diff options
author | delphij <delphij@FreeBSD.org> | 2016-01-27 07:28:55 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2016-01-27 07:28:55 +0000 |
commit | 00bfa82a7b212aca52d2fffef26ed02a9e2b47f9 (patch) | |
tree | e07955fba6330a764c0f549be1ad48cea853ab8b /sys/amd64/linux | |
parent | 6cd3ba3ca25ace7d71d9c240e79b28c66017731c (diff) | |
download | FreeBSD-src-00bfa82a7b212aca52d2fffef26ed02a9e2b47f9.zip FreeBSD-src-00bfa82a7b212aca52d2fffef26ed02a9e2b47f9.tar.gz |
MFC r294900:
Implement AT_SECURE properly.
AT_SECURE auxv entry has been added to the Linux 2.5 kernel to pass a
boolean flag indicating whether secure mode should be enabled. 1 means
that the program has changes its credentials during the execution.
Being exported AT_SECURE used by glibc issetugid() call.
Submitted by: imp, dchagin
Security: FreeBSD-SA-16:10.linux
Security: CVE-2016-1883
Diffstat (limited to 'sys/amd64/linux')
-rw-r--r-- | sys/amd64/linux/linux_sysvec.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/amd64/linux/linux_sysvec.c b/sys/amd64/linux/linux_sysvec.c index d53a266..fc8ee3e 100644 --- a/sys/amd64/linux/linux_sysvec.c +++ b/sys/amd64/linux/linux_sysvec.c @@ -271,6 +271,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp) Elf_Addr *pos; struct ps_strings *arginfo; struct proc *p; + int issetugid; p = imgp->proc; arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings; @@ -281,6 +282,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp) args = (Elf64_Auxargs *)imgp->auxargs; pos = base + (imgp->args->argc + imgp->args->envc + 2); + issetugid = p->p_flag & P_SUGID ? 1 : 0; AUXARGS_ENTRY(pos, LINUX_AT_SYSINFO_EHDR, imgp->proc->p_sysent->sv_shared_page_base); AUXARGS_ENTRY(pos, LINUX_AT_HWCAP, cpu_feature); @@ -296,7 +298,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp) AUXARGS_ENTRY(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid); AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid); AUXARGS_ENTRY(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid); - AUXARGS_ENTRY(pos, LINUX_AT_SECURE, 0); + AUXARGS_ENTRY(pos, LINUX_AT_SECURE, issetugid); AUXARGS_ENTRY(pos, LINUX_AT_PLATFORM, PTROUT(linux_platform)); AUXARGS_ENTRY(pos, LINUX_AT_RANDOM, imgp->canary); if (imgp->execpathp != 0) |