Page MenuHomeFreeBSD

imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images
ClosedPublic

Authored by markj on Jun 2 2026, 9:27 PM.
Tags
None
Referenced Files
F161386993: D57397.diff
Fri, Jul 3, 8:07 AM
Unknown Object (File)
Tue, Jun 30, 10:24 AM
Unknown Object (File)
Thu, Jun 25, 10:06 AM
Unknown Object (File)
Thu, Jun 25, 7:43 AM
Unknown Object (File)
Mon, Jun 22, 7:37 PM
Unknown Object (File)
Mon, Jun 22, 7:26 PM
Unknown Object (File)
Sat, Jun 20, 8:51 PM
Unknown Object (File)
Fri, Jun 19, 3:28 PM
Subscribers

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Jun 2 2026, 9:27 PM
sys/kern/imgact_elf.c
1363

Why moving the VOP_UNLOCK line? If moving, I would put it before the newly moved check imgp->credential_setid

sys/kern/imgact_elf.c
1363

I did it this way to avoid changing error handling, and to keep related blocks of code close together. In particular, goto ret requires the vnode to be locked. If you prefer, I will move it earlier and add a new goto label.

sys/kern/imgact_elf.c
1363

I think it is simpler to relock the vnode before goto. Yes, I think it makes sense to move the unlock earlier.

markj marked 2 inline comments as done.

Unlock the vnode earlier.

This revision is now accepted and ready to land.Jun 3 2026, 3:45 PM