Date: Sun, 3 Aug 1997 11:21:38 -0700 From: Sean Eric Fagan <sef@Kithrup.COM> To: security@freebsd.org Subject: Proposed alternate patch for the rfork vulnerability Message-ID: <199708031821.LAA18374@kithrup.com>
index | next in thread | raw e-mail
I haven't looked at the rfork code extensively... I should. However,
something similar to the following should be done for every shared resource
that might be inhereted across a fork. (However, what are those? Looking at
/sys/sys/unistd.h, it doesn't look like we actually implement anything other
than shared VM [which is hosed across an exec anyway], no wait on child
[which isn't relevent to this], and the fd table copying and zeroing... and
that's what comes into play across an exec... So maybe this is all that
should be necessary.)
I haven't extensively tested this; I ran the included program, and I am
currently up multiuser with my patched kernel.
*** kern_exec.c.~1~ Sat Nov 9 02:42:28 1996
--- kern_exec.c Sun Aug 3 11:14:06 1997
***************
*** 325,330 ****
--- 325,338 ----
vrele(ndp->ni_vp);
FREE(ndp->ni_cnd.cn_pnbuf, M_NAMEI);
+ if (p->p_fd->fd_refcnt > 1) {
+ struct filedesc *tmp;
+
+ tmp = fdcopy(p);
+ fdfree(p);
+ p->p_fd = tmp;
+ }
+
return (0);
exec_fail_dealloc:
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708031821.LAA18374>