Date: Sun, 28 Jul 2002 13:18:50 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 15067 for review Message-ID: <200207282018.g6SKIofm082558@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15067 Change 15067 by rwatson@rwatson_paprika on 2002/07/28 13:18:13 Avoid entering mac_execve_transition() if the MAC framework hasn't previously indicated a transition will take place. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#25 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#25 (text+ko) ==== @@ -144,6 +144,9 @@ #endif struct vnode *textvp = NULL, *textdvp = NULL; int credential_changing; +#ifdef MAC + int will_transition; +#endif imgp = &image_params; @@ -379,7 +382,8 @@ attr.va_gid); #ifdef MAC vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td); - credential_changing |= mac_execve_will_transition(oldcred, imgp->vp); + will_transition = mac_execve_will_transition(oldcred, imgp->vp); + credential_changing |= will_transition; VOP_UNLOCK(imgp->vp, 0, td); #endif @@ -420,9 +424,11 @@ if (attr.va_mode & VSGID) change_egid(newcred, attr.va_gid); #ifdef MAC - vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td); - mac_execve_transition(oldcred, newcred, imgp->vp); - VOP_UNLOCK(imgp->vp, 0, td); + if (will_transition) { + vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td); + mac_execve_transition(oldcred, newcred, imgp->vp); + VOP_UNLOCK(imgp->vp, 0, td); + } #endif setugidsafety(td); /* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207282018.g6SKIofm082558>