o pcred-removal changes included modifications to optimize the setting of
the saved uid and gid during execve(). Unfortunately, the optimizations were incorrect in the case where the credential was updated, skipping the setting of the saved uid and gid when new credentials were generated. This change corrects that problem by handling the newcred!=NULL case correctly. Reported/tested by: David Malone <dwmalone@maths.tcd.ie> Obtained from: TrustedBSD Project
This commit is contained in:
Robert Watson
parent
0d60c7099d
commit
7cb8e4d277
@ -334,17 +334,18 @@ interpret:
|
||||
* (replaced) euid and egid as the source, which may or may not be
|
||||
* the right ones to use.
|
||||
*/
|
||||
if (oldcred->cr_svuid != oldcred->cr_uid ||
|
||||
oldcred->cr_svgid != oldcred->cr_gid) {
|
||||
/*
|
||||
* Avoid allocating a newcred if we don't have one yet and
|
||||
* the saved uid/gid update would be a noop.
|
||||
*/
|
||||
if (newcred == NULL)
|
||||
if (newcred == NULL) {
|
||||
if (oldcred->cr_svuid != oldcred->cr_uid ||
|
||||
oldcred->cr_svgid != oldcred->cr_gid) {
|
||||
newcred = crdup(oldcred);
|
||||
change_svuid(newcred, newcred->cr_uid);
|
||||
change_svgid(newcred, newcred->cr_gid);
|
||||
}
|
||||
} else {
|
||||
change_svuid(newcred, newcred->cr_uid);
|
||||
change_svgid(newcred, newcred->cr_gid);
|
||||
}
|
||||
|
||||
if (newcred != NULL) {
|
||||
PROC_LOCK(p);
|
||||
p->p_ucred = newcred;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user