Date: Sun, 3 Aug 1997 11:21:38 -0700 From: Sean Eric Fagan <sef@Kithrup.COM> To: security@freebsd.org Subject: Proposed alternate patch for the rfork vulnerability Message-ID: <199708031821.LAA18374@kithrup.com>
next in thread | raw e-mail | index | archive | help
I haven't looked at the rfork code extensively... I should. However, something similar to the following should be done for every shared resource that might be inhereted across a fork. (However, what are those? Looking at /sys/sys/unistd.h, it doesn't look like we actually implement anything other than shared VM [which is hosed across an exec anyway], no wait on child [which isn't relevent to this], and the fd table copying and zeroing... and that's what comes into play across an exec... So maybe this is all that should be necessary.) I haven't extensively tested this; I ran the included program, and I am currently up multiuser with my patched kernel. *** kern_exec.c.~1~ Sat Nov 9 02:42:28 1996 --- kern_exec.c Sun Aug 3 11:14:06 1997 *************** *** 325,330 **** --- 325,338 ---- vrele(ndp->ni_vp); FREE(ndp->ni_cnd.cn_pnbuf, M_NAMEI); + if (p->p_fd->fd_refcnt > 1) { + struct filedesc *tmp; + + tmp = fdcopy(p); + fdfree(p); + p->p_fd = tmp; + } + return (0); exec_fail_dealloc:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708031821.LAA18374>