socsvn commit: r240171 - soc2012/gpf/pefs_head/head/libexec/rtld-elf

[gpf at FreeBSD.org]

Author: gpf
Date: Tue Aug  7 10:39:40 2012
New Revision: 240171
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=240171

Log:
  - for every object that's being executed by rtld, check the schg flag, if
  vfs.pefs.exec.enable is turned on.
  

Modified:
  soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c

Modified: soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c
==============================================================================
--- soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c	Tue Aug  7 09:22:46 2012	(r240170)
+++ soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c	Tue Aug  7 10:39:40 2012	(r240171)
@@ -1937,6 +1937,23 @@
 	    return NULL;
 	}
     }
+    /* XXXgpf: check schg flag for every object */
+    {
+		int enabled, rval;
+		size_t enabled_len;
+
+		enabled_len = sizeof(enabled);
+		rval = sysctlbyname("vfs.pefs.exec.enable",	&enabled,
+					&enabled_len, 0, 0);
+
+		if (rval == 0 && enabled != 0) {
+			if ((sbp->st_flags & SF_IMMUTABLE) == 0) {
+				_rtld_error("Cannot execute object: %s without schg\n", path);
+				return NULL;
+			}
+		}
+	}
+
     dbg("loading \"%s\"", printable_path(path));
     obj = map_object(fd, printable_path(path), sbp);
     if (obj == NULL)