Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F106032556
D6545.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
2 KB
Referenced Files
None
Subscribers
None
D6545.diff
View Options
Index: head/sys/dev/filemon/filemon.c
===================================================================
--- head/sys/dev/filemon/filemon.c
+++ head/sys/dev/filemon/filemon.c
@@ -89,6 +89,7 @@
struct filemon {
struct sx lock; /* Lock for this filemon. */
struct file *fp; /* Output file pointer. */
+ struct ucred *cred; /* Credential of tracer. */
char fname1[MAXPATHLEN]; /* Temporary filename buffer. */
char fname2[MAXPATHLEN]; /* Temporary filename buffer. */
char msgbufr[1024]; /* Output message buffer. */
@@ -125,6 +126,8 @@
*/
sx_assert(&filemon->lock, SA_UNLOCKED);
+ if (filemon->cred != NULL)
+ crfree(filemon->cred);
sx_destroy(&filemon->lock);
free(filemon, M_FILEMON);
}
@@ -308,6 +311,9 @@
KASSERT((p->p_flag & P_WEXIT) == 0,
("%s: filemon %p attaching to exiting process %p",
__func__, filemon, p));
+ KASSERT((p->p_flag & P_INEXEC) == 0,
+ ("%s: filemon %p attaching to execing process %p",
+ __func__, filemon, p));
if (p->p_filemon == filemon)
return (0);
@@ -385,8 +391,8 @@
/* Invalidate any existing processes already set. */
filemon_untrack_processes(filemon);
- error = pget(*((pid_t *)data), PGET_CANDEBUG | PGET_NOTWEXIT,
- &p);
+ error = pget(*((pid_t *)data),
+ PGET_CANDEBUG | PGET_NOTWEXIT | PGET_NOTINEXEC, &p);
if (error == 0) {
KASSERT(p->p_filemon != filemon,
("%s: proc %p didn't untrack filemon %p",
@@ -407,7 +413,7 @@
static int
filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused,
- struct thread *td __unused)
+ struct thread *td)
{
int error;
struct filemon *filemon;
@@ -416,6 +422,7 @@
M_WAITOK | M_ZERO);
sx_init(&filemon->lock, "filemon");
refcount_init(&filemon->refcnt, 1);
+ filemon->cred = crhold(td->td_ucred);
error = devfs_set_cdevpriv(filemon, filemon_dtr);
if (error != 0)
Index: head/sys/dev/filemon/filemon_wrapper.c
===================================================================
--- head/sys/dev/filemon/filemon_wrapper.c
+++ head/sys/dev/filemon/filemon_wrapper.c
@@ -32,6 +32,7 @@
#include <sys/eventhandler.h>
#include <sys/filedesc.h>
#include <sys/imgact.h>
+#include <sys/priv.h>
#include <sys/sx.h>
#include <sys/vnode.h>
@@ -112,6 +113,24 @@
filemon_output(filemon, filemon->msgbufr, len);
+ /* If the credentials changed then cease tracing. */
+ if (imgp->newcred != NULL &&
+ imgp->credential_setid &&
+ priv_check_cred(filemon->cred,
+ PRIV_DEBUG_DIFFCRED, 0) != 0) {
+ /*
+ * It may have changed to NULL already, but
+ * will not be re-attached by anything else.
+ */
+ if (p->p_filemon != NULL) {
+ KASSERT(p->p_filemon == filemon,
+ ("%s: proc %p didn't have expected"
+ " filemon %p", __func__, p, filemon));
+ filemon_proc_drop(p);
+ }
+ }
+
+
filemon_drop(filemon);
}
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Dec 25, 5:08 AM (9 h, 32 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15594620
Default Alt Text
D6545.diff (2 KB)
Attached To
Mode
D6545: filemon exec: Cease tracing if credentials will change with the new image.
Attached
Detach File
Event Timeline
Log In to Comment