From owner-p4-projects@FreeBSD.ORG Thu Jul 18 22:54:41 2013 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 39954359; Thu, 18 Jul 2013 22:54:41 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id EB40E357 for ; Thu, 18 Jul 2013 22:54:40 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74]) by mx1.freebsd.org (Postfix) with ESMTP id C173FDE1 for ; Thu, 18 Jul 2013 22:54:40 +0000 (UTC) Received: from skunkworks.freebsd.org ([127.0.1.74]) by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r6IMse2O025497 for ; Thu, 18 Jul 2013 22:54:40 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r6IMseCZ025492 for perforce@freebsd.org; Thu, 18 Jul 2013 22:54:40 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 18 Jul 2013 22:54:40 GMT Message-Id: <201307182254.r6IMseCZ025492@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 231269 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jul 2013 22:54:41 -0000 http://p4web.freebsd.org/@@231269?ac=10 Change 231269 by rwatson@rwatson_cinnamon on 2013/07/18 22:53:40 When a credential is changed, it's OK if setsugid() is set before the change rather than after, since it's a process rather than credential property. This fixes a TESLA false positive in execve() in which setsugid() is called once up-front if the credential will be modified by at least one if setuid, setgid, etc, rather than after as occurs in the system calls setuid(), setgid(), and so on. Affected files ... .. //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#3 edit Differences ... ==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#3 (text+ko) ==== @@ -2156,7 +2156,8 @@ == 0) || previously(mac_cred_check_setresuid(ANY(ptr), ANY(int), euid, ANY(int)) == 0)); - TESLA_SYSCALL(eventually(called(setsugid))); + TESLA_SYSCALL(previously(called(setsugid)) || + eventually(called(setsugid))); newcred->cr_uid = euid; uihold(euip); @@ -2180,7 +2181,8 @@ == 0) || previously(mac_cred_check_setresgid(ANY(ptr), ANY(int), egid, ANY(int)) == 0)); - TESLA_SYSCALL(eventually(called(setsugid))); + TESLA_SYSCALL(previously(called(setsugid)) || + eventually(called(setsugid))); newcred->cr_groups[0] = egid; } @@ -2204,7 +2206,8 @@ == 0) || previously(mac_cred_check_setresuid(ANY(ptr), ruid, ANY(int), ANY(int)) == 0)); - TESLA_SYSCALL(eventually(called(setsugid))); + TESLA_SYSCALL(previously(called(setsugid)) || + eventually(called(setsugid))); (void)chgproccnt(newcred->cr_ruidinfo, -1, 0); newcred->cr_ruid = ruid; @@ -2230,7 +2233,8 @@ == 0) || previously(mac_cred_check_setresgid(ANY(ptr), rgid, ANY(int), ANY(int)) == 0)); - TESLA_SYSCALL(eventually(called(setsugid))); + TESLA_SYSCALL(previously(called(setsugid)) || + eventually(called(setsugid))); newcred->cr_rgid = rgid; } @@ -2251,7 +2255,8 @@ ANY(int)) == 0) || previously(mac_cred_check_setresuid(ANY(ptr), ANY(int), ANY(int), ANY(int)) == 0)); - TESLA_SYSCALL(eventually(called(setsugid))); + TESLA_SYSCALL(previously(called(setsugid)) || + eventually(called(setsugid))); newcred->cr_svuid = svuid; } @@ -2272,7 +2277,8 @@ == 0) || previously(mac_cred_check_setresgid(ANY(ptr), ANY(int), ANY(int), ANY(int)) == 0)); - TESLA_SYSCALL(eventually(called(setsugid))); + TESLA_SYSCALL(previously(called(setsugid)) || + eventually(called(setsugid))); newcred->cr_svgid = svgid; }