diff options
| author | nectar <nectar@FreeBSD.org> | 2002-07-30 15:38:29 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2002-07-30 15:38:29 +0000 |
| commit | d8897f84c8c58bf7361394910d2699f4920aa5ee (patch) | |
| tree | 3c4f480cc91c24b0a612baa2287b01ee24fcbfa3 /sys/kern | |
| parent | 60918054e910e7fd5ded464cabc38d9defedf5a8 (diff) | |
| download | FreeBSD-src-d8897f84c8c58bf7361394910d2699f4920aa5ee.zip FreeBSD-src-d8897f84c8c58bf7361394910d2699f4920aa5ee.tar.gz | |
For processes which are set-user-ID or set-group-ID, the kernel performs a few
special actions for safety. One of these is to make sure that file descriptors
0..2 are in use, by opening /dev/null for those that are not already open.
Another is to close any file descriptors 0..2 that reference procfs. However,
these checks were made out of order, so that it was still possible for a
set-user-ID or set-group-ID process to be started with some of the file
descriptors 0..2 unused.
Submitted by: Georgi Guninski <guninski@guninski.com>
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_exec.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index df6bf3a..14f5bad 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -403,6 +403,8 @@ interpret: mtx_unlock(&ktrace_mtx); } #endif + /* Close any file descriptors 0..2 that reference procfs */ + setugidsafety(td); /* Make sure file descriptors 0..2 are in use. */ error = fdcheckstd(td); if (error != 0) @@ -415,7 +417,6 @@ interpret: change_euid(newcred, euip); if (attr.va_mode & VSGID) change_egid(newcred, attr.va_gid); - setugidsafety(td); /* * Implement correct POSIX saved-id behavior. */ |
