Page MenuHomeFreeBSD
Differential D57397

imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images
ClosedPublic
Actions

Authored by markj on Tue, Jun 2, 9:27 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jun 12, 2:58 AM
Unknown Object (File)
Fri, Jun 12, 12:31 AM
Unknown Object (File)
Wed, Jun 10, 9:21 PM
Unknown Object (File)
Wed, Jun 10, 3:12 PM
Unknown Object (File)
Wed, Jun 10, 12:25 PM
Unknown Object (File)
Tue, Jun 9, 3:05 AM
Unknown Object (File)
Tue, Jun 9, 3:02 AM
Unknown Object (File)
Mon, Jun 8, 2:24 AM
View All 16 Files
Subscribers
imp
olce

Details

Reviewers
brooks
kib
emaste
Commits
rGe417948e6139: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images
rG796579bcfbc4: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images
rG6e51dfc401e7: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images
rG547fc2a98a24: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images
rG744f62ccbf82: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images
rGe1cdc49846c1: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images
rGebb0ea9f4f59: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images
Summary

Otherwise an unprivileged user can disable randomization of the base
address for PIEs even if they are setugid.

Add a regression test.

Reported by: David Berard

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 73635
Build 70518: arc lint + arc unit

Event Timeline

markj created this revision.Tue, Jun 2, 9:27 PM
Herald added subscribers: olce, imp. · View Herald TranscriptTue, Jun 2, 9:27 PM
markj requested review of this revision.Tue, Jun 2, 9:27 PM
Harbormaster completed remote builds in B73629: Diff 179109.Tue, Jun 2, 9:27 PM
kib added inline comments.Tue, Jun 2, 11:40 PM
sys/kern/imgact_elf.c
1366

Why moving the VOP_UNLOCK line? If moving, I would put it before the newly moved check imgp->credential_setid

markj added inline comments.Wed, Jun 3, 1:04 PM
sys/kern/imgact_elf.c
1366

I did it this way to avoid changing error handling, and to keep related blocks of code close together. In particular, goto ret requires the vnode to be locked. If you prefer, I will move it earlier and add a new goto label.

kib added inline comments.Wed, Jun 3, 2:17 PM
sys/kern/imgact_elf.c
1366

I think it is simpler to relock the vnode before goto. Yes, I think it makes sense to move the unlock earlier.

markj updated this revision to Diff 179127.Wed, Jun 3, 2:55 PM
markj marked 2 inline comments as done.

Unlock the vnode earlier.

Harbormaster completed remote builds in B73635: Diff 179127.Wed, Jun 3, 2:55 PM
kib accepted this revision.Wed, Jun 3, 3:45 PM
This revision is now accepted and ready to land.Wed, Jun 3, 3:45 PM
Closed by commit rGebb0ea9f4f59: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images (authored by markj). · Explain WhyTue, Jun 9, 7:17 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGebb0ea9f4f59: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images.
markj added a commit: rGe1cdc49846c1: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images.
markj added a commit: rG744f62ccbf82: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images.
markj added a commit: rG547fc2a98a24: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images.Tue, Jun 9, 7:20 PM
markj added a commit: rG6e51dfc401e7: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images.
markj added a commit: rG796579bcfbc4: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images.
markj added a commit: rGe417948e6139: imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images.Tue, Jun 9, 7:23 PM

Revision Contents
Changeset List

PathSize
sys/
kern/
55 lines
tests/
sys/
kern/
2 lines
150 lines

Diff 179127

View Options

sys/kern/imgact_elf.c

Loading...
View Options

tests/sys/kern/Makefile

Loading...
View Options

tests/sys/kern/aslr.c

Loading...