Date: Tue, 10 Jul 2001 18:27:40 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: jack <jack@germanium.xtalwind.net> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01: (fwd) Message-ID: <20010710182740.A41405@lanczos.maths.tcd.ie> In-Reply-To: <20010710131705.E40988-100000@germanium.xtalwind.net>; from jack@germanium.xtalwind.net on Tue, Jul 10, 2001 at 01:20:36PM -0400 References: <20010710131705.E40988-100000@germanium.xtalwind.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 10, 2001 at 01:20:36PM -0400, jack wrote:
> There is no SA-01:42 directory under /pub/FreeBSD/CERT/patches
It seems the ftp mirrors haven't picked up the patch yet. I've
included the diff from the CVS tree...
David.
Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.107.2.7 src/sys/kern/kern_exec.c:1.107.2.8
--- src/sys/kern/kern_exec.c:1.107.2.7 Sun Jun 17 00:39:08 2001
+++ src/sys/kern/kern_exec.c Mon Jul 9 20:03:13 2001
@@ -29,7 +29,6 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/sysproto.h>
-#include <sys/signalvar.h>
#include <sys/kernel.h>
#include <sys/mount.h>
#include <sys/filedesc.h>
@@ -39,9 +38,10 @@
#include <sys/imgact.h>
#include <sys/imgact_elf.h>
#include <sys/wait.h>
+#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/signalvar.h>
#include <sys/pioctl.h>
-#include <sys/malloc.h>
#include <sys/namei.h>
#include <sys/sysent.h>
#include <sys/shm.h>
@@ -59,6 +59,7 @@
#include <vm/vm_object.h>
#include <vm/vm_pager.h>
+#include <sys/user.h>
#include <machine/reg.h>
MALLOC_DEFINE(M_PARGS, "proc-args", "Process arguments");
@@ -244,6 +245,28 @@
tmp = fdcopy(p);
fdfree(p);
p->p_fd = tmp;
+ }
+
+ /*
+ * For security and other reasons, signal handlers cannot
+ * be shared after an exec. The new proces gets a copy of the old
+ * handlers. In execsigs(), the new process wll have its signals
+ * reset.
+ */
+ if (p->p_procsig->ps_refcnt > 1) {
+ struct procsig *newprocsig;
+
+ MALLOC(newprocsig, struct procsig *, sizeof(struct procsig),
+ M_SUBPROC, M_WAITOK);
+ bcopy(p->p_procsig, newprocsig, sizeof(*newprocsig));
+ p->p_procsig->ps_refcnt--;
+ p->p_procsig = newprocsig;
+ p->p_procsig->ps_refcnt = 1;
+ if (p->p_sigacts == &p->p_addr->u_sigacts)
+ panic("shared procsig but private sigacts?\n");
+
+ p->p_addr->u_sigacts = *p->p_sigacts;
+ p->p_sigacts = &p->p_addr->u_sigacts;
}
/* Stop profiling */
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010710182740.A41405>