Page MenuHomeFreeBSD

D6545.diff
No OneTemporary

D6545.diff

Index: head/sys/dev/filemon/filemon.c
===================================================================
--- head/sys/dev/filemon/filemon.c
+++ head/sys/dev/filemon/filemon.c
@@ -89,6 +89,7 @@
struct filemon {
struct sx lock; /* Lock for this filemon. */
struct file *fp; /* Output file pointer. */
+ struct ucred *cred; /* Credential of tracer. */
char fname1[MAXPATHLEN]; /* Temporary filename buffer. */
char fname2[MAXPATHLEN]; /* Temporary filename buffer. */
char msgbufr[1024]; /* Output message buffer. */
@@ -125,6 +126,8 @@
*/
sx_assert(&filemon->lock, SA_UNLOCKED);
+ if (filemon->cred != NULL)
+ crfree(filemon->cred);
sx_destroy(&filemon->lock);
free(filemon, M_FILEMON);
}
@@ -308,6 +311,9 @@
KASSERT((p->p_flag & P_WEXIT) == 0,
("%s: filemon %p attaching to exiting process %p",
__func__, filemon, p));
+ KASSERT((p->p_flag & P_INEXEC) == 0,
+ ("%s: filemon %p attaching to execing process %p",
+ __func__, filemon, p));
if (p->p_filemon == filemon)
return (0);
@@ -385,8 +391,8 @@
/* Invalidate any existing processes already set. */
filemon_untrack_processes(filemon);
- error = pget(*((pid_t *)data), PGET_CANDEBUG | PGET_NOTWEXIT,
- &p);
+ error = pget(*((pid_t *)data),
+ PGET_CANDEBUG | PGET_NOTWEXIT | PGET_NOTINEXEC, &p);
if (error == 0) {
KASSERT(p->p_filemon != filemon,
("%s: proc %p didn't untrack filemon %p",
@@ -407,7 +413,7 @@
static int
filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused,
- struct thread *td __unused)
+ struct thread *td)
{
int error;
struct filemon *filemon;
@@ -416,6 +422,7 @@
M_WAITOK | M_ZERO);
sx_init(&filemon->lock, "filemon");
refcount_init(&filemon->refcnt, 1);
+ filemon->cred = crhold(td->td_ucred);
error = devfs_set_cdevpriv(filemon, filemon_dtr);
if (error != 0)
Index: head/sys/dev/filemon/filemon_wrapper.c
===================================================================
--- head/sys/dev/filemon/filemon_wrapper.c
+++ head/sys/dev/filemon/filemon_wrapper.c
@@ -32,6 +32,7 @@
#include <sys/eventhandler.h>
#include <sys/filedesc.h>
#include <sys/imgact.h>
+#include <sys/priv.h>
#include <sys/sx.h>
#include <sys/vnode.h>
@@ -112,6 +113,24 @@
filemon_output(filemon, filemon->msgbufr, len);
+ /* If the credentials changed then cease tracing. */
+ if (imgp->newcred != NULL &&
+ imgp->credential_setid &&
+ priv_check_cred(filemon->cred,
+ PRIV_DEBUG_DIFFCRED, 0) != 0) {
+ /*
+ * It may have changed to NULL already, but
+ * will not be re-attached by anything else.
+ */
+ if (p->p_filemon != NULL) {
+ KASSERT(p->p_filemon == filemon,
+ ("%s: proc %p didn't have expected"
+ " filemon %p", __func__, p, filemon));
+ filemon_proc_drop(p);
+ }
+ }
+
+
filemon_drop(filemon);
}
}

File Metadata

Mime Type
text/plain
Expires
Wed, Dec 25, 5:08 AM (9 h, 32 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15594620
Default Alt Text
D6545.diff (2 KB)

Event Timeline