Date: Tue, 07 Aug 2012 10:39:40 +0000 From: gpf@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r240171 - soc2012/gpf/pefs_head/head/libexec/rtld-elf Message-ID: <20120807103940.DFED3106566B@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gpf Date: Tue Aug 7 10:39:40 2012 New Revision: 240171 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=240171 Log: - for every object that's being executed by rtld, check the schg flag, if vfs.pefs.exec.enable is turned on. Modified: soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c Modified: soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c ============================================================================== --- soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c Tue Aug 7 09:22:46 2012 (r240170) +++ soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c Tue Aug 7 10:39:40 2012 (r240171) @@ -1937,6 +1937,23 @@ return NULL; } } + /* XXXgpf: check schg flag for every object */ + { + int enabled, rval; + size_t enabled_len; + + enabled_len = sizeof(enabled); + rval = sysctlbyname("vfs.pefs.exec.enable", &enabled, + &enabled_len, 0, 0); + + if (rval == 0 && enabled != 0) { + if ((sbp->st_flags & SF_IMMUTABLE) == 0) { + _rtld_error("Cannot execute object: %s without schg\n", path); + return NULL; + } + } + } + dbg("loading \"%s\"", printable_path(path)); obj = map_object(fd, printable_path(path), sbp); if (obj == NULL)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120807103940.DFED3106566B>