Page MenuHomeFreeBSD

Indicate issetugid in AT_BSDFLAGS
Changes PlannedPublic

Authored by mjg on Feb 21 2020, 12:16 PM.



This saves one issetugid for every exec. Note there is another call coming from something deeper which probably cannot be easily taken care of in the same manner.

Test Plan

Verified with debug printfs that trust is NOT set when running 'su' et al and is set otherwise.

Diff Detail

Lint Skipped
Unit Tests Skipped

Event Timeline

mjg created this revision.Feb 21 2020, 12:16 PM
kib added inline comments.Feb 21 2020, 12:26 PM

If you allocate one more flag in bsdflags. used to indicate support for BSDF_ISSETUGID, you do not need to rely on osreldate() which is better IMO. Check the new flag, and if set, ELF_BSDF_ISSETUGID presence is equal to trust. Also right now you rely on bsdflags presence, adding that flag would make zero initialization of bsdflags do the right thing.

Another option is to allocate new auxv entry with the value indicating issetugid, but flags are fine since they are already there.


!= 0

mjg updated this revision to Diff 68631.Feb 21 2020, 12:41 PM
  • use an extra flag instead of reldate
kib accepted this revision.Feb 21 2020, 12:46 PM
kib added inline comments.

_VALID instead of _PASSED ?

This revision is now accepted and ready to land.Feb 21 2020, 12:46 PM
mjg planned changes to this revision.Feb 21 2020, 3:07 PM

Upon further testing this is buggy - sometimes the passed down value disagrees with what the syscall returns later as setugid call on exec happens only after copyout.