diff options
| author | marius eriksen <marius@cvs.openbsd.org> | 2004-06-23 05:16:36 +0000 |
|---|---|---|
| committer | marius eriksen <marius@cvs.openbsd.org> | 2004-06-23 05:16:36 +0000 |
| commit | 528bd53c0cc743655a6747db3a4d672c6098ca67 (patch) | |
| tree | b1d6879de63ee62cdb2c8342dff0c4f0fba6cd19 /bin/systrace/intercept.c | |
| parent | 2ff9215ae085c0961f6425b9bbae0fc6b5e5d9a0 (diff) | |
a few fixes to systrace
- add an exec message so that whenever a set-uid/gid process
exec's a new image which we may control, the exec does not
go by unnoticed.
- take special care to check for P_SUGIDEXEC as well as
P_SUGID, corresponding to the same changes that were made in
the ptrace code a while ago
ok niels@, sturm@; thanks to naddy for testing
Diffstat (limited to 'bin/systrace/intercept.c')
| -rw-r--r-- | bin/systrace/intercept.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/bin/systrace/intercept.c b/bin/systrace/intercept.c index 0423deb6d68..2f9db0716ea 100644 --- a/bin/systrace/intercept.c +++ b/bin/systrace/intercept.c @@ -1,4 +1,4 @@ -/* $OpenBSD: intercept.c,v 1.46 2004/03/30 15:43:20 sturm Exp $ */ +/* $OpenBSD: intercept.c,v 1.47 2004/06/23 05:16:35 marius Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -829,17 +829,10 @@ intercept_syscall_result(int fd, pid_t pid, u_int16_t seqnr, int policynr, icpid = intercept_getpid(pid); if (!strcmp("execve", name)) { - - /* Commit the name of the new image */ - if (icpid->name) - free(icpid->name); - icpid->name = icpid->newname; + intercept_newimage(fd, pid, policynr, + emulation, icpid->newname, icpid); + free(icpid->newname); icpid->newname = NULL; - - if (intercept_newimagecb != NULL) - (*intercept_newimagecb)(fd, pid, policynr, emulation, - icpid->name, intercept_newimagecbarg); - } out: @@ -847,6 +840,24 @@ intercept_syscall_result(int fd, pid_t pid, u_int16_t seqnr, int policynr, intercept.answer(fd, pid, seqnr, 0, 0, 0, NULL); } +void +intercept_newimage(int fd, pid_t pid, int policynr, + const char *emulation, char *newname, struct intercept_pid *icpid) +{ + if (icpid == NULL) + icpid = intercept_getpid(pid); + + if (icpid->name) + free(icpid->name); + if ((icpid->name = strdup(newname)) == NULL) + err(1, "%s:%d: strdup", __func__, __LINE__); + + if (intercept_newimagecb != NULL) + (*intercept_newimagecb)(fd, pid, policynr, emulation, + icpid->name, intercept_newimagecbarg); +} + + int intercept_newpolicy(int fd) { |