Page MenuHomeFreeBSD

Redesign multiple imgact handlers in do_exec()
ClosedPublic

Authored by sbruno on Aug 29 2014, 12:12 AM.

Details

Reviewers
imp
sbruno
sson
Summary

Allow imagact_binmisc to remap argv[0] if another activator
has already processed the command line, e.g. shell activator remapping
argv[0] to /usr/local/bin/perl

Diff Detail

Repository
rS FreeBSD src repository
Lint
No Linters Available
Unit
No Unit Test Coverage

Event Timeline

sbruno retitled this revision from to Remove check for interpreter from imagact_binmisc.Aug 29 2014, 12:12 AM
sbruno updated this object.
sbruno edited the test plan for this revision. (Show Details)
sbruno added reviewers: sson, imp.
sbruno updated this revision to Diff 1271.
imp added inline comments.Aug 29 2014, 12:24 AM
sys/kern/imgact_binmisc.c
602

We need recursive protection here. The old "flag" wasn't sufficient. Maybe you need to set the interpreted bit to be a pointer to the base imgact that's being the interpreter and we should test equality not != 0.

sbruno updated this revision to Diff 1286.Aug 30 2014, 4:11 AM

These changes compile, but are untested at the moment. This is proof of concept
thinking here.

Change quite a bit around the interpreted bit/flag.

  • interpreted now stores the address of the last run imgact run
  • interpreted is only set to non-NULL values from inside do_exec()
  • interpreted causes the for loop to skip over a previous run's execution

Cleared interpreted when we detect that this is the address of the
current imgact function and continue checking.

As an aside, the current code in the tree defeats all recursive attempts
by using a single hardstop on the interpreted flag. If its set, imgact_shell
and imgact_binmisc abort and do not further adjust argv[0].

The propsed changes here do *not* defeat complicated recursion, but they do
defeat simple recursion. In order to exploit this version, one would have to
craft a binary/script to recursively execute a binary *then* a script in
succession, and then alternate back to a binary.

e.g. a script is called that invokes imgact_shell, that shell interpreter
is a binary that has a handler set in imgact_binmisc. That handler in
imgact_binmisc is set to the original script. I think this is a recursive
blackhole that I'd like to design around.

sbruno retitled this revision from Remove check for interpreter from imagact_binmisc to Redesign multiple imgact handlers in do_exec().Aug 30 2014, 4:12 AM
sbruno updated this revision to Diff 1288.Aug 30 2014, 6:30 PM

Add a hard stop at 10 loops for interpretations of argv[0]

I think 10 might be too many though. Probably should be something like 3

sbruno updated this revision to Diff 1290.Aug 30 2014, 8:06 PM

Super-simple, each imgact needs a flag to indicate that its run.

This should allow each imgact to run exactly once, but it will
allow multiple activators to run

sbruno updated this revision to Diff 1353.Sep 3 2014, 11:25 PM

s/interpretes/interpreters/

sbruno accepted this revision.
This revision is now accepted and ready to land.Sep 4 2014, 9:31 PM
sbruno closed this revision.Sep 4 2014, 9:31 PM

Committed at svn r271141.