From nobody Sun Jun 21 11:48:07 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gjqMr1bd4z6jZYY for ; Sun, 21 Jun 2026 11:48:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "YR1" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gjqMq3tV8z3WNw for ; Sun, 21 Jun 2026 11:48:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1782042487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y5c4zEotbBoxr790KpHi1/op4PB8Tbt9SrhEiCPBtq0=; b=aSEDh10ZlnWp+9Q1qLD5VKffxsGtoweumh9MuHr/PJKQrTA4oJsfRu6/sTce2oCjNyl3Z6 i4S8WYZ/K/SugEFLNGUfORVxcgsKGxr3xzzHuTOxe1MwdlRwaVLz76H8EPq6MkGMRdFO5y pmiv4j5WQXosOkE5nBTWAqwnsvFqxNq8ap+t2I1TGhY6zdCblSu5ijhkFDLmksBsm0DS+3 SAJJ64P3+YIr8VcNZVVau6NKnJHgFBUBmf548TULxhzTPknQmf0zWICu2q42VJNWRTw9b/ F4SY9E5NSaFrF5dNl5vRxvOU4ARQPsW/8873e594QKn3rkVz6whMUt/O0bxmcQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1782042487; a=rsa-sha256; cv=none; b=uzaQVzPsTuh3ytkC4r1GmdqMJ7R0r/cANOZwXq9kdHwt+o1UAK6EWROt3ytIZonMcSdWuj S/FHuYRv9AkBGMTmq5MuBYg8L5JkJpSnn3Gj+/mu80KdNh2cP545fET8Qez6Z8+Mksb8QK CqsRe6YL4musQURMX2OFt/5FpznrDIdSHEq0AmNcP1ypQr+yiWTQ1Q/Y850wCmAu1UYA5L 2iU36jxKsWqnTw5PUqmkpx9rlEFiT1+flVcDf8eVzF7WRBpEeYLbRlJZ8PoWYBuZGW5AHQ Ae6WfB12mvuS4KT6+ehMMGsJzg2+E/GVBtnMK16NkxWdoNfSo02OW3M1h5onUw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1782042487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y5c4zEotbBoxr790KpHi1/op4PB8Tbt9SrhEiCPBtq0=; b=wwbk4kHpMqrZc/cIXEYKu6NJcaAPluFmS5Fut7S2R0rnP2eNYXuHVhNSRpLiG18m2gIY1c lhlPnLwyymLBpYa3EKZADEyFkLcEnKahUd8sDgkwZXJQWVCklc1WohBD8gVS8aTc0hM6tA djaqC+HpIo/lZfxpC9pR2nnz7olx9WenUlgKJqKW8+9hP8BaSQ3p/NKIDhmkrMVoh3e37D K1HE3TUVkcsWsCOFmJYR6yEiX/skYQEX6eNLOLkIigbwuJosP6JvIC+9P+Qc5PIKUm1pnt kFnCHatUM9e+lY8VLxOC/znl4AEDnYYLG9AfehoXU8L6fVO75Uzw49FrVk7Eyw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gjqMq2clbz1Dbr for ; Sun, 21 Jun 2026 11:48:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 2685d by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sun, 21 Jun 2026 11:48:07 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 5a91fa5a7656 - main - kern_proc.c: disallow execve around sysctl kern.proc.rlimit List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5a91fa5a7656c99e527fe7e6f6bf6bd9e85ab589 Auto-Submitted: auto-generated Date: Sun, 21 Jun 2026 11:48:07 +0000 Message-Id: <6a37cf77.2685d.41a88015@gitrepo.freebsd.org> The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=5a91fa5a7656c99e527fe7e6f6bf6bd9e85ab589 commit 5a91fa5a7656c99e527fe7e6f6bf6bd9e85ab589 Author: Konstantin Belousov AuthorDate: 2026-06-16 04:30:10 +0000 Commit: Konstantin Belousov CommitDate: 2026-06-21 11:46:53 +0000 kern_proc.c: disallow execve around sysctl kern.proc.rlimit Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: htts://reviews.freebsd.org/D57497 --- sys/kern/kern_proc.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index f69a65f9d5a1..41e5b6594981 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -2992,8 +2992,9 @@ sysctl_kern_proc_rlimit(SYSCTL_HANDLER_ARGS) u_int namelen = arg2; struct rlimit rlim; struct proc *p; + struct thread *td; u_int which; - int flags, error; + int error; if (namelen != 2) return (EINVAL); @@ -3005,23 +3006,24 @@ sysctl_kern_proc_rlimit(SYSCTL_HANDLER_ARGS) if (req->newptr != NULL && req->newlen != sizeof(rlim)) return (EINVAL); - flags = PGET_HOLD | PGET_NOTWEXIT; - if (req->newptr != NULL) - flags |= PGET_CANDEBUG; - else - flags |= PGET_CANSEE; - error = pget((pid_t)name[0], flags, &p); + td = curthread; + error = pget((pid_t)name[0], PGET_NOTWEXIT, &p); if (error != 0) return (error); + _PHOLD(p); + execve_block_wait(td, p); + error = req->newptr != NULL ? p_candebug(td, p) : p_cansee(td, p); + if (error != 0) + goto errout1; /* * Retrieve limit. */ if (req->oldptr != NULL) { - PROC_LOCK(p); lim_rlimit_proc(p, which, &rlim); - PROC_UNLOCK(p); } + PROC_UNLOCK(p); + error = SYSCTL_OUT(req, &rlim, sizeof(rlim)); if (error != 0) goto errout; @@ -3036,7 +3038,11 @@ sysctl_kern_proc_rlimit(SYSCTL_HANDLER_ARGS) } errout: - PRELE(p); + PROC_LOCK(p); +errout1: + _PRELE(p); + execve_unblock(td, p); + PROC_UNLOCK(p); return (error); }