From owner-p4-projects Thu Aug 1 7:12:23 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id ED5FF37B407; Thu, 1 Aug 2002 07:12:00 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 551D337B405 for ; Thu, 1 Aug 2002 07:12:00 -0700 (PDT) Received: from mail.speakeasy.net (mail17.speakeasy.net [216.254.0.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9140543E6A for ; Thu, 1 Aug 2002 07:11:59 -0700 (PDT) (envelope-from jhb@FreeBSD.org) Received: (qmail 24169 invoked from network); 1 Aug 2002 14:11:58 -0000 Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) by mail17.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 1 Aug 2002 14:11:58 -0000 Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.12.5/8.12.5) with ESMTP id g71EBvuR060702; Thu, 1 Aug 2002 10:11:57 -0400 (EDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.5.2 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200207312131.g6VLVV8L053036@freefall.freebsd.org> Date: Thu, 01 Aug 2002 10:11:59 -0400 (EDT) From: John Baldwin To: Brian Feldman Subject: RE: PERFORCE change 15347 for review Cc: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 31-Jul-2002 Brian Feldman wrote: > http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15347 > > Change 15347 by green@green_laptop_2 on 2002/07/31 14:31:24 > > mac_cred_canexec() no longer exists; use mac_check_vnode_exec(). Dropping the proc lock invalidates the credential changes and any earlier credential changes you just made unless you ensure that the process is single threaded before you do any of the credential checks and before you get here. > Affected files ... > > .. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 edit > > Differences ... > > ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 (text+ko) ==== > > @@ -398,10 +398,12 @@ > attr.va_gid; > > #ifdef MAC > + PROC_UNLOCK(p); > vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td); > will_transition = mac_execve_will_transition(oldcred, imgp->vp); > credential_changing |= will_transition; > VOP_UNLOCK(imgp->vp, 0, td); > + PROC_LOCK(p); > #endif > > if (credential_changing && > @@ -438,11 +440,13 @@ > change_egid(newcred, attr.va_gid); > #ifdef MAC > if (will_transition) { > + PROC_UNLOCK(p); > vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td); > mac_execve_transition(oldcred, newcred, imgp->vp); > VOP_UNLOCK(imgp->vp, 0, td); > + PROC_LOCK(p); > } > -#endif > +#endif /* MAC */ > /* > * Implement correct POSIX saved-id behavior. > */ -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message