diff options
| author | delphij <delphij@FreeBSD.org> | 2016-01-27 07:28:55 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2016-01-27 07:28:55 +0000 |
| commit | 00bfa82a7b212aca52d2fffef26ed02a9e2b47f9 (patch) | |
| tree | e07955fba6330a764c0f549be1ad48cea853ab8b /sys/i386/linux/linux_sysvec.c | |
| parent | 6cd3ba3ca25ace7d71d9c240e79b28c66017731c (diff) | |
| download | FreeBSD-src-00bfa82a7b212aca52d2fffef26ed02a9e2b47f9.zip FreeBSD-src-00bfa82a7b212aca52d2fffef26ed02a9e2b47f9.tar.gz | |
MFC r294900:
Implement AT_SECURE properly.
AT_SECURE auxv entry has been added to the Linux 2.5 kernel to pass a
boolean flag indicating whether secure mode should be enabled. 1 means
that the program has changes its credentials during the execution.
Being exported AT_SECURE used by glibc issetugid() call.
Submitted by: imp, dchagin
Security: FreeBSD-SA-16:10.linux
Security: CVE-2016-1883
Diffstat (limited to 'sys/i386/linux/linux_sysvec.c')
| -rw-r--r-- | sys/i386/linux/linux_sysvec.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/i386/linux/linux_sysvec.c b/sys/i386/linux/linux_sysvec.c index df5441b..5419af8 100644 --- a/sys/i386/linux/linux_sysvec.c +++ b/sys/i386/linux/linux_sysvec.c @@ -238,11 +238,13 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp) Elf32_Addr *uplatform; struct ps_strings *arginfo; register_t *pos; + int issetugid; KASSERT(curthread->td_proc == imgp->proc, ("unsafe elf_linux_fixup(), should be curproc")); p = imgp->proc; + issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0; arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings; uplatform = (Elf32_Addr *)((caddr_t)arginfo - linux_szplatform); args = (Elf32_Auxargs *)imgp->auxargs; @@ -270,7 +272,7 @@ elf_linux_fixup(register_t **stack_base, struct image_params *imgp) AUXARGS_ENTRY(pos, AT_FLAGS, args->flags); AUXARGS_ENTRY(pos, AT_ENTRY, args->entry); AUXARGS_ENTRY(pos, AT_BASE, args->base); - AUXARGS_ENTRY(pos, LINUX_AT_SECURE, 0); + AUXARGS_ENTRY(pos, LINUX_AT_SECURE, issetugid); AUXARGS_ENTRY(pos, AT_UID, imgp->proc->p_ucred->cr_ruid); AUXARGS_ENTRY(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid); AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid); |
