AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-01-03 08:11:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

2002-05-12 Roland McGrath <roland@frob.com>

Browse Source 
* hurd/hurdexec.c (_hurd_exec): Reauthenticate ports/dtable used in
	file_exec to effect svuid=euid, svgid=egid if that is not a no-op.
This commit is contained in:
Roland McGrath 2002-05-13 01:27:28 +00:00
parent 8f7500ba69
commit 98e1c93a21
1 changed files with 189 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

183
hurd/hurdexec.c
View File

@ -1,4 +1,5 @@
/* Copyright (C) 1991,92,93,94,95,96,97,99,2001 Free Software Foundation, Inc. /* Copyright (C) 1991,92,93,94,95,96,97,99,2001,02
Free Software Foundation, Inc.
This file is part of the GNU C Library. This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or The GNU C Library is free software; you can redistribute it and/or
@ -25,6 +26,7 @@
#include <hurd.h> #include <hurd.h>
#include <hurd/fd.h> #include <hurd/fd.h>
#include <hurd/signal.h> #include <hurd/signal.h>
#include <hurd/id.h>
#include <assert.h> #include <assert.h>
#include <argz.h> #include <argz.h>
@ -41,12 +43,17 @@ _hurd_exec (task_t task, file_t file,
int ints[INIT_INT_MAX]; int ints[INIT_INT_MAX];
mach_port_t ports[_hurd_nports]; mach_port_t ports[_hurd_nports];
struct hurd_userlink ulink_ports[_hurd_nports]; struct hurd_userlink ulink_ports[_hurd_nports];
inline void free_port (unsigned int i)
{
_hurd_port_free (&_hurd_ports[i], &ulink_ports[i], ports[i]);
}
file_t *dtable; file_t *dtable;
unsigned int dtablesize, i; unsigned int dtablesize, i;
struct hurd_port **dtable_cells; struct hurd_port **dtable_cells;
struct hurd_userlink *ulink_dtable; struct hurd_userlink *ulink_dtable;
struct hurd_sigstate *ss; struct hurd_sigstate *ss;
mach_port_t *please_dealloc, *pdp; mach_port_t *please_dealloc, *pdp;
int reauth = 0;
/* XXX needs to be hurdmalloc XXX */ /* XXX needs to be hurdmalloc XXX */
if (argv == NULL) if (argv == NULL)
@ -67,7 +74,7 @@ _hurd_exec (task_t task, file_t file,
if (err = __USEPORT (PROC, __proc_task2proc (port, task, &ports[i]))) if (err = __USEPORT (PROC, __proc_task2proc (port, task, &ports[i])))
{ {
while (--i > 0) while (--i > 0)
_hurd_port_free (&_hurd_ports[i], &ulink_ports[i], ports[i]); free_port (i);
goto outenv; goto outenv;
} }
} }
@ -132,7 +139,7 @@ _hurd_exec (task_t task, file_t file,
them, the new program would have duplicate user references for them. them, the new program would have duplicate user references for them.
But we cannot deallocate them ourselves, because we must still have But we cannot deallocate them ourselves, because we must still have
them after a failed exec call. */ them after a failed exec call. */
please_dealloc = __alloca ((_hurd_nports + (2 * dtablesize)) please_dealloc = __alloca ((_hurd_nports + 3 + (3 * dtablesize))
* sizeof (mach_port_t)); * sizeof (mach_port_t));
else else
please_dealloc = NULL; please_dealloc = NULL;
@ -190,19 +197,155 @@ _hurd_exec (task_t task, file_t file,
while (dtablesize > 0 && dtable[dtablesize - 1] == MACH_PORT_NULL) while (dtablesize > 0 && dtable[dtablesize - 1] == MACH_PORT_NULL)
--dtablesize; --dtablesize;
/* The information is all set up now. Try to exec the file. */ /* See if we need to diddle the auth port of the new program.
The purpose of this is to get the effect setting the saved-set UID and
GID to the respective effective IDs after the exec, as POSIX.1 requires.
Note that we don't reauthenticate with the proc server; that would be a
no-op since it only keeps track of the effective UIDs, and if it did
keep track of the available IDs we would have the problem that we'd be
changing the IDs before the exec and have to change them back after a
failure. Arguably we could skip all the reauthentications because the
available IDs have no bearing on any filesystem. But the conservative
approach is to reauthenticate all the io ports so that no state anywhere
reflects that our whole ID set differs from what we've set it to. */
__mutex_lock (&_hurd_id.lock);
err = _hurd_check_ids ();
if (err == 0 && ((_hurd_id.aux.nuids >= 2 && _hurd_id.gen.nuids >= 1
&& _hurd_id.aux.uids[1] != _hurd_id.gen.uids[0])
|| (_hurd_id.aux.ngids >= 2 && _hurd_id.gen.ngids >= 1
&& _hurd_id.aux.gids[1] != _hurd_id.gen.gids[0])))
{
/* We have euid != svuid or egid != svgid. POSIX.1 says that exec
sets svuid = euid and svgid = egid. So we must get a new auth
port and reauthenticate everything with it. We'll pass the new
ports in file_exec instead of our own ports. */
auth_t newauth;
_hurd_id.aux.uids[1] = _hurd_id.gen.uids[0];
_hurd_id.aux.gids[1] = _hurd_id.gen.gids[0];
_hurd_id.valid = 0;
if (_hurd_id.rid_auth != MACH_PORT_NULL)
{
__mach_port_deallocate (__mach_task_self (), _hurd_id.rid_auth);
_hurd_id.rid_auth = MACH_PORT_NULL;
}
err = __auth_makeauth (ports[INIT_PORT_AUTH],
NULL, MACH_MSG_TYPE_COPY_SEND, 0,
_hurd_id.gen.uids, _hurd_id.gen.nuids,
_hurd_id.aux.uids, _hurd_id.aux.nuids,
_hurd_id.gen.gids, _hurd_id.gen.ngids,
_hurd_id.aux.gids, _hurd_id.aux.ngids,
&newauth);
if (err == 0)
{
/* Now we have to reauthenticate the ports with this new ID.
*/
inline error_t reauth_io (io_t port, io_t *newport)
{
mach_port_t ref = __mach_reply_port ();
*newport = MACH_PORT_NULL;
error_t err = __io_reauthenticate (port,
ref, MACH_MSG_TYPE_MAKE_SEND);
if (!err)
err = __auth_user_authenticate (newauth,
ref, MACH_MSG_TYPE_MAKE_SEND,
newport);
__mach_port_destroy (__mach_task_self (), ref);
return err;
}
inline void reauth_port (unsigned int idx)
{
io_t newport;
err = reauth_io (ports[idx], &newport) ?: err;
if (pdp)
*pdp++ = ports[idx]; /* XXX presumed still in _hurd_ports */
free_port (idx);
ports[idx] = newport;
}
if (pdp)
*pdp++ = ports[INIT_PORT_AUTH];
free_port (INIT_PORT_AUTH);
ports[INIT_PORT_AUTH] = newauth;
reauth_port (INIT_PORT_CRDIR);
reauth_port (INIT_PORT_CWDIR);
if (!err)
{
/* Now we'll reauthenticate each file descriptor. */
if (ulink_dtable == NULL)
{
assert (dtable == _hurd_init_dtable);
dtable = __alloca (dtablesize * sizeof (dtable[0]));
for (i = 0; i < dtablesize; ++i)
if (_hurd_init_dtable[i] != MACH_PORT_NULL)
{
if (pdp)
*pdp++ = _hurd_init_dtable[i];
err = reauth_io (_hurd_init_dtable[i], &dtable[i]);
if (err)
{
while (++i < dtablesize)
dtable[i] = MACH_PORT_NULL;
break;
}
}
else
dtable[i] = MACH_PORT_NULL;
}
else
{
if (pdp)
{
/* Ask to deallocate all the old fd ports,
since we will have new ones in DTABLE. */
memcpy (pdp, dtable, dtablesize * sizeof pdp[0]);
pdp += dtablesize;
}
for (i = 0; i < dtablesize; ++i)
if (dtable[i] != MACH_PORT_NULL)
{
io_t newport;
err = reauth_io (dtable[i], &newport);
_hurd_port_free (dtable_cells[i], &ulink_dtable[i],
dtable[i]);
dtable[i] = newport;
if (err)
{
while (++i < dtablesize)
_hurd_port_free (dtable_cells[i],
&ulink_dtable[i], dtable[i]);
break;
}
}
ulink_dtable = NULL;
dtable_cells = NULL;
}
}
}
reauth = 1;
}
__mutex_unlock (&_hurd_id.lock);
/* The information is all set up now. Try to exec the file. */
if (!err)
{ {
int flags; int flags;
if (pdp) if (pdp)
{ {
/* Request the exec server to deallocate some ports from us if the exec /* Request the exec server to deallocate some ports from us if
succeeds. The init ports and descriptor ports will arrive in the the exec succeeds. The init ports and descriptor ports will
new program's exec_startup message. If we failed to deallocate arrive in the new program's exec_startup message. If we
them, the new program would have duplicate user references for them. failed to deallocate them, the new program would have
But we cannot deallocate them ourselves, because we must still have duplicate user references for them. But we cannot deallocate
them after a failed exec call. */ them ourselves, because we must still have them after a failed
exec call. */
for (i = 0; i < _hurd_nports; ++i) for (i = 0; i < _hurd_nports; ++i)
*pdp++ = ports[i]; *pdp++ = ports[i];
@ -212,9 +355,10 @@ _hurd_exec (task_t task, file_t file,
flags = 0; flags = 0;
#ifdef EXEC_SIGTRAP #ifdef EXEC_SIGTRAP
/* PTRACE_TRACEME sets all bits in _hurdsig_traced, which is propagated /* PTRACE_TRACEME sets all bits in _hurdsig_traced, which is
through exec by INIT_TRACEMASK, so this checks if PTRACE_TRACEME has propagated through exec by INIT_TRACEMASK, so this checks if
been called in this process in any of its current or prior lives. */ PTRACE_TRACEME has been called in this process in any of its
current or prior lives. */
if (__sigismember (&_hurdsig_traced, SIGKILL)) if (__sigismember (&_hurdsig_traced, SIGKILL))
flags |= EXEC_SIGTRAP; flags |= EXEC_SIGTRAP;
#endif #endif
@ -229,16 +373,23 @@ _hurd_exec (task_t task, file_t file,
/* Release references to the standard ports. */ /* Release references to the standard ports. */
for (i = 0; i < _hurd_nports; ++i) for (i = 0; i < _hurd_nports; ++i)
if (i == INIT_PORT_PROC && task != __mach_task_self ()) if ((i == INIT_PORT_PROC && task != __mach_task_self ())
|| (reauth && (i == INIT_PORT_AUTH
|| i == INIT_PORT_CRDIR || i == INIT_PORT_CWDIR)))
__mach_port_deallocate (__mach_task_self (), ports[i]); __mach_port_deallocate (__mach_task_self (), ports[i]);
else else
_hurd_port_free (&_hurd_ports[i], &ulink_ports[i], ports[i]); free_port (i);
if (ulink_dtable != NULL)
/* Release references to the file descriptor ports. */ /* Release references to the file descriptor ports. */
if (ulink_dtable != NULL)
{
for (i = 0; i < dtablesize; ++i) for (i = 0; i < dtablesize; ++i)
if (dtable[i] != MACH_PORT_NULL) if (dtable[i] != MACH_PORT_NULL)
_hurd_port_free (dtable_cells[i], &ulink_dtable[i], dtable[i]); _hurd_port_free (dtable_cells[i], &ulink_dtable[i], dtable[i]);
}
else if (dtable && dtable != _hurd_init_dtable)
for (i = 0; i < dtablesize; ++i)
__mach_port_deallocate (__mach_task_self (), dtable[i]);
/* Release lock on the file descriptor table. */ /* Release lock on the file descriptor table. */
__mutex_unlock (&_hurd_dtable_lock); __mutex_unlock (&_hurd_dtable_lock);