Implement AT_SECURE properly.
AT_SECURE auxv entry has been added to the Linux 2.5 kernel to pass a boolean flag indicating whether secure mode should be enabled. 1 means that the program has changes its credentials during the execution. Being exported AT_SECURE used by glibc issetugid() call. Submitted by: imp, dchagin Security: FreeBSD-SA-16:10.linux Security: CVE-2016-1883
This commit is contained in:
parent
6144b07f9b
commit
669414e4fb
@ -271,6 +271,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
|
||||
Elf_Addr *pos;
|
||||
struct ps_strings *arginfo;
|
||||
struct proc *p;
|
||||
int issetugid;
|
||||
|
||||
p = imgp->proc;
|
||||
arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
|
||||
@ -281,6 +282,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
|
||||
args = (Elf64_Auxargs *)imgp->auxargs;
|
||||
pos = base + (imgp->args->argc + imgp->args->envc + 2);
|
||||
|
||||
issetugid = p->p_flag & P_SUGID ? 1 : 0;
|
||||
AUXARGS_ENTRY(pos, LINUX_AT_SYSINFO_EHDR,
|
||||
imgp->proc->p_sysent->sv_shared_page_base);
|
||||
AUXARGS_ENTRY(pos, LINUX_AT_HWCAP, cpu_feature);
|
||||
@ -296,7 +298,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
|
||||
AUXARGS_ENTRY(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid);
|
||||
AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);
|
||||
AUXARGS_ENTRY(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid);
|
||||
AUXARGS_ENTRY(pos, LINUX_AT_SECURE, 0);
|
||||
AUXARGS_ENTRY(pos, LINUX_AT_SECURE, issetugid);
|
||||
AUXARGS_ENTRY(pos, LINUX_AT_PLATFORM, PTROUT(linux_platform));
|
||||
AUXARGS_ENTRY(pos, LINUX_AT_RANDOM, imgp->canary);
|
||||
if (imgp->execpathp != 0)
|
||||
|
@ -230,6 +230,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
|
||||
Elf32_Addr *base;
|
||||
Elf32_Addr *pos;
|
||||
struct linux32_ps_strings *arginfo;
|
||||
int issetugid;
|
||||
|
||||
arginfo = (struct linux32_ps_strings *)LINUX32_PS_STRINGS;
|
||||
|
||||
@ -239,6 +240,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
|
||||
args = (Elf32_Auxargs *)imgp->auxargs;
|
||||
pos = base + (imgp->args->argc + imgp->args->envc + 2);
|
||||
|
||||
issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0;
|
||||
AUXARGS_ENTRY_32(pos, LINUX_AT_SYSINFO_EHDR,
|
||||
imgp->proc->p_sysent->sv_shared_page_base);
|
||||
AUXARGS_ENTRY_32(pos, LINUX_AT_SYSINFO, linux32_vsyscall);
|
||||
@ -261,7 +263,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
|
||||
AUXARGS_ENTRY_32(pos, AT_FLAGS, args->flags);
|
||||
AUXARGS_ENTRY_32(pos, AT_ENTRY, args->entry);
|
||||
AUXARGS_ENTRY_32(pos, AT_BASE, args->base);
|
||||
AUXARGS_ENTRY_32(pos, LINUX_AT_SECURE, 0);
|
||||
AUXARGS_ENTRY_32(pos, LINUX_AT_SECURE, issetugid);
|
||||
AUXARGS_ENTRY_32(pos, AT_UID, imgp->proc->p_ucred->cr_ruid);
|
||||
AUXARGS_ENTRY_32(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid);
|
||||
AUXARGS_ENTRY_32(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);
|
||||
|
@ -238,11 +238,13 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
|
||||
Elf32_Addr *uplatform;
|
||||
struct ps_strings *arginfo;
|
||||
register_t *pos;
|
||||
int issetugid;
|
||||
|
||||
KASSERT(curthread->td_proc == imgp->proc,
|
||||
("unsafe elf_linux_fixup(), should be curproc"));
|
||||
|
||||
p = imgp->proc;
|
||||
issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0;
|
||||
arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
|
||||
uplatform = (Elf32_Addr *)((caddr_t)arginfo - linux_szplatform);
|
||||
args = (Elf32_Auxargs *)imgp->auxargs;
|
||||
@ -270,7 +272,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
|
||||
AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
|
||||
AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
|
||||
AUXARGS_ENTRY(pos, AT_BASE, args->base);
|
||||
AUXARGS_ENTRY(pos, LINUX_AT_SECURE, 0);
|
||||
AUXARGS_ENTRY(pos, LINUX_AT_SECURE, issetugid);
|
||||
AUXARGS_ENTRY(pos, AT_UID, imgp->proc->p_ucred->cr_ruid);
|
||||
AUXARGS_ENTRY(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid);
|
||||
AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);
|
||||
|
Loading…
Reference in New Issue
Block a user