git: d0384f50dad2 - main - sys_set*id(9): wait for the execblocks to pass

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Sun, 21 Jun 2026 11:48:16 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=d0384f50dad25d3358d76f7556969ea1d515ba68

commit d0384f50dad25d3358d76f7556969ea1d515ba68
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2026-06-17 19:07:22 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2026-06-21 11:46:54 +0000

    sys_set*id(9): wait for the execblocks to pass
    
    to ensure stability of the process uid/gids during the
    p_cansee()/p_candebug()-protected regions.
    
    Tested by:      pho
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D57497
---
 sys/kern/kern_prot.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 47744f6b07fe..a223a7720844 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -54,6 +54,7 @@
 #include <sys/systm.h>
 #include <sys/abi_compat.h>
 #include <sys/acct.h>
+#include <sys/imgact.h>
 #include <sys/kdb.h>
 #include <sys/kernel.h>
 #include <sys/libkern.h>
@@ -1021,6 +1022,8 @@ sys_seteuid(struct thread *td, struct seteuid_args *uap)
 	newcred = crget();
 	euip = uifind(euid);
 	PROC_LOCK(p);
+	execve_block_pass(td);
+
 	/*
 	 * Copy credentials so other references do not see our changes.
 	 */
@@ -1075,6 +1078,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
 	AUDIT_ARG_GID(gid);
 	newcred = crget();
 	PROC_LOCK(p);
+	execve_block_pass(td);
 	oldcred = crcopysafe(p, newcred);
 
 #ifdef MAC
@@ -1173,6 +1177,7 @@ sys_setegid(struct thread *td, struct setegid_args *uap)
 	AUDIT_ARG_EGID(egid);
 	newcred = crget();
 	PROC_LOCK(p);
+	execve_block_pass(td);
 	oldcred = crcopysafe(p, newcred);
 
 #ifdef MAC
@@ -1304,6 +1309,7 @@ kern_setgroups(struct thread *td, int *ngrpp, gid_t *groups)
 	newcred = crget();
 	crextend(newcred, ngrp);
 	PROC_LOCK(p);
+	execve_block_pass(td);
 	oldcred = crcopysafe(p, newcred);
 
 #ifdef MAC
@@ -1360,6 +1366,7 @@ sys_setreuid(struct thread *td, struct setreuid_args *uap)
 	euip = uifind(euid);
 	ruip = uifind(ruid);
 	PROC_LOCK(p);
+	execve_block_pass(td);
 	oldcred = crcopysafe(p, newcred);
 
 #ifdef MAC
@@ -1439,6 +1446,7 @@ sys_setregid(struct thread *td, struct setregid_args *uap)
 	AUDIT_ARG_RGID(rgid);
 	newcred = crget();
 	PROC_LOCK(p);
+	execve_block_pass(td);
 	oldcred = crcopysafe(p, newcred);
 
 #ifdef MAC
@@ -1509,6 +1517,7 @@ sys_setresuid(struct thread *td, struct setresuid_args *uap)
 	euip = uifind(euid);
 	ruip = uifind(ruid);
 	PROC_LOCK(p);
+	execve_block_pass(td);
 	oldcred = crcopysafe(p, newcred);
 
 #ifdef MAC
@@ -1600,6 +1609,7 @@ sys_setresgid(struct thread *td, struct setresgid_args *uap)
 	AUDIT_ARG_SGID(sgid);
 	newcred = crget();
 	PROC_LOCK(p);
+	execve_block_pass(td);
 	oldcred = crcopysafe(p, newcred);
 
 #ifdef MAC