Commit Graph

62 Commits

Author SHA1 Message Date
ad
a9ca7a3734 Catch up with descriptor handling changes. See kern_descrip.c revision
1.173 for details.
2008-03-21 21:54:58 +00:00
yamt
22d570119a use kmem_alloc instead of malloc. 2008-01-02 19:44:36 +00:00
ad
2ecdf58c2c Remove systrace. Ok core@. 2007-12-31 15:31:24 +00:00
pooka
2780a147ca nuke the leprechaun from VOP_ACCESS
Paul Lavoie, kern/37542
2007-12-14 16:48:24 +00:00
pooka
61e8303e9d Remove the "struct lwp *" argument from all VFS and VOP interfaces.
The general trend is to remove it from all kernel interfaces and
this is a start.  In case the calling lwp is desired, curlwp should
be used.

quick consensus on tech-kern
2007-11-26 19:01:26 +00:00
dsl
b8fbaf8c4b Change the way that emulations locate files within the emulation root to
avoid having to allocate space in the 'stackgap'
  - which is very LWP unfriendly.
The additional code for non-emulation namei() is trivial, the reduction for
  the emulations is massive.
The vnode for a processes emulation root is saved in the cwdi structure
  during process exec.
If the emulation root the TRYEMULROOT flag are set, namei() will do an initial
  search for absolute pathnames in the emulation root, if that fails it will
  retry from the normal root.
".." at the emulation root will always go to the real root, even in the middle
  of paths and when expanding symlinks.
Absolute symlinks found using absolute paths in the emulation root will be
  relative to the emulation root (so /usr/lib/xxx.so -> /lib/xxx.so links
  inside the emulation root don't need changing).
If the root of the emulation would be returned (for an emulation lookup), then
  the real root is returned instead (matching the behaviour of emul_lookup,
  but being a cheap comparison here) so that programs that scan "../.."
  looking for the root dircetory don't loop forever.
The target for symbolic links is no longer mangled (it used to get the
  CHECK_ALT_xxx() treatment, so could get /emul/xxx prepended).
CHECK_ALT_xxx() are no more. Most of the change is deleting them, and adding
  TRYEMULROOT to the flags to NDINIT().
A lot of the emulation system call stubs could now be deleted.
2007-04-22 08:29:55 +00:00
christos
53524e44ef Kill caddr_t; there will be some MI fallout, but it will be fixed shortly. 2007-03-04 05:59:00 +00:00
pavel
934634a18c Change the process/lwp flags seen by userland via sysctl back to the
P_*/L_* naming convention, and rename the in-kernel flags to avoid
conflict. (P_ -> PK_, L_ -> LW_ ). Add back the (now unused) LSDEAD
constant.

Restores source compatibility with pre-newlock2 tools like ps or top.

Reviewed by Andrew Doran.
2007-02-17 22:31:36 +00:00
ad
b07ec3fc38 Merge newlock2 to head. 2007-02-09 21:55:00 +00:00
elad
368ec17e69 Remove the third argument from check_exec() and just check for ep_flags
in the exec_package to know if we need to use VERIEXEC_DIRECT or
VERIEXEC_INDIRECT.

Suggested by and okay yamt@
2006-12-20 11:35:29 +00:00
dogcow
c959b3c4bd at the request of elad, as veriexec.h has returned, revert the changes
from 2006-07-25.
2006-07-26 09:33:57 +00:00
dogcow
cc44d2fe07 mechanically go through and
s,include "veriexec.h",include <sys/verified_exec.h>,
as the former has apparently gone away.
2006-07-25 00:23:06 +00:00
elad
5d611badde some fixes:
- adapt to NVERIEXEC in init_sysctl.c.
  - we now need "veriexec.h" for NVERIEXEC.
  - "opt_verified_exec.h" -> "opt_veriexec.h", and include it only where
    it is needed.
2006-07-24 16:37:28 +00:00
ad
f474dceb13 Use the LWP cached credentials where sane. 2006-07-23 22:06:03 +00:00
elad
a92c1615a4 deprecate the VERIFIED_EXEC option; now we only need the pseudo-device to
enable it. while here, some config file tweaks.

tons of input from cube@ (thanks!) and okay blymn@.
2006-07-22 10:34:26 +00:00
elad
215bd95ba4 integrate kauth. 2006-05-14 21:15:11 +00:00
christos
5a57baa413 don't use MALLOC with a non-constant size; use malloc instead. 2006-03-17 23:29:07 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
elad
753edff337 #ifdef VERIFIED_EXEC 2005-07-29 14:49:00 +00:00
christos
9213de1869 catch up with verified exec defopt changes. 2005-07-17 05:22:34 +00:00
christos
1510fe1543 defopt verified_exec. 2005-07-16 22:47:18 +00:00
elad
1b7133edad From marius@openbsd:
Fix an issue when scripts are executed under systrace where the argv[0]
would be normalized, and hence break scripts that depend on how they were
called.
2005-06-27 17:11:20 +00:00
elad
8ebc2e9bee From marius@openbsd:
Add an exec message so that whenever a set-uid/gid process executes a new
image which we may control, the exec does not go by unnoticed.
2005-06-26 19:58:29 +00:00
elad
5888b16eef Some changes in veriexec.
New features:

  - Add a veriexec_report() routine to make most reporting consistent and
    remove some common code.
  - Add 'strict' mode that controls how veriexec behaves.
  - Add sysctl knobs:
     o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
     o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
       documentation in sysctl(3) for details.
     o kern.veriexec.algorithms returns a string with a space separated
       list of supported hashing algorithms in veriexec.
  - Updated documentation in man pages for sysctl(3) and sysctl(8).

Bug fixes:

  - veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
    correctly.
  - exec_script(): Don't pass 0 as flag when executing a script; use the
    defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
    enforcement work.
  - Fix some printing formats and types..
2005-05-19 20:16:19 +00:00
matt
2f15be42ae Check to see if the script has an ELF header, and if so, return ENOEXEC. 2004-11-04 23:55:28 +00:00
itojun
d2f1c029b9 kill sprintf, use snprintf 2004-04-21 18:40:37 +00:00
fvdl
d5aece61d6 Back out the lwp/ktrace changes. They contained a lot of colateral damage,
and need to be examined and discussed more.
2003-06-29 22:28:00 +00:00
darrenr
960df3c8d1 Pass lwp pointers throughtout the kernel, as required, so that the lwpid can
be inserted into ktrace records.  The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V
2003-06-28 14:20:43 +00:00
itojun
f265a4a4da use strlcpy. [fixed off-by-one in subr_prop.c] 2003-05-16 14:25:02 +00:00
perry
a6e07c4e35 grow #! line length -- patch from cgd, fixes PR kern/20112 from Todd Vierling 2003-04-02 00:58:56 +00:00
blymn
29b7b4241f Added support for fingerprinted executables aka verified exec 2002-10-29 12:31:20 +00:00
provos
0f09ed48a5 remove trailing \n in panic(). approved perry. 2002-09-27 15:35:29 +00:00
lukem
adc783d537 add RCSIDs 2001-11-12 15:25:01 +00:00
thorpej
7660fd850d In check_exec(), don't bother checking P_TRACED along with
MNT_NOSUID, just check MNT_NOSUID to clear the S{U,G}ID bits
in the attributes for the vnode we're about to exec.

We now check P_TRACED right before we would actually perform
the s{u,g}id function in the exec code.

This closes a race condition between exec of a setuid binary
and ptrace(2).
2001-06-15 17:24:19 +00:00
thorpej
80cc38a1af Fix a partial construction problem that can cause race conditions
between creation of a file descriptor and close(2) when using kernel
assisted threads.  What we do is stick descriptors in the table, but
mark them as "larval".  This causes essentially everything to treat
it as a non-existent descriptor, except for fdalloc(), which sees a
filled slot so that it won't (incorrectly) allocate it again.  When
a descriptor is fully constructed, the code that has constructed it
marks it as "mature" (which actually clears the "larval" flag), and
things continue to work as normal.

While here, gather all the code that gets a descriptor from the table
into a fd_getfile() function, and call it, rather than having the
same (sometimes incorrect) code copied all over the place.
2001-06-14 20:32:41 +00:00
jdolecek
baae0324b9 restructure struct emul and execsw, in preparation to make emulations LKMable:
* move all exec-type specific information from struct emul to execsw[] and
  provide single struct emul per emulation
* elf:
  - kern/exec_elf32.c:probe_funcs[] is gone, execsw[] how has one entry
    per emulation and contains pointer to respective probe function
  - interp is allocated via MALLOC() rather than on stack
  - elf_args structure is allocated via MALLOC() rather than malloc()
* ecoff: the per-emulation hooks moved from alpha and mips specific code
  to OSF1 and Ultrix compat code as appropriate, execsw[] has one entry per
  emulation supporting ecoff with appropriate probe function
* the makecmds/probe functions don't set emulation, pointer to emulation is
  part of appropriate execsw[] entry
* constify couple of structures
2000-11-21 00:37:49 +00:00
thorpej
7cc27a88c0 Convert namei pathname buffer allocation to use the pool allocator. 2000-08-03 20:41:05 +00:00
thorpej
cd32ace8bb ANSI'ify. 2000-08-01 04:57:28 +00:00
mrg
32aa199ccf remove include of <vm/vm.h> 2000-06-27 17:41:07 +00:00
assar
e4b59906e1 (exec_script_makecmds): remove declaration of vnops, now in
<sys/file.h>
2000-02-01 01:23:29 +00:00
tv
4c9c896cc8 FILE_UNUSE wasn't updated in the FDSCRIPTS block. 1999-05-07 17:38:41 +00:00
thorpej
e3669c3393 Add "use counting" to file entries. When closing a file, and it's reference
count is 0, wait for use count to drain before finishing the close.

This is necessary in order for multiple processes to safely share file
descriptor tables.
1999-05-05 20:01:01 +00:00
wrstuden
0078fc50dc Modify VOP_CLOSE vnode op to always take a locked vnode. Change vn_close
to pass down a locked node. Modify union_copyup() to call VOP_CLOSE
locked nodes.

Also fix a bug in union_copyup() where a lock on the lower vnode would
only be released if VOP_OPEN didn't fail.
1999-02-26 23:38:55 +00:00
fvdl
e5bc90f40c Merge with Lite2 + local changes 1998-03-01 02:20:01 +00:00
christos
2b0c0d95ab Make this work for SETUIDSCRIPTS:
- include <sys/stat.h> for S_ISUID, S_ISGID
- fix bug where shortcut to fail would use uninitialized variables.
- elide other warnings.
1997-07-08 02:32:02 +00:00
mycroft
d7f33c5e60 va_mode contains stat bits. Use S_IS[UG]ID rather than VS[UG]ID. 1997-05-08 10:19:10 +00:00
christos
f443b89c92 backout previous kprintf change 1996-10-13 02:32:29 +00:00
christos
60d201973e printf -> kprintf, sprintf -> ksprintf 1996-10-10 22:46:11 +00:00
cgd
3b34cba879 exec vnode locking protocol changes: in a nutshell, don't keep vnodes
locked for any longer than we have to.
1996-09-30 23:18:43 +00:00
christos
8a5b1b92e2 First pass at prototyping 1996-02-04 02:15:01 +00:00