PERFORCE change 164523 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Tue Jun 16 18:54:45 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164523
Change 164523 by trasz at trasz_victim on 2009/06/16 18:54:14
Fix a LOR, few more to go.
Affected files ...
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_exec.c#2 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_exit.c#5 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_prot.c#7 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/ucred.h#4 edit
Differences ...
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_exec.c#2 (text+ko) ====
@@ -321,6 +321,7 @@
struct nameidata nd;
struct ucred *newcred = NULL, *oldcred;
struct uidinfo *euip;
+ struct gidinfo *egip;
register_t *stack_base;
int error, len = 0, i;
struct image_params image_params, *imgp;
@@ -559,6 +560,7 @@
*/
newcred = crget();
euip = uifind(attr.va_uid);
+ egip = gifind(attr.va_gid);
i = imgp->args->begin_envv - imgp->args->begin_argv;
/* Cache arguments if they fit inside our allowance */
if (ps_arg_cache_limit >= i + sizeof(struct pargs)) {
@@ -688,7 +690,7 @@
if (attr.va_mode & S_ISUID)
change_euid(newcred, euip);
if (attr.va_mode & S_ISGID)
- change_egid(newcred, attr.va_gid);
+ change_egid(newcred, egip);
#ifdef MAC
if (will_transition) {
mac_vnode_execve_transition(oldcred, newcred, imgp->vp,
@@ -816,6 +818,7 @@
* Free any resources malloc'd earlier that we didn't use.
*/
uifree(euip);
+ gifree(egip);
if (newcred == NULL)
crfree(oldcred);
else
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_exit.c#5 (text+ko) ====
@@ -406,8 +406,12 @@
for (i = 0; i < HRL_RESOURCE_MAX; i++) {
if (p->p_accounting.ha_resources[i] != 0)
+#ifdef notyet
printf("exit1: exiting process: resource %d = %lld\n",
i, p->p_accounting.ha_resources[i]);
+#else
+ ;
+#endif
}
/*
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_prot.c#7 (text+ko) ====
@@ -647,11 +647,13 @@
struct proc *p = td->td_proc;
struct ucred *newcred, *oldcred;
gid_t gid;
+ struct gidinfo *gip;
int error;
gid = uap->gid;
AUDIT_ARG(gid, gid);
newcred = crget();
+ gip = gifind(gid);
PROC_LOCK(p);
oldcred = p->p_ucred;
@@ -720,11 +722,12 @@
* Copy credentials so other references do not see our changes.
*/
if (oldcred->cr_groups[0] != gid) {
- change_egid(newcred, gid);
+ change_egid(newcred, gip);
setsugid(p);
}
p->p_ucred = newcred;
PROC_UNLOCK(p);
+ gifree(gip);
crfree(oldcred);
return (0);
@@ -746,11 +749,13 @@
struct proc *p = td->td_proc;
struct ucred *newcred, *oldcred;
gid_t egid;
+ struct gidinfo *egip;
int error;
egid = uap->egid;
AUDIT_ARG(egid, egid);
newcred = crget();
+ egip = gifind(egid);
PROC_LOCK(p);
oldcred = p->p_ucred;
@@ -767,11 +772,12 @@
crcopy(newcred, oldcred);
if (oldcred->cr_groups[0] != egid) {
- change_egid(newcred, egid);
+ change_egid(newcred, egip);
setsugid(p);
}
p->p_ucred = newcred;
PROC_UNLOCK(p);
+ gifree(egip);
crfree(oldcred);
return (0);
@@ -942,6 +948,7 @@
struct proc *p = td->td_proc;
struct ucred *newcred, *oldcred;
gid_t egid, rgid;
+ struct gidinfo *egip;
int error;
egid = uap->egid;
@@ -949,6 +956,7 @@
AUDIT_ARG(egid, egid);
AUDIT_ARG(rgid, rgid);
newcred = crget();
+ egip = gifind(egid);
PROC_LOCK(p);
oldcred = p->p_ucred;
@@ -967,7 +975,7 @@
crcopy(newcred, oldcred);
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
- change_egid(newcred, egid);
+ change_egid(newcred, egip);
setsugid(p);
}
if (rgid != (gid_t)-1 && oldcred->cr_rgid != rgid) {
@@ -981,6 +989,7 @@
}
p->p_ucred = newcred;
PROC_UNLOCK(p);
+ gifree(egip);
crfree(oldcred);
return (0);
@@ -1088,6 +1097,7 @@
struct proc *p = td->td_proc;
struct ucred *newcred, *oldcred;
gid_t egid, rgid, sgid;
+ struct gidinfo *egip;
int error;
egid = uap->egid;
@@ -1097,6 +1107,7 @@
AUDIT_ARG(rgid, rgid);
AUDIT_ARG(sgid, sgid);
newcred = crget();
+ egip = gifind(egid);
PROC_LOCK(p);
oldcred = p->p_ucred;
@@ -1120,7 +1131,7 @@
crcopy(newcred, oldcred);
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
- change_egid(newcred, egid);
+ change_egid(newcred, egip);
setsugid(p);
}
if (rgid != (gid_t)-1 && oldcred->cr_rgid != rgid) {
@@ -1133,6 +1144,7 @@
}
p->p_ucred = newcred;
PROC_UNLOCK(p);
+ gifree(egip);
crfree(oldcred);
return (0);
@@ -2000,6 +2012,9 @@
p->p_stops = 0;
}
+/*
+ * XXX: All of these need to somehow fixup the resource accounting.
+ */
/*-
* Change a process's effective uid.
* Side effects: newcred->cr_uid and newcred->cr_uidinfo will be modified.
@@ -2023,12 +2038,13 @@
* duration of the call.
*/
void
-change_egid(struct ucred *newcred, gid_t egid)
+change_egid(struct ucred *newcred, struct gidinfo *egip)
{
+ newcred->cr_groups[0] = egip->gi_gid;
+ gihold(egip);
gifree(newcred->cr_gidinfos[0]);
- newcred->cr_groups[0] = egid;
- newcred->cr_gidinfos[0] = gifind(egid);
+ newcred->cr_gidinfos[0] = egip;
}
/*-
==== //depot/projects/soc2009/trasz_limits/sys/sys/ucred.h#4 (text+ko) ====
@@ -85,7 +85,7 @@
#ifdef _KERNEL
struct thread;
-void change_egid(struct ucred *newcred, gid_t egid);
+void change_egid(struct ucred *newcred, struct gidinfo *egip);
void change_euid(struct ucred *newcred, struct uidinfo *euip);
void change_rgid(struct ucred *newcred, gid_t rgid);
void change_ruid(struct ucred *newcred, struct uidinfo *ruip);
More information about the p4-projects
mailing list