summaryrefslogtreecommitdiffstats
path: root/sys/amd64/linux
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2016-01-27 07:28:55 +0000
committerdelphij <delphij@FreeBSD.org>2016-01-27 07:28:55 +0000
commit00bfa82a7b212aca52d2fffef26ed02a9e2b47f9 (patch)
treee07955fba6330a764c0f549be1ad48cea853ab8b /sys/amd64/linux
parent6cd3ba3ca25ace7d71d9c240e79b28c66017731c (diff)
downloadFreeBSD-src-00bfa82a7b212aca52d2fffef26ed02a9e2b47f9.zip
FreeBSD-src-00bfa82a7b212aca52d2fffef26ed02a9e2b47f9.tar.gz
MFC r294900:
Implement AT_SECURE properly. AT_SECURE auxv entry has been added to the Linux 2.5 kernel to pass a boolean flag indicating whether secure mode should be enabled. 1 means that the program has changes its credentials during the execution. Being exported AT_SECURE used by glibc issetugid() call. Submitted by: imp, dchagin Security: FreeBSD-SA-16:10.linux Security: CVE-2016-1883
Diffstat (limited to 'sys/amd64/linux')
-rw-r--r--sys/amd64/linux/linux_sysvec.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/amd64/linux/linux_sysvec.c b/sys/amd64/linux/linux_sysvec.c
index d53a266..fc8ee3e 100644
--- a/sys/amd64/linux/linux_sysvec.c
+++ b/sys/amd64/linux/linux_sysvec.c
@@ -271,6 +271,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
Elf_Addr *pos;
struct ps_strings *arginfo;
struct proc *p;
+ int issetugid;
p = imgp->proc;
arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
@@ -281,6 +282,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
args = (Elf64_Auxargs *)imgp->auxargs;
pos = base + (imgp->args->argc + imgp->args->envc + 2);
+ issetugid = p->p_flag & P_SUGID ? 1 : 0;
AUXARGS_ENTRY(pos, LINUX_AT_SYSINFO_EHDR,
imgp->proc->p_sysent->sv_shared_page_base);
AUXARGS_ENTRY(pos, LINUX_AT_HWCAP, cpu_feature);
@@ -296,7 +298,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp)
AUXARGS_ENTRY(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid);
AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);
AUXARGS_ENTRY(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid);
- AUXARGS_ENTRY(pos, LINUX_AT_SECURE, 0);
+ AUXARGS_ENTRY(pos, LINUX_AT_SECURE, issetugid);
AUXARGS_ENTRY(pos, LINUX_AT_PLATFORM, PTROUT(linux_platform));
AUXARGS_ENTRY(pos, LINUX_AT_RANDOM, imgp->canary);
if (imgp->execpathp != 0)
OpenPOWER on IntegriCloud