a few fixes to systrace

- add an exec message so that whenever a set-uid/gid process
  exec's a new image which we may control, the exec does not
  go by unnoticed.

- take special care to check for P_SUGIDEXEC as well as
  P_SUGID, corresponding to the same changes that were made in
  the ptrace code a while ago

ok niels@, sturm@; thanks to naddy for testing

2 files changed, 51 insertions, 4 deletions

diff --git a/sys/kern/exec_script.c b/sys/kern/exec_script.c
index 4ad3847350a..e0af44c583d 100644
--- a/sys/kern/exec_script.c
+++ b/sys/kern/exec_script.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: exec_script.c,v 1.19 2004/05/14 04:00:33 tedu Exp $	*/
+/*	$OpenBSD: exec_script.c,v 1.20 2004/06/23 05:16:35 marius Exp $	*/
 /*	$NetBSD: exec_script.c,v 1.13 1996/02/04 02:15:06 christos Exp $	*/
 
 /*
@@ -46,6 +46,12 @@
 
 #include <sys/exec_script.h>
 
+#include "systrace.h"
+
+#if NSYSTRACE > 0
+#include <dev/systrace.h>
+#endif
+
 #if defined(SETUIDSCRIPTS) && !defined(FDSCRIPTS)
 #define FDSCRIPTS		/* Need this for safe set-id scripts. */
 #endif
@@ -214,8 +220,13 @@ check_shell:
 	if ((epp->ep_flags & EXEC_HASFD) == 0) {
 #endif
 		/* normally can't fail, but check for it if diagnostic */
-		error = copyinstr(epp->ep_name, *tmpsap++, MAXPATHLEN,
+#if NSYSTRACE > 0
+		error = copystr(epp->ep_name, *tmpsap++, MAXPATHLEN,
 		    (size_t *)0);
+#else
+		error = copyinstr(epp->ep_name, *tmpsap++, MAXPATHLEN,
+		    (size_t *)0);		
+#endif
 #ifdef DIAGNOSTIC
 		if (error != 0)
 			panic("exec_script: copyinstr couldn't fail");
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 0075f15bf0f..c7fb1aad5d3 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_exec.c,v 1.86 2004/06/11 12:57:36 mickey Exp $	*/
+/*	$OpenBSD: kern_exec.c,v 1.87 2004/06/23 05:16:35 marius Exp $	*/
 /*	$NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $	*/
 
 /*-
@@ -66,6 +66,12 @@
 
 #include <dev/rndvar.h>
 
+#include "systrace.h"
+
+#if NSYSTRACE > 0
+#include <dev/systrace.h>
+#endif
+
 /*
  * Map the shared signal code.
  */
@@ -255,6 +261,12 @@ sys_execve(p, v, retval)
 	struct vmspace *vm = p->p_vmspace;
 	char **tmpfap;
 	extern struct emul emul_native;
+#if NSYSTRACE > 0
+	int wassugid =
+	    ISSET(p->p_flag, P_SUGID) || ISSET(p->p_flag, P_SUGIDEXEC);
+	char pathbuf[MAXPATHLEN];
+	size_t pathbuflen;
+#endif
 
 	/*
 	 * Cheap solution to complicated problems.
@@ -262,13 +274,25 @@ sys_execve(p, v, retval)
 	 */
 	p->p_flag |= P_INEXEC;
 
+#if NSYSTRACE > 0
+	error = copyinstr(SCARG(uap, path), pathbuf, MAXPATHLEN, &pathbuflen);
+	if (error != 0)
+		goto clrflag;
+
+	NDINIT(&nid, LOOKUP, NOFOLLOW, UIO_SYSSPACE, pathbuf, p);
+#else
 	/* init the namei data to point the file user's program name */
 	NDINIT(&nid, LOOKUP, NOFOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
+#endif
 
 	/*
 	 * initialize the fields of the exec package.
 	 */
+#if NSYSTRACE > 0
+	pack.ep_name = pathbuf;
+#else
 	pack.ep_name = (char *)SCARG(uap, path);
+#endif
 	pack.ep_hdr = malloc(exec_maxhdrsz, M_EXEC, M_WAITOK);
 	pack.ep_hdrlen = exec_maxhdrsz;
 	pack.ep_hdrvalid = 0;
@@ -622,7 +646,16 @@ sys_execve(p, v, retval)
 	if (KTRPOINT(p, KTR_EMUL))
 		ktremul(p, p->p_emul->e_name);
 #endif
+
 	p->p_flag &= ~P_INEXEC;
+
+#if NSYSTRACE > 0
+	if (ISSET(p->p_flag, P_SYSTRACE) &&
+	    wassugid && !ISSET(p->p_flag, P_SUGID) &&
+	    !ISSET(p->p_flag, P_SUGIDEXEC))
+		systrace_execve(pathbuf, p);
+#endif
+
 	return (0);
 
 bad:
@@ -642,8 +675,11 @@ bad:
 	pool_put(&namei_pool, nid.ni_cnd.cn_pnbuf);
 	uvm_km_free_wakeup(exec_map, (vaddr_t) argp, NCARGS);
 
-freehdr:
+ freehdr:
 	free(pack.ep_hdr, M_EXEC);
+#if NSYSTRACE > 0
+ clrflag:
+#endif
 	p->p_flag &= ~P_INEXEC;
 	return (error);