1993-12-20 16:16:46 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 1993, David Greenman
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
1995-09-08 13:24:33 +00:00
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
1993-12-20 16:16:46 +00:00
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*
|
1999-08-28 01:08:13 +00:00
|
|
|
* $FreeBSD$
|
1993-12-20 16:16:46 +00:00
|
|
|
*/
|
|
|
|
|
|
2001-09-12 08:38:13 +00:00
|
|
|
#include "opt_kstack_pages.h"
|
2001-08-25 02:20:02 +00:00
|
|
|
|
1994-05-25 09:21:21 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/exec.h>
|
1998-09-14 05:36:51 +00:00
|
|
|
#include <sys/fcntl.h>
|
1994-05-25 09:21:21 +00:00
|
|
|
#include <sys/imgact.h>
|
1994-09-24 21:37:01 +00:00
|
|
|
#include <sys/imgact_aout.h>
|
1994-05-25 09:21:21 +00:00
|
|
|
#include <sys/kernel.h>
|
2001-05-01 08:13:21 +00:00
|
|
|
#include <sys/lock.h>
|
|
|
|
|
#include <sys/mutex.h>
|
1998-09-14 05:36:51 +00:00
|
|
|
#include <sys/namei.h>
|
|
|
|
|
#include <sys/pioctl.h>
|
1996-05-01 02:43:13 +00:00
|
|
|
#include <sys/proc.h>
|
2001-05-01 08:13:21 +00:00
|
|
|
#include <sys/resourcevar.h>
|
2000-09-10 13:33:31 +00:00
|
|
|
#include <sys/systm.h>
|
1998-09-14 05:36:51 +00:00
|
|
|
#include <sys/signalvar.h>
|
|
|
|
|
#include <sys/stat.h>
|
1994-08-24 11:52:21 +00:00
|
|
|
#include <sys/sysent.h>
|
1998-09-14 05:36:51 +00:00
|
|
|
#include <sys/syscall.h>
|
1996-05-01 02:43:13 +00:00
|
|
|
#include <sys/vnode.h>
|
2001-05-01 08:13:21 +00:00
|
|
|
#include <sys/user.h>
|
|
|
|
|
|
1998-09-14 05:36:51 +00:00
|
|
|
#include <machine/md_var.h>
|
1993-12-20 16:16:46 +00:00
|
|
|
|
1994-05-25 09:21:21 +00:00
|
|
|
#include <vm/vm.h>
|
1995-12-07 12:48:31 +00:00
|
|
|
#include <vm/vm_param.h>
|
|
|
|
|
#include <vm/pmap.h>
|
|
|
|
|
#include <vm/vm_map.h>
|
1998-01-11 21:35:38 +00:00
|
|
|
#include <vm/vm_object.h>
|
1993-12-20 16:16:46 +00:00
|
|
|
|
2002-03-19 21:25:46 +00:00
|
|
|
static int exec_aout_imgact(struct image_params *imgp);
|
2002-09-01 21:41:24 +00:00
|
|
|
static int aout_fixup(register_t **stack_base, struct image_params *imgp);
|
1995-12-02 16:32:03 +00:00
|
|
|
|
1998-09-14 05:36:51 +00:00
|
|
|
struct sysentvec aout_sysvec = {
|
|
|
|
|
SYS_MAXSYSCALL,
|
|
|
|
|
sysent,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
2002-09-01 21:41:24 +00:00
|
|
|
NULL,
|
1998-09-14 05:36:51 +00:00
|
|
|
0,
|
2002-09-01 21:41:24 +00:00
|
|
|
NULL,
|
|
|
|
|
NULL,
|
|
|
|
|
aout_fixup,
|
1998-09-14 05:36:51 +00:00
|
|
|
sendsig,
|
|
|
|
|
sigcode,
|
|
|
|
|
&szsigcode,
|
2002-09-01 21:41:24 +00:00
|
|
|
NULL,
|
1998-09-14 05:36:51 +00:00
|
|
|
"FreeBSD a.out",
|
2000-11-09 08:25:48 +00:00
|
|
|
aout_coredump,
|
|
|
|
|
NULL,
|
2002-09-01 21:41:24 +00:00
|
|
|
MINSIGSTKSZ,
|
|
|
|
|
PAGE_SIZE,
|
|
|
|
|
VM_MIN_ADDRESS,
|
|
|
|
|
VM_MAXUSER_ADDRESS,
|
|
|
|
|
USRSTACK,
|
|
|
|
|
PS_STRINGS,
|
|
|
|
|
VM_PROT_ALL,
|
|
|
|
|
exec_copyout_strings,
|
|
|
|
|
exec_setregs
|
1998-09-14 05:36:51 +00:00
|
|
|
};
|
|
|
|
|
|
2002-09-01 21:41:24 +00:00
|
|
|
static int
|
|
|
|
|
aout_fixup(stack_base, imgp)
|
|
|
|
|
register_t **stack_base;
|
|
|
|
|
struct image_params *imgp;
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
return (suword(--(*stack_base), imgp->argc));
|
|
|
|
|
}
|
|
|
|
|
|
1999-09-04 13:30:18 +00:00
|
|
|
static int
|
1995-11-06 12:52:37 +00:00
|
|
|
exec_aout_imgact(imgp)
|
|
|
|
|
struct image_params *imgp;
|
1993-12-20 16:16:46 +00:00
|
|
|
{
|
1996-08-31 16:52:44 +00:00
|
|
|
const struct exec *a_out = (const struct exec *) imgp->image_header;
|
1997-04-13 01:48:35 +00:00
|
|
|
struct vmspace *vmspace;
|
1998-01-11 21:35:38 +00:00
|
|
|
struct vnode *vp;
|
1999-03-04 18:04:40 +00:00
|
|
|
vm_map_t map;
|
1998-01-11 21:35:38 +00:00
|
|
|
vm_object_t object;
|
|
|
|
|
vm_offset_t text_end, data_end;
|
1996-03-19 15:03:00 +00:00
|
|
|
unsigned long virtual_offset;
|
1995-12-11 04:58:34 +00:00
|
|
|
unsigned long file_offset;
|
1993-12-20 16:16:46 +00:00
|
|
|
unsigned long bss_size;
|
1994-09-25 19:34:02 +00:00
|
|
|
int error;
|
1993-12-20 16:16:46 +00:00
|
|
|
|
2001-07-04 16:20:28 +00:00
|
|
|
GIANT_REQUIRED;
|
|
|
|
|
|
1995-02-14 19:23:22 +00:00
|
|
|
/*
|
|
|
|
|
* Linux and *BSD binaries look very much alike,
|
1995-05-30 08:16:23 +00:00
|
|
|
* only the machine id is different:
|
1995-06-11 19:33:05 +00:00
|
|
|
* 0x64 for Linux, 0x86 for *BSD, 0x00 for BSDI.
|
1996-03-03 20:06:53 +00:00
|
|
|
* NetBSD is in network byte order.. ugh.
|
1995-02-14 19:23:22 +00:00
|
|
|
*/
|
1995-06-11 19:33:05 +00:00
|
|
|
if (((a_out->a_magic >> 16) & 0xff) != 0x86 &&
|
1996-03-03 20:06:53 +00:00
|
|
|
((a_out->a_magic >> 16) & 0xff) != 0 &&
|
|
|
|
|
((((int)ntohl(a_out->a_magic)) >> 16) & 0xff) != 0x86)
|
1995-06-11 19:33:05 +00:00
|
|
|
return -1;
|
1995-02-14 19:23:22 +00:00
|
|
|
|
1993-12-20 16:16:46 +00:00
|
|
|
/*
|
|
|
|
|
* Set file/virtual offset based on a.out variant.
|
|
|
|
|
* We do two cases: host byte order and network byte order
|
|
|
|
|
* (for NetBSD compatibility)
|
|
|
|
|
*/
|
|
|
|
|
switch ((int)(a_out->a_magic & 0xffff)) {
|
|
|
|
|
case ZMAGIC:
|
|
|
|
|
virtual_offset = 0;
|
|
|
|
|
if (a_out->a_text) {
|
1996-05-02 10:43:17 +00:00
|
|
|
file_offset = PAGE_SIZE;
|
1993-12-20 16:16:46 +00:00
|
|
|
} else {
|
|
|
|
|
/* Bill's "screwball mode" */
|
|
|
|
|
file_offset = 0;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case QMAGIC:
|
1996-05-02 10:43:17 +00:00
|
|
|
virtual_offset = PAGE_SIZE;
|
1993-12-20 16:16:46 +00:00
|
|
|
file_offset = 0;
|
1999-04-03 22:20:03 +00:00
|
|
|
/* Pass PS_STRINGS for BSD/OS binaries only. */
|
|
|
|
|
if (N_GETMID(*a_out) == MID_ZERO)
|
|
|
|
|
imgp->ps_strings = PS_STRINGS;
|
1993-12-20 16:16:46 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
/* NetBSD compatibility */
|
|
|
|
|
switch ((int)(ntohl(a_out->a_magic) & 0xffff)) {
|
|
|
|
|
case ZMAGIC:
|
|
|
|
|
case QMAGIC:
|
1996-05-02 10:43:17 +00:00
|
|
|
virtual_offset = PAGE_SIZE;
|
1993-12-20 16:16:46 +00:00
|
|
|
file_offset = 0;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return (-1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1996-05-02 10:43:17 +00:00
|
|
|
bss_size = roundup(a_out->a_bss, PAGE_SIZE);
|
1993-12-20 16:16:46 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check various fields in header for validity/bounds.
|
|
|
|
|
*/
|
|
|
|
|
if (/* entry point must lay with text region */
|
|
|
|
|
a_out->a_entry < virtual_offset ||
|
|
|
|
|
a_out->a_entry >= virtual_offset + a_out->a_text ||
|
|
|
|
|
|
|
|
|
|
/* text and data size must each be page rounded */
|
1996-05-02 10:43:17 +00:00
|
|
|
a_out->a_text & PAGE_MASK || a_out->a_data & PAGE_MASK)
|
1993-12-20 16:16:46 +00:00
|
|
|
return (-1);
|
|
|
|
|
|
|
|
|
|
/* text + data can't exceed file size */
|
1995-11-06 12:52:37 +00:00
|
|
|
if (a_out->a_data + a_out->a_text > imgp->attr->va_size)
|
1993-12-20 16:16:46 +00:00
|
|
|
return (EFAULT);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* text/data/bss must not exceed limits
|
|
|
|
|
*/
|
2001-01-24 00:27:28 +00:00
|
|
|
mtx_assert(&Giant, MA_OWNED);
|
1993-12-20 16:16:46 +00:00
|
|
|
if (/* text can't exceed maximum text size */
|
2001-10-10 23:06:54 +00:00
|
|
|
a_out->a_text > maxtsiz ||
|
1993-12-20 16:16:46 +00:00
|
|
|
|
|
|
|
|
/* data + bss can't exceed rlimit */
|
|
|
|
|
a_out->a_data + bss_size >
|
1995-11-06 12:52:37 +00:00
|
|
|
imgp->proc->p_rlimit[RLIMIT_DATA].rlim_cur)
|
1993-12-20 16:16:46 +00:00
|
|
|
return (ENOMEM);
|
|
|
|
|
|
|
|
|
|
/* copy in arguments and/or environment from old process */
|
1995-11-06 12:52:37 +00:00
|
|
|
error = exec_extract_strings(imgp);
|
1993-12-20 16:16:46 +00:00
|
|
|
if (error)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Destroy old process VM and create a new one (with a new stack)
|
|
|
|
|
*/
|
2002-07-20 02:56:12 +00:00
|
|
|
exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
|
1993-12-20 16:16:46 +00:00
|
|
|
|
1997-04-13 01:48:35 +00:00
|
|
|
/*
|
|
|
|
|
* The vm space can be changed by exec_new_vmspace
|
|
|
|
|
*/
|
|
|
|
|
vmspace = imgp->proc->p_vmspace;
|
|
|
|
|
|
1998-01-11 21:35:38 +00:00
|
|
|
vp = imgp->vp;
|
2002-07-06 07:00:01 +00:00
|
|
|
object = imgp->object;
|
1999-03-04 18:04:40 +00:00
|
|
|
map = &vmspace->vm_map;
|
|
|
|
|
vm_map_lock(map);
|
1998-01-11 21:35:38 +00:00
|
|
|
vm_object_reference(object);
|
|
|
|
|
|
|
|
|
|
text_end = virtual_offset + a_out->a_text;
|
1999-03-10 07:07:42 +00:00
|
|
|
error = vm_map_insert(map, object,
|
1998-01-11 21:35:38 +00:00
|
|
|
file_offset,
|
|
|
|
|
virtual_offset, text_end,
|
|
|
|
|
VM_PROT_READ | VM_PROT_EXECUTE, VM_PROT_ALL,
|
1999-05-17 00:53:56 +00:00
|
|
|
MAP_COPY_ON_WRITE | MAP_PREFAULT);
|
1999-03-04 18:04:40 +00:00
|
|
|
if (error) {
|
|
|
|
|
vm_map_unlock(map);
|
1993-12-20 16:16:46 +00:00
|
|
|
return (error);
|
1999-03-04 18:04:40 +00:00
|
|
|
}
|
1998-01-11 21:35:38 +00:00
|
|
|
data_end = text_end + a_out->a_data;
|
|
|
|
|
if (a_out->a_data) {
|
|
|
|
|
vm_object_reference(object);
|
1999-03-10 07:07:42 +00:00
|
|
|
error = vm_map_insert(map, object,
|
1998-01-11 21:35:38 +00:00
|
|
|
file_offset + a_out->a_text,
|
|
|
|
|
text_end, data_end,
|
|
|
|
|
VM_PROT_ALL, VM_PROT_ALL,
|
1999-05-17 00:53:56 +00:00
|
|
|
MAP_COPY_ON_WRITE | MAP_PREFAULT);
|
1999-03-04 18:04:40 +00:00
|
|
|
if (error) {
|
|
|
|
|
vm_map_unlock(map);
|
1995-02-20 22:23:31 +00:00
|
|
|
return (error);
|
1999-03-04 18:04:40 +00:00
|
|
|
}
|
1995-02-20 22:23:31 +00:00
|
|
|
}
|
1993-12-20 16:16:46 +00:00
|
|
|
|
1998-01-11 21:35:38 +00:00
|
|
|
if (bss_size) {
|
1999-03-10 07:07:42 +00:00
|
|
|
error = vm_map_insert(map, NULL, 0,
|
1998-01-11 21:35:38 +00:00
|
|
|
data_end, data_end + bss_size,
|
|
|
|
|
VM_PROT_ALL, VM_PROT_ALL, 0);
|
1999-03-04 18:04:40 +00:00
|
|
|
if (error) {
|
|
|
|
|
vm_map_unlock(map);
|
1998-01-11 21:35:38 +00:00
|
|
|
return (error);
|
1999-03-04 18:04:40 +00:00
|
|
|
}
|
1998-01-11 21:35:38 +00:00
|
|
|
}
|
1999-03-04 18:04:40 +00:00
|
|
|
vm_map_unlock(map);
|
|
|
|
|
|
1993-12-20 16:16:46 +00:00
|
|
|
/* Fill in process VM information */
|
|
|
|
|
vmspace->vm_tsize = a_out->a_text >> PAGE_SHIFT;
|
|
|
|
|
vmspace->vm_dsize = (a_out->a_data + bss_size) >> PAGE_SHIFT;
|
1998-07-15 05:00:26 +00:00
|
|
|
vmspace->vm_taddr = (caddr_t) (uintptr_t) virtual_offset;
|
|
|
|
|
vmspace->vm_daddr = (caddr_t) (uintptr_t)
|
|
|
|
|
(virtual_offset + a_out->a_text);
|
1993-12-20 16:16:46 +00:00
|
|
|
|
|
|
|
|
/* Fill in image_params */
|
1995-11-06 12:52:37 +00:00
|
|
|
imgp->interpreted = 0;
|
|
|
|
|
imgp->entry_addr = a_out->a_entry;
|
1995-05-30 08:16:23 +00:00
|
|
|
|
1995-11-06 12:52:37 +00:00
|
|
|
imgp->proc->p_sysent = &aout_sysvec;
|
1995-08-24 10:32:37 +00:00
|
|
|
|
1993-12-20 16:16:46 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
1993-12-20 19:31:41 +00:00
|
|
|
|
1998-09-14 05:36:51 +00:00
|
|
|
/*
|
1999-01-01 14:41:51 +00:00
|
|
|
* Dump core, into a file named as described in the comments for
|
|
|
|
|
* expand_name(), unless the process was setuid/setgid.
|
1998-09-14 05:36:51 +00:00
|
|
|
*/
|
|
|
|
|
int
|
2001-09-12 08:38:13 +00:00
|
|
|
aout_coredump(td, vp, limit)
|
|
|
|
|
register struct thread *td;
|
1998-09-14 05:36:51 +00:00
|
|
|
register struct vnode *vp;
|
1999-09-01 00:29:56 +00:00
|
|
|
off_t limit;
|
|
|
|
|
{
|
2001-09-12 08:38:13 +00:00
|
|
|
struct proc *p = td->td_proc;
|
2002-02-27 18:32:23 +00:00
|
|
|
register struct ucred *cred = td->td_ucred;
|
1998-09-14 05:36:51 +00:00
|
|
|
register struct vmspace *vm = p->p_vmspace;
|
1999-09-04 13:30:18 +00:00
|
|
|
int error;
|
1998-09-14 05:36:51 +00:00
|
|
|
|
2001-09-12 08:38:13 +00:00
|
|
|
if (ctob((UAREA_PAGES + KSTACK_PAGES)
|
|
|
|
|
+ vm->vm_dsize + vm->vm_ssize) >= limit)
|
1998-09-14 05:36:51 +00:00
|
|
|
return (EFAULT);
|
2002-04-09 20:10:46 +00:00
|
|
|
PROC_LOCK(p);
|
2001-09-12 08:38:13 +00:00
|
|
|
fill_kinfo_proc(p, &p->p_uarea->u_kproc);
|
2002-04-09 20:10:46 +00:00
|
|
|
PROC_UNLOCK(p);
|
2001-09-12 08:38:13 +00:00
|
|
|
error = cpu_coredump(td, vp, cred);
|
1998-09-14 05:36:51 +00:00
|
|
|
if (error == 0)
|
2001-09-12 08:38:13 +00:00
|
|
|
error = vn_rdwr(UIO_WRITE, vp, vm->vm_daddr,
|
|
|
|
|
(int)ctob(vm->vm_dsize),
|
|
|
|
|
(off_t)ctob(UAREA_PAGES + KSTACK_PAGES), UIO_USERSPACE,
|
In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:
- Change fo_read() and fo_write() to accept "active_cred" instead of
"cred", and change the semantics of consumers of fo_read() and
fo_write() to pass the active credential of the thread requesting
an operation rather than the cached file cred. The cached file
cred is still available in fo_read() and fo_write() consumers
via fp->f_cred. These changes largely in sys_generic.c.
For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:
- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
pipe_read/write() now authorize MAC using active_cred rather
than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
VOP_READ/WRITE() with fp->f_cred
Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred. Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not. If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.
Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.
These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.
Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-15 20:55:08 +00:00
|
|
|
IO_UNIT | IO_DIRECT, cred, NOCRED, (int *) NULL, td);
|
1998-09-14 05:36:51 +00:00
|
|
|
if (error == 0)
|
2001-09-08 20:02:33 +00:00
|
|
|
error = vn_rdwr_inchunks(UIO_WRITE, vp,
|
1998-09-14 05:36:51 +00:00
|
|
|
(caddr_t) trunc_page(USRSTACK - ctob(vm->vm_ssize)),
|
|
|
|
|
round_page(ctob(vm->vm_ssize)),
|
2001-09-12 08:38:13 +00:00
|
|
|
(off_t)ctob(UAREA_PAGES + KSTACK_PAGES) +
|
|
|
|
|
ctob(vm->vm_dsize), UIO_USERSPACE,
|
In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:
- Change fo_read() and fo_write() to accept "active_cred" instead of
"cred", and change the semantics of consumers of fo_read() and
fo_write() to pass the active credential of the thread requesting
an operation rather than the cached file cred. The cached file
cred is still available in fo_read() and fo_write() consumers
via fp->f_cred. These changes largely in sys_generic.c.
For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:
- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
pipe_read/write() now authorize MAC using active_cred rather
than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
VOP_READ/WRITE() with fp->f_cred
Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred. Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not. If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.
Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.
These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.
Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-15 20:55:08 +00:00
|
|
|
IO_UNIT | IO_DIRECT, cred, NOCRED, (int *) NULL, td);
|
1999-09-04 13:30:18 +00:00
|
|
|
return (error);
|
1998-09-14 05:36:51 +00:00
|
|
|
}
|
|
|
|
|
|
1993-12-20 19:31:41 +00:00
|
|
|
/*
|
|
|
|
|
* Tell kern_execve.c about it, with a little help from the linker.
|
|
|
|
|
*/
|
1999-01-29 22:59:43 +00:00
|
|
|
static struct execsw aout_execsw = { exec_aout_imgact, "a.out" };
|
1998-10-16 03:55:01 +00:00
|
|
|
EXEC_SET(aout, aout_execsw);
|