CVS commit: [netbsd-4-0] src/sys/kern

Sun, 20 Mar 2011 13:52:08 -0700 

Module Name:    src
Committed By:   bouyer
Date:           Sun Mar 20 20:52:01 UTC 2011

Modified Files:
        src/sys/kern [netbsd-4-0]: kern_exec.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #1421):
        sys/kern/kern_exec.c: revision 1.269 via patch
Check for number of processes resource violation in execve().


To generate a diff of this commit:
cvs rdiff -u -r1.232.2.2.6.1 -r1.232.2.2.6.2 src/sys/kern/kern_exec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.232.2.2.6.1 src/sys/kern/kern_exec.c:1.232.2.2.6.2
--- src/sys/kern/kern_exec.c:1.232.2.2.6.1	Sat Sep  5 13:45:28 2009
+++ src/sys/kern/kern_exec.c	Sun Mar 20 20:52:01 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_exec.c,v 1.232.2.2.6.1 2009/09/05 13:45:28 bouyer Exp $	*/
+/*	$NetBSD: kern_exec.c,v 1.232.2.2.6.2 2011/03/20 20:52:01 bouyer Exp $	*/
 
 /*-
  * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
@@ -33,7 +33,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.232.2.2.6.1 2009/09/05 13:45:28 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.232.2.2.6.2 2011/03/20 20:52:01 bouyer Exp $");
 
 #include "opt_ktrace.h"
 #include "opt_syscall_debug.h"
@@ -428,18 +428,40 @@
 	int			szsigcode;
 	struct exec_vmcmd	*base_vcp;
 	int			oldlwpflags;
+	uid_t			uid;
 #ifdef SYSTRACE
 	int			wassugid = ISSET(p->p_flag, P_SUGID);
 	char			pathbuf[MAXPATHLEN];
 	size_t			pathbuflen;
 #endif /* SYSTRACE */
 
+	p = l->l_proc;
+
+	/*
+	 * Check if we have exceeded our number of processes limit.
+	 * This is so that we handle the case where a root daemon
+	 * forked, ran setuid to become the desired user and is trying
+	 * to exec. The obvious place to do the reference counting check
+	 * is setuid(), but we don't do the reference counting check there
+	 * like other OS's do because then all the programs that use setuid()
+	 * must be modified to check the return code of setuid() and exit().
+	 * It is dangerous to make setuid() fail, because it fails open and
+	 * the program will continue to run as root. If we make it succeed
+	 * and return an error code, again we are not enforcing the limit.
+	 * The best place to enforce the limit is here, when the process tries
+	 * to execute a new image, because eventually the process will need
+	 * to call exec in order to do something useful.
+	 */
+
+	if ((p->p_flag & P_SUGID) && (uid = kauth_cred_getuid(l->l_cred)) != 0
+	    && chgproccnt(uid, 0) > p->p_rlimit[RLIMIT_NPROC].rlim_cur)
+		return EAGAIN;
+
 	/* Disable scheduler activation upcalls. */
 	oldlwpflags = l->l_flag & (L_SA | L_SA_UPCALL);
 	if (l->l_flag & L_SA)
 		l->l_flag &= ~(L_SA | L_SA_UPCALL);
 
-	p = l->l_proc;
 	/*
 	 * Lock the process and set the P_INEXEC flag to indicate that
 	 * it should be left alone until we're done here.  This is

Reply via email to