HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS300792

exec: Add credential change information into imgp for process_exec hook.
rS300792
Actions

Description

exec: Add credential change information into imgp for process_exec hook.

This allows an EVENTHANDLER(process_exec) hook to see if the new image
will cause credentials to change whether due to setgid/setuid or because
of POSIX saved-id semantics.

This adds 3 new fields into image_params:

struct ucred *newcred		Non-null if the credentials will change.
bool credential_setid		True if the new image is setuid or setgid.

This will pre-determine the new credentials before invoking the image
activators, where the process_exec hook is called. The new credentials
will be installed into the process in the same place as before, after
image activators are done handling the image.

MFC after: 2 weeks
Reviewed by: kib
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D6544

Details

Provenance
bdreweryAuthored on
Reviewer
kib
Differential Revision
D6544: exec: Add credential change information into imgp for process_exec hook.
Parents
rS300791: Use a unique error message if we fail to find the simple network protocol.
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
head/
sys/
kern/
sys/

rS300792

View Options

head/sys/kern/kern_exec.c

Loading...
View Options

head/sys/sys/imgact.h

Loading...