Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/imgact_elf.c
Show First 20 Lines • Show All 1,210 Lines • ▼ Show 20 Lines | __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) | ||||
* Decide whether to enable randomization of user mappings. | * Decide whether to enable randomization of user mappings. | ||||
* First, reset user preferences for the setid binaries. | * First, reset user preferences for the setid binaries. | ||||
* Then, account for the support of the randomization by the | * Then, account for the support of the randomization by the | ||||
* ABI, by user preferences, and make special treatment for | * ABI, by user preferences, and make special treatment for | ||||
* PIE binaries. | * PIE binaries. | ||||
*/ | */ | ||||
if (imgp->credential_setid) { | if (imgp->credential_setid) { | ||||
PROC_LOCK(imgp->proc); | PROC_LOCK(imgp->proc); | ||||
imgp->proc->p_flag2 &= ~(P2_ASLR_ENABLE | P2_ASLR_DISABLE); | imgp->proc->p_flag2 &= ~(P2_ASLR_ENABLE | P2_ASLR_DISABLE | | ||||
P2_WXORX_DISABLE | P2_WXORX_ENABLE_EXEC); | |||||
PROC_UNLOCK(imgp->proc); | PROC_UNLOCK(imgp->proc); | ||||
} | } | ||||
if ((sv->sv_flags & SV_ASLR) == 0 || | if ((sv->sv_flags & SV_ASLR) == 0 || | ||||
(imgp->proc->p_flag2 & P2_ASLR_DISABLE) != 0 || | (imgp->proc->p_flag2 & P2_ASLR_DISABLE) != 0 || | ||||
(fctl0 & NT_FREEBSD_FCTL_ASLR_DISABLE) != 0) { | (fctl0 & NT_FREEBSD_FCTL_ASLR_DISABLE) != 0) { | ||||
KASSERT(et_dyn_addr != ET_DYN_ADDR_RAND, | KASSERT(et_dyn_addr != ET_DYN_ADDR_RAND, | ||||
("et_dyn_addr == RAND and !ASLR")); | ("et_dyn_addr == RAND and !ASLR")); | ||||
} else if ((imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0 || | } else if ((imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0 || | ||||
(__elfN(aslr_enabled) && hdr->e_type == ET_EXEC) || | (__elfN(aslr_enabled) && hdr->e_type == ET_EXEC) || | ||||
et_dyn_addr == ET_DYN_ADDR_RAND) { | et_dyn_addr == ET_DYN_ADDR_RAND) { | ||||
imgp->map_flags |= MAP_ASLR; | imgp->map_flags |= MAP_ASLR; | ||||
/* | /* | ||||
* If user does not care about sbrk, utilize the bss | * If user does not care about sbrk, utilize the bss | ||||
* grow region for mappings as well. We can select | * grow region for mappings as well. We can select | ||||
* the base for the image anywere and still not suffer | * the base for the image anywere and still not suffer | ||||
* from the fragmentation. | * from the fragmentation. | ||||
*/ | */ | ||||
if (!__elfN(aslr_honor_sbrk) || | if (!__elfN(aslr_honor_sbrk) || | ||||
(imgp->proc->p_flag2 & P2_ASLR_IGNSTART) != 0) | (imgp->proc->p_flag2 & P2_ASLR_IGNSTART) != 0) | ||||
imgp->map_flags |= MAP_ASLR_IGNSTART; | imgp->map_flags |= MAP_ASLR_IGNSTART; | ||||
} | } | ||||
if (!__elfN(allow_wx) && (fctl0 & NT_FREEBSD_FCTL_WXNEEDED) == 0) | if ((!__elfN(allow_wx) && (fctl0 & NT_FREEBSD_FCTL_WXNEEDED) == 0 && | ||||
(imgp->proc->p_flag2 & P2_WXORX_DISABLE) == 0) || | |||||
(imgp->proc->p_flag2 & P2_WXORX_ENABLE_EXEC) != 0) | |||||
imgp->map_flags |= MAP_WXORX; | imgp->map_flags |= MAP_WXORX; | ||||
error = exec_new_vmspace(imgp, sv); | error = exec_new_vmspace(imgp, sv); | ||||
vmspace = imgp->proc->p_vmspace; | vmspace = imgp->proc->p_vmspace; | ||||
map = &vmspace->vm_map; | map = &vmspace->vm_map; | ||||
imgp->proc->p_sysent = sv; | imgp->proc->p_sysent = sv; | ||||
imgp->proc->p_elf_brandinfo = brand_info; | imgp->proc->p_elf_brandinfo = brand_info; | ||||
▲ Show 20 Lines • Show All 1,450 Lines • Show Last 20 Lines |