d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sysent: allow ABI to disable setid on exec.

Browse Source 
Reviewed by:	dchagin
Tested by:	trasz
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D28154
This commit is contained in:
Konstantin Belousov 2021-01-14 15:38:29 +02:00
parent 19e6043a44
commit 2d423f7671
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/kern/kern_exec.c
View File

@ -778,6 +778,10 @@ interpret:
signotify(td); signotify(td);
} }
if (imgp->sysent->sv_setid_allowed != NULL &&
!(*imgp->sysent->sv_setid_allowed)(td, imgp))
execve_nosetid(imgp);
/* /*
* Implement image setuid/setgid installation. * Implement image setuid/setgid installation.
*/ */

2
sys/sys/sysent.h
View File

@ -148,6 +148,8 @@ struct sysentvec {
void (*sv_onexec)(struct proc *, struct image_params *); void (*sv_onexec)(struct proc *, struct image_params *);
void (*sv_onexit)(struct proc *); void (*sv_onexit)(struct proc *);
void (*sv_ontdexit)(struct thread *td); void (*sv_ontdexit)(struct thread *td);
bool (*sv_setid_allowed)(struct thread *td,
struct image_params *imgp);
}; };
#define SV_ILP32 0x000100 /* 32-bit executable. */ #define SV_ILP32 0x000100 /* 32-bit executable. */