From owner-svn-soc-all@FreeBSD.ORG  Tue Aug  7 10:39:42 2012
Return-Path: <owner-svn-soc-all@FreeBSD.ORG>
Delivered-To: svn-soc-all@FreeBSD.org
Received: from socsvn.FreeBSD.org (unknown [IPv6:2001:4f8:fff6::2f])
	by hub.freebsd.org (Postfix) with SMTP id DFED3106566B
	for <svn-soc-all@FreeBSD.org>; Tue,  7 Aug 2012 10:39:40 +0000 (UTC)
	(envelope-from gpf@FreeBSD.org)
Received: by socsvn.FreeBSD.org (sSMTP sendmail emulation);
	Tue, 07 Aug 2012 10:39:40 +0000
Date: Tue, 07 Aug 2012 10:39:40 +0000
From: gpf@FreeBSD.org
To: svn-soc-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-Id: <20120807103940.DFED3106566B@hub.freebsd.org>
Cc: 
Subject: socsvn commit: r240171 - soc2012/gpf/pefs_head/head/libexec/rtld-elf
X-BeenThere: svn-soc-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the entire Summer of Code repository
	<svn-soc-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-soc-all>,
	<mailto:svn-soc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-soc-all>
List-Post: <mailto:svn-soc-all@freebsd.org>
List-Help: <mailto:svn-soc-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-soc-all>,
	<mailto:svn-soc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2012 10:39:42 -0000

Author: gpf
Date: Tue Aug  7 10:39:40 2012
New Revision: 240171
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=240171

Log:
  - for every object that's being executed by rtld, check the schg flag, if
  vfs.pefs.exec.enable is turned on.
  

Modified:
  soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c

Modified: soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c
==============================================================================
--- soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c	Tue Aug  7 09:22:46 2012	(r240170)
+++ soc2012/gpf/pefs_head/head/libexec/rtld-elf/rtld.c	Tue Aug  7 10:39:40 2012	(r240171)
@@ -1937,6 +1937,23 @@
 	    return NULL;
 	}
     }
+    /* XXXgpf: check schg flag for every object */
+    {
+		int enabled, rval;
+		size_t enabled_len;
+
+		enabled_len = sizeof(enabled);
+		rval = sysctlbyname("vfs.pefs.exec.enable",	&enabled,
+					&enabled_len, 0, 0);
+
+		if (rval == 0 && enabled != 0) {
+			if ((sbp->st_flags & SF_IMMUTABLE) == 0) {
+				_rtld_error("Cannot execute object: %s without schg\n", path);
+				return NULL;
+			}
+		}
+	}
+
     dbg("loading \"%s\"", printable_path(path));
     obj = map_object(fd, printable_path(path), sbp);
     if (obj == NULL)