--- 525 unchanged lines hidden ---