From owner-freebsd-stable  Tue Jul 10 10:27:47 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by hub.freebsd.org (Postfix) with SMTP id 0DE9137B401
	for <freebsd-stable@FreeBSD.ORG>; Tue, 10 Jul 2001 10:27:43 -0700 (PDT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from lanczos.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa14711@salmon>; 10 Jul 2001 18:27:42 +0100 (BST)
Date: Tue, 10 Jul 2001 18:27:40 +0100
From: David Malone <dwmalone@maths.tcd.ie>
To: jack <jack@germanium.xtalwind.net>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01: (fwd)
Message-ID: <20010710182740.A41405@lanczos.maths.tcd.ie>
References: <20010710131705.E40988-100000@germanium.xtalwind.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010710131705.E40988-100000@germanium.xtalwind.net>; from jack@germanium.xtalwind.net on Tue, Jul 10, 2001 at 01:20:36PM -0400
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Tue, Jul 10, 2001 at 01:20:36PM -0400, jack wrote:
> There is no SA-01:42 directory under /pub/FreeBSD/CERT/patches

It seems the ftp mirrors haven't picked up the patch yet. I've
included the diff from the CVS tree...

	David.

Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.107.2.7 src/sys/kern/kern_exec.c:1.107.2.8
--- src/sys/kern/kern_exec.c:1.107.2.7	Sun Jun 17 00:39:08 2001
+++ src/sys/kern/kern_exec.c	Mon Jul  9 20:03:13 2001
@@ -29,7 +29,6 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/sysproto.h>
-#include <sys/signalvar.h>
 #include <sys/kernel.h>
 #include <sys/mount.h>
 #include <sys/filedesc.h>
@@ -39,9 +38,10 @@
 #include <sys/imgact.h>
 #include <sys/imgact_elf.h>
 #include <sys/wait.h>
+#include <sys/malloc.h>
 #include <sys/proc.h>
+#include <sys/signalvar.h>
 #include <sys/pioctl.h>
-#include <sys/malloc.h>
 #include <sys/namei.h>
 #include <sys/sysent.h>
 #include <sys/shm.h>
@@ -59,6 +59,7 @@
 #include <vm/vm_object.h>
 #include <vm/vm_pager.h>
 
+#include <sys/user.h>
 #include <machine/reg.h>
 
 MALLOC_DEFINE(M_PARGS, "proc-args", "Process arguments");
@@ -244,6 +245,28 @@
 		tmp = fdcopy(p);
 		fdfree(p);
 		p->p_fd = tmp;
+	}
+
+	/*
+	 * For security and other reasons, signal handlers cannot
+	 * be shared after an exec. The new proces gets a copy of the old
+	 * handlers. In execsigs(), the new process wll have its signals
+	 * reset.
+	 */
+	if (p->p_procsig->ps_refcnt > 1) {
+		struct procsig *newprocsig;
+
+		MALLOC(newprocsig, struct procsig *, sizeof(struct procsig),
+		       M_SUBPROC, M_WAITOK);
+		bcopy(p->p_procsig, newprocsig, sizeof(*newprocsig));
+		p->p_procsig->ps_refcnt--;
+		p->p_procsig = newprocsig;
+		p->p_procsig->ps_refcnt = 1;
+		if (p->p_sigacts == &p->p_addr->u_sigacts)
+			panic("shared procsig but private sigacts?\n");
+
+		p->p_addr->u_sigacts = *p->p_sigacts;
+		p->p_sigacts = &p->p_addr->u_sigacts;
 	}
 
 	/* Stop profiling */

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message