From 34fa5a81a54eaa10eb4a68d7f7e3345ece4f9e28 Mon Sep 17 00:00:00 2001 From: sobomax Date: Mon, 26 Dec 2005 21:23:57 +0000 Subject: Remove kern.elf32.can_exec_dyn sysctl. Instead extend Brandinfo structure with flags bitfield and set BI_CAN_EXEC_DYN flag for all brands that usually allow executing elf dynamic binaries (aka shared libraries). When it is requested to execute ET_DYN elf image check if this flag is on after we know the elf brand allowing execution if so. PR: kern/87615 Submitted by: Marcin Koziej --- sys/kern/imgact_elf.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'sys/kern/imgact_elf.c') diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index ce80f8b..5047d41 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -97,11 +97,6 @@ SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, TUNABLE_INT("kern.elf" __XSTRING(__ELF_WORD_SIZE) ".fallback_brand", &__elfN(fallback_brand)); -int __elfN(can_exec_dyn) = 0; -SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, - can_exec_dyn, CTLFLAG_RW, &__elfN(can_exec_dyn), 0, - __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) " can exec shared libraries"); - static int elf_trace = 0; SYSCTL_INT(_debug, OID_AUTO, __elfN(trace), CTLFLAG_RW, &elf_trace, 0, ""); @@ -619,9 +614,12 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) /* * Do we have a valid ELF header ? + * + * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later + * if particular brand doesn't support it. */ - if (__elfN(check_header)(hdr) != 0 || (hdr->e_type != ET_EXEC - && (!__elfN(can_exec_dyn) || hdr->e_type != ET_DYN))) + if (__elfN(check_header)(hdr) != 0 || + (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN)) return (-1); /* @@ -654,6 +652,11 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) hdr->e_ident[EI_OSABI]); return (ENOEXEC); } + if (hdr->e_type == ET_DYN && + (brand_info->flags & BI_CAN_EXEC_DYN) == 0) { + error = ENOEXEC; + goto fail; + } sv = brand_info->sysvec; if (interp != NULL && brand_info->interp_newpath != NULL) interp = brand_info->interp_newpath; -- cgit v1.1