Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 3 Aug 2019 01:02:52 +0000 (UTC)
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r350549 - head/sys/kern
Message-ID:  <201908030102.x7312qt3078324@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: jhb
Date: Sat Aug  3 01:02:52 2019
New Revision: 350549
URL: https://svnweb.freebsd.org/changeset/base/350549

Log:
  Set ISOPEN in namei flags when opening executable interpreters.
  
  These vnodes are explicitly opened via VOP_OPEN via
  exec_check_permissions identical to the main exectuable image.
  Setting ISOPEN allows filesystems to perform suitable checks in
  VOP_LOOKUP (e.g. close-to-open consistency in the NFS client).
  
  Reviewed by:	kib
  MFC after:	1 month
  Differential Revision:	https://reviews.freebsd.org/D21129

Modified:
  head/sys/kern/imgact_elf.c
  head/sys/kern/kern_exec.c

Modified: head/sys/kern/imgact_elf.c
==============================================================================
--- head/sys/kern/imgact_elf.c	Fri Aug  2 22:58:45 2019	(r350548)
+++ head/sys/kern/imgact_elf.c	Sat Aug  3 01:02:52 2019	(r350549)
@@ -748,8 +748,8 @@ __elfN(load_file)(struct proc *p, const char *file, u_
 	imgp->object = NULL;
 	imgp->execlabel = NULL;
 
-	NDINIT(nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF, UIO_SYSSPACE, file,
-	    curthread);
+	NDINIT(nd, LOOKUP, ISOPEN | FOLLOW | LOCKSHARED | LOCKLEAF,
+	    UIO_SYSSPACE, file, curthread);
 	if ((error = namei(nd)) != 0) {
 		nd->ni_vp = NULL;
 		goto fail;

Modified: head/sys/kern/kern_exec.c
==============================================================================
--- head/sys/kern/kern_exec.c	Fri Aug  2 22:58:45 2019	(r350548)
+++ head/sys/kern/kern_exec.c	Sat Aug  3 01:02:52 2019	(r350549)
@@ -639,7 +639,7 @@ interpret:
 		free(imgp->freepath, M_TEMP);
 		imgp->freepath = NULL;
 		/* set new name to that of the interpreter */
-		NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
+		NDINIT(&nd, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME,
 		    UIO_SYSSPACE, imgp->interpreter_name, td);
 		args->fname = imgp->interpreter_name;
 		goto interpret;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908030102.x7312qt3078324>