diff options
| -rw-r--r-- | sys/kern/kern_exec.c | 216 |
1 files changed, 104 insertions, 112 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 08668808dd32..c3235137f4f1 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: kern_exec.c,v 1.21.4.4 1996/05/31 08:04:07 peter Exp $ + * $Id: kern_exec.c,v 1.21.4.5 1996/06/03 04:09:36 davidg Exp $ */ #include <sys/param.h> @@ -32,7 +32,7 @@ #include <sys/kernel.h> #include <sys/mount.h> #include <sys/filedesc.h> -#include <sys/file.h> +#include <sys/fcntl.h> #include <sys/acct.h> #include <sys/exec.h> #include <sys/imgact.h> @@ -75,40 +75,35 @@ execve(p, uap, retval) struct nameidata nd, *ndp; int *stack_base; int error, len, i; - struct image_params image_params, *iparams; - struct vnode *vnodep; + struct image_params image_params, *imgp; struct vattr attr; - char *image_header; - iparams = &image_params; - bzero((caddr_t)iparams, sizeof(struct image_params)); - image_header = (char *)0; + imgp = &image_params; /* - * Initialize a few constants in the common area + * Initialize part of the common data */ - iparams->proc = p; - iparams->uap = uap; - iparams->attr = &attr; + imgp->proc = p; + imgp->uap = uap; + imgp->attr = &attr; + imgp->image_header = NULL; + imgp->argc = imgp->envc = 0; + imgp->entry_addr = 0; + imgp->vmspace_destroyed = 0; + imgp->interpreted = 0; + imgp->interpreter_name[0] = '\0'; /* * Allocate temporary demand zeroed space for argument and * environment strings */ - iparams->stringbase = (char *)vm_map_min(exec_map); - error = vm_map_find(exec_map, NULL, 0, (vm_offset_t *)&iparams->stringbase, - ARG_MAX, TRUE); - if (error) { - log(LOG_WARNING, "execve: failed to allocate string space\n"); - return (error); - } - - if (!iparams->stringbase) { + imgp->stringbase = (char *)kmem_alloc_wait(exec_map, ARG_MAX); + if (imgp->stringbase == NULL) { error = ENOMEM; goto exec_fail; } - iparams->stringp = iparams->stringbase; - iparams->stringspace = ARG_MAX; + imgp->stringp = imgp->stringbase; + imgp->stringspace = ARG_MAX; /* * Translate the file name. namei() returns a vnode pointer @@ -122,14 +117,12 @@ interpret: error = namei(ndp); if (error) { - vm_map_remove(exec_map, (vm_offset_t)iparams->stringbase, - (vm_offset_t)iparams->stringbase + ARG_MAX); + kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase, ARG_MAX); goto exec_fail; } - iparams->vnodep = vnodep = ndp->ni_vp; - - if (vnodep == NULL) { + imgp->vnodep = ndp->ni_vp; + if (imgp->vnodep == NULL) { error = ENOEXEC; goto exec_fail_dealloc; } @@ -137,13 +130,13 @@ interpret: /* * Check file permissions (also 'opens' file) */ - error = exec_check_permissions(iparams); + error = exec_check_permissions(imgp); /* * Lose the lock on the vnode. It's no longer needed, and must not * exist for the pagefault paging to work below. */ - VOP_UNLOCK(vnodep); + VOP_UNLOCK(imgp->vnodep); if (error) goto exec_fail_dealloc; @@ -153,18 +146,17 @@ interpret: * kernel address space */ error = vm_mmap(kernel_map, /* map */ - (vm_offset_t *)&image_header, /* address */ + (vm_offset_t *)&imgp->image_header, /* address */ PAGE_SIZE, /* size */ VM_PROT_READ, /* protection */ VM_PROT_READ, /* max protection */ 0, /* flags */ - (caddr_t)vnodep, /* vnode */ + (caddr_t)imgp->vnodep, /* vnode */ 0); /* offset */ if (error) { uprintf("mmap failed: %d\n",error); goto exec_fail_dealloc; } - iparams->image_header = image_header; /* * Loop through list of image activators, calling each one. @@ -176,7 +168,7 @@ interpret: */ for (i = 0; execsw[i]; ++i) { if (execsw[i]->ex_imgact) - error = (*execsw[i]->ex_imgact)(iparams); + error = (*execsw[i]->ex_imgact)(imgp); else continue; @@ -184,17 +176,17 @@ interpret: continue; if (error) goto exec_fail_dealloc; - if (iparams->interpreted) { + if (imgp->interpreted) { /* free old vnode and name buffer */ vrele(ndp->ni_vp); FREE(ndp->ni_cnd.cn_pnbuf, M_NAMEI); - if (vm_map_remove(kernel_map, (vm_offset_t)image_header, - (vm_offset_t)image_header + PAGE_SIZE)) + if (vm_map_remove(kernel_map, (vm_offset_t)imgp->image_header, + (vm_offset_t)imgp->image_header + PAGE_SIZE)) panic("execve: header dealloc failed (1)"); /* set new name to that of the interpreter */ NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME, - UIO_SYSSPACE, iparams->interpreter_name, p); + UIO_SYSSPACE, imgp->interpreter_name, p); goto interpret; } break; @@ -208,7 +200,7 @@ interpret: /* * Copy out strings (args and env) and initialize stack base */ - stack_base = exec_copyout_strings(iparams); + stack_base = exec_copyout_strings(imgp); p->p_vmspace->vm_minsaddr = (char *)stack_base; /* @@ -217,9 +209,9 @@ interpret: * Else stuff argument count as first item on stack */ if (p->p_sysent->sv_fixup) - (*p->p_sysent->sv_fixup)(&stack_base, iparams); + (*p->p_sysent->sv_fixup)(&stack_base, imgp); else - suword(--stack_base, iparams->argc); + suword(--stack_base, imgp->argc); /* close files on exec */ fdcloseexec(p); @@ -242,32 +234,36 @@ interpret: wakeup((caddr_t)p->p_pptr); } - /* implement set userid/groupid */ - p->p_flag &= ~P_SUGID; - /* - * Turn off kernel tracing for set-id programs, except for - * root. + * Implement image setuid/setgid. Disallow if the process is + * being traced. */ - if (p->p_tracep && (attr.va_mode & (VSUID | VSGID)) && - suser(p->p_ucred, &p->p_acflag)) { - p->p_traceflag = 0; - vrele(p->p_tracep); - p->p_tracep = 0; - } - if ((attr.va_mode & VSUID) && (p->p_flag & P_TRACED) == 0) { - p->p_ucred = crcopy(p->p_ucred); - p->p_ucred->cr_uid = attr.va_uid; - p->p_flag |= P_SUGID; - } - if ((attr.va_mode & VSGID) && (p->p_flag & P_TRACED) == 0) { + if ((attr.va_mode & (VSUID | VSGID)) && + (p->p_flag & P_TRACED) == 0) { + /* + * Turn off syscall tracing for set-id programs, except for + * root. + */ + if (p->p_tracep && suser(p->p_ucred, &p->p_acflag)) { + p->p_traceflag = 0; + vrele(p->p_tracep); + p->p_tracep = NULL; + } + /* + * Set the new credentials. + */ p->p_ucred = crcopy(p->p_ucred); - p->p_ucred->cr_groups[0] = attr.va_gid; + if (attr.va_mode & VSUID) + p->p_ucred->cr_uid = attr.va_uid; + if (attr.va_mode & VSGID) + p->p_ucred->cr_groups[0] = attr.va_gid; p->p_flag |= P_SUGID; + } else { + p->p_flag &= ~P_SUGID; } /* - * Implement correct POSIX saved uid behavior. + * Implement correct POSIX saved-id behavior. */ p->p_cred->p_svuid = p->p_ucred->cr_uid; p->p_cred->p_svgid = p->p_ucred->cr_gid; @@ -291,16 +287,14 @@ interpret: p->p_acflag &= ~AFORK; /* Set entry address */ - setregs(p, iparams->entry_addr, (u_long)stack_base); + setregs(p, imgp->entry_addr, (u_long)stack_base); /* * free various allocated resources */ - if (vm_map_remove(exec_map, (vm_offset_t)iparams->stringbase, - (vm_offset_t)iparams->stringbase + ARG_MAX)) - panic("execve: string buffer dealloc failed (1)"); - if (vm_map_remove(kernel_map, (vm_offset_t)image_header, - (vm_offset_t)image_header + PAGE_SIZE)) + kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase, ARG_MAX); + if (vm_map_remove(kernel_map, (vm_offset_t)imgp->image_header, + (vm_offset_t)imgp->image_header + PAGE_SIZE)) panic("execve: header dealloc failed (2)"); vrele(ndp->ni_vp); FREE(ndp->ni_cnd.cn_pnbuf, M_NAMEI); @@ -308,20 +302,18 @@ interpret: return (0); exec_fail_dealloc: - if (iparams->stringbase && iparams->stringbase != (char *)-1) - if (vm_map_remove(exec_map, (vm_offset_t)iparams->stringbase, - (vm_offset_t)iparams->stringbase + ARG_MAX)) - panic("execve: string buffer dealloc failed (2)"); - if (iparams->image_header && iparams->image_header != (char *)-1) - if (vm_map_remove(kernel_map, (vm_offset_t)image_header, - (vm_offset_t)image_header + PAGE_SIZE)) + if (imgp->stringbase != NULL) + kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase, ARG_MAX); + if (imgp->image_header && imgp->image_header != (char *)-1) + if (vm_map_remove(kernel_map, (vm_offset_t)imgp->image_header, + (vm_offset_t)imgp->image_header + PAGE_SIZE)) panic("execve: header dealloc failed (3)"); if (ndp->ni_vp) vrele(ndp->ni_vp); FREE(ndp->ni_cnd.cn_pnbuf, M_NAMEI); exec_fail: - if (iparams->vmspace_destroyed) { + if (imgp->vmspace_destroyed) { /* sorry, no more process anymore. exit gracefully */ exit1(p, W_EXITCODE(0, SIGABRT)); /* NOT REACHED */ @@ -337,19 +329,19 @@ exec_fail: * automatically in trap.c. */ int -exec_new_vmspace(iparams) - struct image_params *iparams; +exec_new_vmspace(imgp) + struct image_params *imgp; { int error; - struct vmspace *vmspace = iparams->proc->p_vmspace; + struct vmspace *vmspace = imgp->proc->p_vmspace; caddr_t stack_addr = (caddr_t) (USRSTACK - SGROWSIZ); - iparams->vmspace_destroyed = 1; + imgp->vmspace_destroyed = 1; /* Blow away entire process VM */ #ifdef SYSVSHM if (vmspace->vm_shm) - shmexit(iparams->proc); + shmexit(imgp->proc); #endif vm_map_remove(&vmspace->vm_map, 0, USRSTACK); @@ -372,8 +364,8 @@ exec_new_vmspace(iparams) * address space into the temporary string buffer. */ int -exec_extract_strings(iparams) - struct image_params *iparams; +exec_extract_strings(imgp) + struct image_params *imgp; { char **argv, **envv; char *argp, *envp; @@ -383,21 +375,21 @@ exec_extract_strings(iparams) * extract arguments first */ - argv = iparams->uap->argv; + argv = imgp->uap->argv; if (argv) { while ((argp = (caddr_t) fuword(argv++))) { if (argp == (caddr_t) -1) return (EFAULT); - if ((error = copyinstr(argp, iparams->stringp, - iparams->stringspace, &length))) { + if ((error = copyinstr(argp, imgp->stringp, + imgp->stringspace, &length))) { if (error == ENAMETOOLONG) return(E2BIG); return (error); } - iparams->stringspace -= length; - iparams->stringp += length; - iparams->argc++; + imgp->stringspace -= length; + imgp->stringp += length; + imgp->argc++; } } @@ -405,21 +397,21 @@ exec_extract_strings(iparams) * extract environment strings */ - envv = iparams->uap->envv; + envv = imgp->uap->envv; if (envv) { while ((envp = (caddr_t) fuword(envv++))) { if (envp == (caddr_t) -1) return (EFAULT); - if ((error = copyinstr(envp, iparams->stringp, - iparams->stringspace, &length))) { + if ((error = copyinstr(envp, imgp->stringp, + imgp->stringspace, &length))) { if (error == ENAMETOOLONG) return(E2BIG); return (error); } - iparams->stringspace -= length; - iparams->stringp += length; - iparams->envc++; + imgp->stringspace -= length; + imgp->stringp += length; + imgp->envc++; } } @@ -432,8 +424,8 @@ exec_extract_strings(iparams) * so that it can be used as the initial stack pointer. */ int * -exec_copyout_strings(iparams) - struct image_params *iparams; +exec_copyout_strings(imgp) + struct image_params *imgp; { int argc, envc; char **vectp; @@ -446,28 +438,28 @@ exec_copyout_strings(iparams) */ arginfo = PS_STRINGS; destp = (caddr_t)arginfo - SPARE_USRSPACE - - roundup((ARG_MAX - iparams->stringspace), sizeof(char *)); + roundup((ARG_MAX - imgp->stringspace), sizeof(char *)); /* * The '+ 2' is for the null pointers at the end of each of the * arg and env vector sets */ vectp = (char **) (destp - - (iparams->argc + iparams->envc + 2) * sizeof(char *)); + (imgp->argc + imgp->envc + 2) * sizeof(char *)); /* * vectp also becomes our initial stack base */ stack_base = (int *)vectp; - stringp = iparams->stringbase; - argc = iparams->argc; - envc = iparams->envc; + stringp = imgp->stringbase; + argc = imgp->argc; + envc = imgp->envc; /* * Copy out strings - arguments and environment. */ - copyout(stringp, destp, ARG_MAX - iparams->stringspace); + copyout(stringp, destp, ARG_MAX - imgp->stringspace); /* * Fill in "ps_strings" struct for ps, w, etc. @@ -512,24 +504,24 @@ exec_copyout_strings(iparams) * Return 0 for success or error code on failure. */ static int -exec_check_permissions(iparams) - struct image_params *iparams; +exec_check_permissions(imgp) + struct image_params *imgp; { - struct proc *p = iparams->proc; - struct vnode *vnodep = iparams->vnodep; - struct vattr *attr = iparams->attr; + struct proc *p = imgp->proc; + struct vnode *vp = imgp->vnodep; + struct vattr *attr = imgp->attr; int error; /* * Check number of open-for-writes on the file and deny execution * if there are any. */ - if (vnodep->v_writecount) { + if (vp->v_writecount) { return (ETXTBSY); } /* Get file attributes */ - error = VOP_GETATTR(vnodep, attr, p->p_ucred, p); + error = VOP_GETATTR(vp, attr, p->p_ucred, p); if (error) return (error); @@ -541,7 +533,7 @@ exec_check_permissions(iparams) * file really is executable. * 3) Insure that the file is a regular file. */ - if ((vnodep->v_mount->mnt_flag & MNT_NOEXEC) || + if ((vp->v_mount->mnt_flag & MNT_NOEXEC) || ((attr->va_mode & 0111) == 0) || (attr->va_type != VREG)) { return (EACCES); @@ -557,7 +549,7 @@ exec_check_permissions(iparams) * Disable setuid/setgid if the filesystem prohibits it or if * the process is being traced. */ - if ((vnodep->v_mount->mnt_flag & MNT_NOSUID) || (p->p_flag & P_TRACED)) + if ((vp->v_mount->mnt_flag & MNT_NOSUID) || (p->p_flag & P_TRACED)) attr->va_mode &= ~(VSUID | VSGID); /* @@ -565,11 +557,11 @@ exec_check_permissions(iparams) * Then call filesystem specific open routine (which does nothing * in the general case). */ - error = VOP_ACCESS(vnodep, VEXEC, p->p_ucred, p); + error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p); if (error) return (error); - error = VOP_OPEN(vnodep, FREAD, p->p_ucred, p); + error = VOP_OPEN(vp, FREAD, p->p_ucred, p); if (error) return (error); |