doc/share/security/patches/SA-02:08/exec.patch
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

194 lines
6.5 KiB
Diff

Index: sys/kern/kern_exec.c
diff -u sys/kern/kern_exec.c:1.107.2.12 src/sys/kern/kern_exec.c:1.107.2.13
--- sys/kern/kern_exec.c:1.107.2.12 Mon Jan 7 22:13:21 2002
+++ sys/kern/kern_exec.c Tue Jan 22 11:22:59 2002
@@ -114,6 +114,15 @@
imgp = &image_params;
/*
+ * Lock the process and set the P_INEXEC flag to indicate that
+ * it should be left alone until we're done here. This is
+ * necessary to avoid race conditions - e.g. in ptrace() -
+ * that might allow a local user to illicitly obtain elevated
+ * privileges.
+ */
+ p->p_flag |= P_INEXEC;
+
+ /*
* Initialize part of the common data
*/
imgp->proc = p;
@@ -348,10 +357,12 @@
VREF(ndp->ni_vp);
p->p_textvp = ndp->ni_vp;
- /*
- * notify others that we exec'd
- */
+ /*
+ * Notify others that we exec'd, and clear the P_INEXEC flag
+ * as we're now a bona fide freshly-execed process.
+ */
KNOTE(&p->p_klist, NOTE_EXEC);
+ p->p_flag &= ~P_INEXEC;
/*
* If tracing the process, trap to debugger so breakpoints
@@ -405,6 +416,8 @@
return (0);
exec_fail:
+ /* we're done here, clear P_INEXEC */
+ p->p_flag &= ~P_INEXEC;
if (imgp->vmspace_destroyed) {
/* sorry, no more process anymore. exit gracefully */
exit1(p, W_EXITCODE(0, SIGABRT));
Index: sys/kern/sys_process.c
diff -u sys/kern/sys_process.c:1.51.2.2 src/sys/kern/sys_process.c:1.51.2.3
--- sys/kern/sys_process.c:1.51.2.2 Wed Oct 3 01:55:42 2001
+++ sys/kern/sys_process.c Tue Jan 22 11:22:59 2002
@@ -220,6 +220,10 @@
if (!PRISON_CHECK(curp, p))
return (ESRCH);
+ /* Can't trace a process that's currently exec'ing. */
+ if ((p->p_flag & P_INEXEC) != 0)
+ return EAGAIN;
+
/*
* Permissions check
*/
Index: sys/miscfs/procfs/procfs.h
diff -u sys/miscfs/procfs/procfs.h:1.32.2.2 src/sys/miscfs/procfs/procfs.h:1.32.2.3
--- sys/miscfs/procfs/procfs.h:1.32.2.2 Sun Aug 12 09:29:19 2001
+++ sys/miscfs/procfs/procfs.h Tue Jan 22 11:22:59 2002
@@ -97,7 +97,7 @@
((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \
((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \
((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \
- ((p2)->p_flag & P_SUGID) == 0) || \
+ ((p2)->p_flag & (P_SUGID|P_INEXEC)) == 0) || \
(suser_xxx((p1)->p_cred->pc_ucred, (p1), PRISON_ROOT) == 0))
/*
Index: sys/miscfs/procfs/procfs_ctl.c
diff -u sys/miscfs/procfs/procfs_ctl.c:1.20.2.1 src/sys/miscfs/procfs/procfs_ctl.c:1.20.2.2
--- sys/miscfs/procfs/procfs_ctl.c:1.20.2.1 Sat Dec 16 21:13:05 2000
+++ sys/miscfs/procfs/procfs_ctl.c Tue Jan 22 11:22:59 2002
@@ -110,6 +110,9 @@
{
int error;
+ /* Can't trace a process that's currently exec'ing. */
+ if ((p->p_flag & P_INEXEC) != 0)
+ return EAGAIN;
/*
* Authorization check: rely on normal debugging protection, except
* allow processes to disengage debugging on a process onto which
Index: sys/miscfs/procfs/procfs_dbregs.c
diff -u sys/miscfs/procfs/procfs_dbregs.c:1.4.2.2 src/sys/miscfs/procfs/procfs_dbregs.c:1.4.2.3
--- sys/miscfs/procfs/procfs_dbregs.c:1.4.2.2 Sat Aug 4 08:12:24 2001
+++ sys/miscfs/procfs/procfs_dbregs.c Tue Jan 22 11:22:59 2002
@@ -62,6 +62,9 @@
char *kv;
int kl;
+ /* Can't trace a process that's currently exec'ing. */
+ if ((p->p_flag & P_INEXEC) != 0)
+ return EAGAIN;
if (!CHECKIO(curp, p) || p_trespass(curp, p))
return (EPERM);
kl = sizeof(r);
Index: sys/miscfs/procfs/procfs_fpregs.c
diff -u sys/miscfs/procfs/procfs_fpregs.c:1.11.2.2 src/sys/miscfs/procfs/procfs_fpregs.c:1.11.2.3
--- sys/miscfs/procfs/procfs_fpregs.c:1.11.2.2 Sat Aug 4 08:12:24 2001
+++ sys/miscfs/procfs/procfs_fpregs.c Tue Jan 22 11:22:59 2002
@@ -59,6 +59,9 @@
char *kv;
int kl;
+ /* Can't trace a process that's currently exec'ing. */
+ if ((p->p_flag & P_INEXEC) != 0)
+ return EAGAIN;
if (!CHECKIO(curp, p) || p_trespass(curp, p))
return EPERM;
kl = sizeof(r);
Index: sys/miscfs/procfs/procfs_regs.c
diff -u sys/miscfs/procfs/procfs_regs.c:1.10.2.2 src/sys/miscfs/procfs/procfs_regs.c:1.10.2.3
--- sys/miscfs/procfs/procfs_regs.c:1.10.2.2 Sat Aug 4 08:12:24 2001
+++ sys/miscfs/procfs/procfs_regs.c Tue Jan 22 11:22:59 2002
@@ -60,6 +60,9 @@
char *kv;
int kl;
+ /* Can't trace a process that's currently exec'ing. */
+ if ((p->p_flag & P_INEXEC) != 0)
+ return EAGAIN;
if (!CHECKIO(curp, p) || p_trespass(curp, p))
return EPERM;
kl = sizeof(r);
Index: sys/miscfs/procfs/procfs_status.c
diff -u sys/miscfs/procfs/procfs_status.c:1.20.2.3 src/sys/miscfs/procfs/procfs_status.c:1.20.2.4
--- sys/miscfs/procfs/procfs_status.c:1.20.2.3 Thu Nov 16 07:50:00 2000
+++ sys/miscfs/procfs/procfs_status.c Tue Jan 22 11:22:59 2002
@@ -211,7 +211,9 @@
*/
if (p->p_args &&
- (ps_argsopen || (CHECKIO(curp, p) && !p_trespass(curp, p)))) {
+ (ps_argsopen || (CHECKIO(curp, p) &&
+ (p->p_flag & P_INEXEC) == 0 &&
+ !p_trespass(curp, p)))) {
bp = p->p_args->ar_args;
buflen = p->p_args->ar_length;
buf = 0;
Index: sys/sys/proc.h
diff -u sys/sys/proc.h:1.99.2.5 src/sys/sys/proc.h:1.99.2.6
--- sys/sys/proc.h:1.99.2.5 Thu Sep 7 14:13:54 2000
+++ sys/sys/proc.h Tue Jan 22 11:23:02 2002
@@ -291,6 +291,7 @@
#define P_JAILED 0x1000000 /* Process is in jail */
#define P_OLDMASK 0x2000000 /* need to restore mask before pause */
#define P_ALTSTACK 0x4000000 /* have alternate signal stack */
+#define P_INEXEC 0x8000000 /* Process is in execve(). */
/*
* MOVE TO ucred.h?
Index: sys/miscfs/procfs/procfs_mem.c
diff -u sys/miscfs/procfs/procfs_mem.c:1.46.2.2 src/sys/miscfs/procfs/procfs_mem.c:1.46.2.3
--- sys/miscfs/procfs/procfs_mem.c:1.46.2.2 Sun Aug 12 09:29:19 2001
+++ sys/miscfs/procfs/procfs_mem.c Tue Jan 22 11:22:59 2002
@@ -244,6 +244,9 @@
if (uio->uio_resid == 0)
return (0);
+ /* Can't trace a process that's currently exec'ing. */
+ if ((p->p_flag & P_INEXEC) != 0)
+ return EAGAIN;
if (!CHECKIO(curp, p) || p_trespass(curp, p))
return EPERM;
Index: sys/miscfs/procfs/procfs_vnops.c
diff -u sys/miscfs/procfs/procfs_vnops.c:1.76.2.6 src/sys/miscfs/procfs/procfs_vnops.c:1.76.2.7
--- sys/miscfs/procfs/procfs_vnops.c:1.76.2.6 Mon Oct 29 14:15:30 2001
+++ sys/miscfs/procfs/procfs_vnops.c Tue Jan 22 11:22:59 2002
@@ -148,6 +148,9 @@
return (EBUSY);
p1 = ap->a_p;
+ /* Can't trace a process that's currently exec'ing. */
+ if ((p2->p_flag & P_INEXEC) != 0)
+ return EAGAIN;
if (!CHECKIO(p1, p2) || p_trespass(p1, p2))
return (EPERM);
@@ -239,6 +242,9 @@
return ENOTTY;
}
+ /* Can't trace a process that's currently exec'ing. */
+ if ((procp->p_flag & P_INEXEC) != 0)
+ return EAGAIN;
if (!CHECKIO(p, procp) || p_trespass(p, procp))
return EPERM;