Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 01 Aug 2002 10:11:59 -0400 (EDT)
From:      John Baldwin <jhb@FreeBSD.org>
To:        Brian Feldman <green@FreeBSD.org>
Cc:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   RE: PERFORCE change 15347 for review
Message-ID:  <XFMail.20020801101159.jhb@FreeBSD.org>
In-Reply-To: <200207312131.g6VLVV8L053036@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 31-Jul-2002 Brian Feldman wrote:
> http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15347
> 
> Change 15347 by green@green_laptop_2 on 2002/07/31 14:31:24
> 
>       mac_cred_canexec() no longer exists; use mac_check_vnode_exec().

Dropping the proc lock invalidates the credential changes and any
earlier credential changes you just made unless you ensure that the
process is single threaded before you do any of the credential
checks and before you get here.

> Affected files ...
> 
> .. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 edit
> 
> Differences ...
> 
> ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 (text+ko) ====
> 
> @@ -398,10 +398,12 @@
>           attr.va_gid;
>  
>  #ifdef MAC
> +     PROC_UNLOCK(p);
>       vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
>       will_transition = mac_execve_will_transition(oldcred, imgp->vp);
>       credential_changing |= will_transition;
>       VOP_UNLOCK(imgp->vp, 0, td);
> +     PROC_LOCK(p);
>  #endif
>  
>       if (credential_changing &&
> @@ -438,11 +440,13 @@
>                       change_egid(newcred, attr.va_gid);
>  #ifdef MAC
>               if (will_transition) {
> +                     PROC_UNLOCK(p);
>                       vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
>                       mac_execve_transition(oldcred, newcred, imgp->vp);
>                       VOP_UNLOCK(imgp->vp, 0, td);
> +                     PROC_LOCK(p);
>               }
> -#endif
> +#endif /* MAC */
>               /*
>                * Implement correct POSIX saved-id behavior.
>                */

-- 

John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20020801101159.jhb>