Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/kern_exec.c
Show First 20 Lines • Show All 246 Lines • ▼ Show 20 Lines | if (error == 0) { | ||||
args.fd = uap->fd; | args.fd = uap->fd; | ||||
error = kern_execve(td, &args, NULL); | error = kern_execve(td, &args, NULL); | ||||
} | } | ||||
post_execve(td, error, oldvmspace); | post_execve(td, error, oldvmspace); | ||||
return (error); | return (error); | ||||
} | } | ||||
#ifndef _SYS_SYSPROTO_H_ | #ifndef _SYS_SYSPROTO_H_ | ||||
struct ffexecve_args { | |||||
int interpreter; | |||||
int fd; | |||||
char **argv; | |||||
char **envv; | |||||
} | |||||
#endif | |||||
int | |||||
sys_ffexecve(struct thread *td, struct ffexecve_args *uap) | |||||
{ | |||||
struct image_args args; | |||||
struct vmspace *oldvmspace; | |||||
int error; | |||||
error = pre_execve(td, &oldvmspace); | |||||
if (error != 0) | |||||
return (error); | |||||
error = exec_copyin_args(&args, NULL, UIO_SYSSPACE, | |||||
uap->argv, uap->envv); | |||||
if (error == 0) { | |||||
args.interpreter = uap->interpreter; | |||||
brooks: Given that `sys_ffexecve` and `sys_fexecve` appear to be identical except for this line, I'm… | |||||
Not Done Inline ActionsThat's a good point... jonathan: That's a good point... | |||||
args.fd = uap->fd; | |||||
error = kern_execve(td, &args, NULL); | |||||
} | |||||
post_execve(td, error, oldvmspace); | |||||
return (error); | |||||
} | |||||
#ifndef _SYS_SYSPROTO_H_ | |||||
struct __mac_execve_args { | struct __mac_execve_args { | ||||
char *fname; | char *fname; | ||||
char **argv; | char **argv; | ||||
char **envv; | char **envv; | ||||
struct mac *mac_p; | struct mac *mac_p; | ||||
}; | }; | ||||
#endif | #endif | ||||
▲ Show 20 Lines • Show All 230 Lines • ▼ Show 20 Lines | #endif | ||||
/* | /* | ||||
* Implement image setuid/setgid. | * Implement image setuid/setgid. | ||||
* | * | ||||
* Determine new credentials before attempting image activators | * Determine new credentials before attempting image activators | ||||
* so that it can be used by process_exec handlers to determine | * so that it can be used by process_exec handlers to determine | ||||
* credential/setid changes. | * credential/setid changes. | ||||
* | * | ||||
* Don't honor setuid/setgid if the filesystem prohibits it or if | * Don't honor setuid/setgid if the filesystem prohibits it, if | ||||
* employing a user-specified run-time interpreter or if | |||||
* the process is being traced. | * the process is being traced. | ||||
* | * | ||||
* We disable setuid/setgid/etc in capability mode on the basis | * We disable setuid/setgid/etc in capability mode on the basis | ||||
* that most setugid applications are not written with that | * that most setugid applications are not written with that | ||||
* environment in mind, and will therefore almost certainly operate | * environment in mind, and will therefore almost certainly operate | ||||
* incorrectly. In principle there's no reason that setugid | * incorrectly. In principle there's no reason that setugid | ||||
* applications might not be useful in capability mode, so we may want | * applications might not be useful in capability mode, so we may want | ||||
* to reconsider this conservative design choice in the future. | * to reconsider this conservative design choice in the future. | ||||
* | * | ||||
* XXXMAC: For the time being, use NOSUID to also prohibit | * XXXMAC: For the time being, use NOSUID to also prohibit | ||||
* transitions on the file system. | * transitions on the file system. | ||||
*/ | */ | ||||
credential_changing = 0; | credential_changing = 0; | ||||
credential_changing |= (attr.va_mode & S_ISUID) && | credential_changing |= (attr.va_mode & S_ISUID) && | ||||
oldcred->cr_uid != attr.va_uid; | oldcred->cr_uid != attr.va_uid; | ||||
credential_changing |= (attr.va_mode & S_ISGID) && | credential_changing |= (attr.va_mode & S_ISGID) && | ||||
oldcred->cr_gid != attr.va_gid; | oldcred->cr_gid != attr.va_gid; | ||||
#ifdef MAC | #ifdef MAC | ||||
will_transition = mac_vnode_execve_will_transition(oldcred, imgp->vp, | will_transition = mac_vnode_execve_will_transition(oldcred, imgp->vp, | ||||
interpvplabel, imgp); | interpvplabel, imgp); | ||||
credential_changing |= will_transition; | credential_changing |= will_transition; | ||||
#endif | #endif | ||||
if (credential_changing && | if (credential_changing && | ||||
(imgp->args->interpreter == -1) && | |||||
#ifdef CAPABILITY_MODE | #ifdef CAPABILITY_MODE | ||||
((oldcred->cr_flags & CRED_FLAG_CAPMODE) == 0) && | ((oldcred->cr_flags & CRED_FLAG_CAPMODE) == 0) && | ||||
#endif | #endif | ||||
(imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 && | (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 && | ||||
(p->p_flag & P_TRACED) == 0) { | (p->p_flag & P_TRACED) == 0) { | ||||
imgp->credential_setid = true; | imgp->credential_setid = true; | ||||
VOP_UNLOCK(imgp->vp, 0); | VOP_UNLOCK(imgp->vp, 0); | ||||
imgp->newcred = crdup(oldcred); | imgp->newcred = crdup(oldcred); | ||||
▲ Show 20 Lines • Show All 631 Lines • ▼ Show 20 Lines | |||||
{ | { | ||||
u_long argp, envp; | u_long argp, envp; | ||||
int error; | int error; | ||||
size_t length; | size_t length; | ||||
bzero(args, sizeof(*args)); | bzero(args, sizeof(*args)); | ||||
if (argv == NULL) | if (argv == NULL) | ||||
return (EFAULT); | return (EFAULT); | ||||
/* | |||||
* Don't override the imgact-specified interpreter by default. | |||||
*/ | |||||
args->interpreter = -1; | |||||
/* | /* | ||||
* Allocate demand-paged memory for the file name, argument, and | * Allocate demand-paged memory for the file name, argument, and | ||||
* environment strings. | * environment strings. | ||||
*/ | */ | ||||
error = exec_alloc_args(args); | error = exec_alloc_args(args); | ||||
if (error != 0) | if (error != 0) | ||||
return (error); | return (error); | ||||
▲ Show 20 Lines • Show All 562 Lines • Show Last 20 Lines |
Given that sys_ffexecve and sys_fexecve appear to be identical except for this line, I'm tempted suggest a kern_ffexecve that you pass -1 to from sys_fexecve