Set ISOPEN in namei flags when opening executable interpreters.

These vnodes are explicitly opened via VOP_OPEN via exec_check_permissions identical to the main exectuable image. Setting ISOPEN allows filesystems to perform suitable checks in VOP_LOOKUP (e.g. close-to-open consistency in the NFS client). Reviewed by: kib MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D21129
svn path=/head/; revision=350549
2019-08-03 01:02:52 +00:00 · 2019-08-03 01:02:52 +00:00 · f422bc3092 · 2020-12-20 02:59:44 +00:00
commit f422bc3092
parent dfb39567a2
2 changed files with 3 additions and 3 deletions
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@ -748,8 +748,8 @@ __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
 	imgp->object = NULL;
 	imgp->execlabel = NULL;

-	NDINIT(nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF, UIO_SYSSPACE, file,
-	    curthread);
+	NDINIT(nd, LOOKUP, ISOPEN | FOLLOW | LOCKSHARED | LOCKLEAF,
+	    UIO_SYSSPACE, file, curthread);
 	if ((error = namei(nd)) != 0) {
 		nd->ni_vp = NULL;
 		goto fail;
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@ -639,7 +639,7 @@ do_execve(struct thread *td, struct image_args *args, struct mac *mac_p)
 		free(imgp->freepath, M_TEMP);
 		imgp->freepath = NULL;
 		/* set new name to that of the interpreter */
-		NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
+		NDINIT(&nd, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME,
 		    UIO_SYSSPACE, imgp->interpreter_name, td);
 		args->fname = imgp->interpreter_name;
 		goto interpret;