PERFORCE change 122752 for review

John Baldwin jhb at freebsd.org
Thu Jul 5 21:46:43 UTC 2007 

On Tuesday 03 July 2007 04:06:00 am Roman Divacky wrote:
> http://perforce.freebsd.org/chv.cgi?CH=122752
> 
> Change 122752 by rdivacky at rdivacky_witten on 2007/07/03 08:05:17
> 
> 	O_EXEC support. it is able to fexecve "/bin/date" when opened with O_RDONLY
> 	or O_EXEC.
> 	
> 	I am a little suspicious about this patch because audacious (mp3 player) 
acts
> 	really weird now. Needs some more investigation.


> @@ -1281,6 +1283,27 @@
>  		return (ETXTBSY);
>  
>  	/*
> +	 *  Check for the mode the file was opened with
> +	 */
> +	if (fexecve) {
> +		struct file f;
> +		struct file *fp = &f;

What is the point of this?

> +
> +		FILEDESC_SLOCK(td->td_proc->p_fd);
> +		fp = fget_locked(td->td_proc->p_fd, fd);
> +		if (fp == NULL || fp->f_ops == &badfileops) {
> +			FILEDESC_SUNLOCK(td->td_proc->p_fd);
> +			return (EBADF);
> +		}
> +		fhold(fp);
> +		FILEDESC_SUNLOCK(td->td_proc->p_fd);
> +		if (!(fp->f_flag & FREAD) && !(fp->f_flag & O_EXEC)) {
> +			fdrop(fp, td);
> +			return (EACCES);
> +		}
> +		fdrop(fp, td);
> +	}
> +	/*
>  	 * Call filesystem specific open routine (which does nothing in the
>  	 * general case).
>  	 */

Any reason you didn't just use fget() here?  i.e.:

	if (fexecve) {
		struct file *fp;

		error = fget(td, fd, &fp);
		if (error)
			return (error);
		if ((fp->f_flag & (FREAD | O_EXEC)) == 0) {
			fdrop(fp, td);
			return (EACCES);
		}
		fdrop(fp, td);
	}

Also, the fdrop() here seems very, very dubious.  You shouldn't be dropping 
it, but holding the reference since the file could change out from under you 
(shared descriptor tables via rfork(), etc.) leading to a race and potential 
security problem (think of a race where a rfork()'d thread changes the binary 
you are going to execute out from under you).  The better fix may be to check 
the fd when you open it to actually use it.

> ==== //depot/projects/soc2007/rdivacky/linux_at/sys/sys/fcntl.h#8 (text+ko) 
====
> 
> @@ -107,6 +103,7 @@
>  #ifdef _KERNEL
>  #define	FHASLOCK	0x4000		/* descriptor holds advisory lock */
>  #endif
> +#define	O_EXEC		0x8000		/* open for execute only */
>  /* Defined by POSIX Extended API ... TODO: number of the spec */
>  #define	AT_FDCWD		-100	/* Use the current working directory
>  					   to determine the target of relative
> @@ -138,7 +135,7 @@

This clashes with O_NOCTTY.

-- 
John Baldwin

More information about the p4-projects mailing list