Page MenuHomeFreeBSD
Differential D23779

Indicate issetugid in AT_BSDFLAGS
AbandonedPublic
Actions

Authored by mjg on Feb 21 2020, 12:16 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 18, 11:12 PM
Unknown Object (File)
Mon, Nov 4, 7:41 AM
Unknown Object (File)
Wed, Oct 23, 10:58 PM
Unknown Object (File)
Oct 22 2024, 1:22 PM
Unknown Object (File)
Oct 1 2024, 4:43 AM
Unknown Object (File)
Sep 21 2024, 7:09 AM
Unknown Object (File)
Sep 11 2024, 1:41 PM
Unknown Object (File)
Sep 9 2024, 1:39 AM
View All 63 Files
Subscribers
bdragon
imp

Details

Reviewers
kib
Summary

This saves one issetugid for every exec. Note there is another call coming from something deeper which probably cannot be easily taken care of in the same manner.

Test Plan

Verified with debug printfs that trust is NOT set when running 'su' et al and is set otherwise.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

mjg created this revision.Feb 21 2020, 12:16 PM
Herald added subscribers: bdragon, imp. · View Herald TranscriptFeb 21 2020, 12:16 PM
Harbormaster completed remote builds in B29518: Diff 68630.Feb 21 2020, 12:16 PM
kib added inline comments.Feb 21 2020, 12:26 PM
libexec/rtld-elf/rtld.c
454

If you allocate one more flag in bsdflags. used to indicate support for BSDF_ISSETUGID, you do not need to rely on osreldate() which is better IMO. Check the new flag, and if set, ELF_BSDF_ISSETUGID presence is equal to trust. Also right now you rely on bsdflags presence, adding that flag would make zero initialization of bsdflags do the right thing.

Another option is to allocate new auxv entry with the value indicating issetugid, but flags are fine since they are already there.

sys/kern/kern_prot.c
1233

!= 0

mjg updated this revision to Diff 68631.Feb 21 2020, 12:41 PM
  • use an extra flag instead of reldate
kib accepted this revision.Feb 21 2020, 12:46 PM
kib added inline comments.
sys/sys/elf_common.h
1461

_VALID instead of _PASSED ?

This revision is now accepted and ready to land.Feb 21 2020, 12:46 PM
mjg planned changes to this revision.Feb 21 2020, 3:07 PM

Upon further testing this is buggy - sometimes the passed down value disagrees with what the syscall returns later as setugid call on exec happens only after copyout.

mjg mentioned this in D36540: Pass stack size, limit, and (no)overcommit flag to image using auxv, to avoid syscalls on jemalloc and libthr startup..Sep 12 2022, 9:15 PM
kib added a comment.Sep 13 2022, 10:28 AM
In D23779#522553, @mjg wrote:

Upon further testing this is buggy - sometimes the passed down value disagrees with what the syscall returns later as setugid call on exec happens only after copyout.

You should directly pass result of calculation with credential_changing in imgparam.

mjg abandoned this revision.Mar 12 2024, 10:32 PM

Revision Contents
Changeset List

PathSize
libexec/
rtld-elf/
15 lines
sys/
kern/
12 lines
25 lines
sys/
2 lines
1 line

Diff 68631

View Options

libexec/rtld-elf/rtld.c

Loading...
View Options

sys/kern/imgact_elf.c

Loading...
View Options

sys/kern/kern_prot.c

Loading...
View Options

sys/sys/elf_common.h

Loading...
View Options

sys/sys/syscallsubr.h

Loading...