summaryrefslogtreecommitdiff
path: root/sys/kern/kern_exec.c
AgeCommit message (Collapse)Author
2003-06-02stackgap_random becomes 64KTheo de Raadt
2003-05-17Typos; from Julien Bordet <zejames@greyhats.org>Alexander Yurchenko
Close PR 3262
2003-04-14There are two related changes.Artur Grabowski
The first one is an mquery(2) syscall. It's for asking the VM system about where to map things. It will be used by ld.so, read the man page for details. The second change is related and is a centralization of uvm_map hint that all callers of uvm_map calculated. This will allow us to adjust this hint on architectures that have segments for non-exec mappings. deraadt@ drahn@ ok.
2003-03-09Make the semantics of the P_SUGIDEXEC flag match the issetugid(2)Todd C. Miller
man page. Instead of just clearing P_SUGIDEXEC if real and effective uids/gids matched, we now set P_SUGIDEXEC if there is a mismatch in the real, effective, or saved uid/gid and clear it otherwise. deraadt@ and tholo@ OK.
2002-12-11descructive -> destructiveMiod Vallat
2002-12-04No need to exit the process twice. exit1() can't fail.Artur Grabowski
2002-11-09fix a commentMichael Shalayeff
2002-10-06Move out the execution of vmcmds into a separate function.Artur Grabowski
2002-09-23Add support for vmcmds that load sections relative to a base section.Artur Grabowski
You mark one section with VMCMD_BASE and the rest are marked RELATIVE. Use that to load ELF interpreter correctly in all cases. Inspired by NetBSD. Great debugging help from drahn@ deraadt@ ok
2002-08-22Change the vnode locking in exec to not keep the vnode locked almost allArtur Grabowski
the time. This could lead to problems when a process wants to do an exec on the same vnode it's being run from and needs to copy in arguments from an uncached page in the data segment. When that happens uvm detects a vnode deadlock and returns an error causing execve() return EFAULT. This fixes the regress test in regress/sys/kern/exec_self Also, initialize scriptvp early in exec_script because it could be used uninitialized in a failure case.
2002-07-25Compare with the same type. ok deraadt@Thomas Nordin
2002-07-20Instead of copying out the signal trampoline on top of the stack, createArtur Grabowski
an uvm aobj, copy out the signal trampoline into it and share that page among all processes for the same emulation. This also requires us to actually be able to tell signal code where the trampoline is located, so introduce a new field in struct proc - p_sigcode that is a pointer to sigcode. This allows us to remove all the ugly calculations of the signal trampoline address done in every sendsig function in the tree (that's why so many files are changed). Tested by various people. ok deraadt@
2002-05-02Cause the exec to fail if we are unable to allocate resources when dup'ingTodd C. Miller
/dev/null to fd's 0-2 for a setuid program; deraadt@ and art@ OK
2002-03-14invalid argv causes efault, not einval; form daniel@lucq.orgMichael Shalayeff
2002-02-17Enable stackgap_random. Set it initially to 1k.Artur Grabowski
2002-02-08- Rename FILE_{,UN}USE to FREF and FRELE. USE is a bad verb and we don't haveArtur Grabowski
the same semantics as NetBSD anyway, so it's good to avoid name collissions. - Always fdremove before freeing the file, not the other way around. - falloc FREFs the file. - have FILE_SET_MATURE FRELE the file (It feels like a good ortogonality to falloc FREFing the file). - Use closef as much as possible instead of ffree in error paths of falloc:ing functions. closef is much more careful with the fd and can deal with the fd being forcibly closed by dup2. Also try to avoid manually calling *fo_close when closef can do that for us (this makes some error paths mroe complicated (sys_socketpair and sys_pipe), but others become simpler (sys_open)).
2002-01-20When a process is exec:ing mark it with a flag. Check that flag in ptraceArtur Grabowski
and procfs (and possibly more places in the future) and simply refuse to fiddle with the execing process. This is an ugly hack, but this far we haven't been successful in creating a race-free exec.
2001-12-19UBC was a disaster. It worked very good when it worked, but on someArtur Grabowski
machines or some configurations or in some phase of the moon (we actually don't know when or why) files disappeared. Since we've not been able to track down the problem in two weeks intense debugging and we need -current to be stable, back out everything to a state it had before UBC. We apologise for the inconvenience.
2001-11-27Merge in the unified buffer cache code as found in NetBSD 2001/03/10. TheArtur Grabowski
code is written mostly by Chuck Silvers <chuq@chuq.com>/<chs@netbsd.org>. Tested for the past few weeks by many developers, should be in a pretty stable state, but will require optimizations and additional cleanups.
2001-11-12Bring in more changes from NetBSD. Mostly pagedaemon improvements.Artur Grabowski
2001-11-06Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary.Miod Vallat
(Look ma, I might have broken the tree)
2001-10-26 - every new fd created by falloc() is marked as larval and should not be usedArtur Grabowski
any anyone. Every caller of falloc matures the fd when it's usable. - Since every lookup in the fd table must now check this flag and all of them do the same thing, move all the necessary checks into a function - fd_getfile.
2001-09-19merge vm/vm_kern.h into uvm/uvm_extern.h; art@ okMichael Shalayeff
2001-08-25It makes more sense to have argc stored as a long on the stack,Artur Grabowski
not int. Shouldn't affect any archs except sparc64 (now one step closer to a working userland).
2001-08-18Add a possibility to add a random offset to the stack on exec. This makesArtur Grabowski
it slightly harder to write generic buffer overflows. This doesn't really give any real security, but it raises the bar for script-kiddies and it's really cheap. The range of the random offsets is controlled by the sysctl kern.stackgap_random (must be a power of 2). This is disabled by default right now, but we'll set it to a reasonable value (1024?) soon, after some more testing.
2001-06-27remove old vmArtur Grabowski
2001-06-22Try again. (this time it's tested).Artur Grabowski
Add proc_cansugid that checks if a process may raise it's privileges. Rework exec to remove the old sugid workaround and check proc_cansugid just before raising privileges.
2001-06-22KNFTheo de Raadt
2001-06-19no way, you are on drugs. last commit revoked because it broke setuid majorlyTheo de Raadt
2001-06-18Check is sugid is allowed where we set the P_SUGID* flags.Artur Grabowski
Remove the ugly hack added in last revision.
2001-06-15Avoid a dangerous race.Artur Grabowski
To avoid having a ptrace(2)d process from doing an exec of a suid binary we strip off the suid bits from the executable if the process is traced. Later we P_SUGID{,EXEC} in the process flags that stops further ptrace attempts. The problem is that between the stripping of suid bits and setting P_SUGID{,EXEC} there is a pretty large window where the process can sleep and other processes can attach to it with ptrace. This is a quick fix for that. We set P_SUGID{,EXEC} early and take care to remove them (we don't want the process to become tainted unnecessarily) if exec fails. XXX - exec needs a lot more work, but people are asking for a solution now.
2001-04-01Add a macro to initialize the contents of a vmcmd set.Artur Grabowski
Correctly initialize the vmcmds in linux_exec.
2001-02-22ELF uses more than 5 vmcmds by default, so grow the default vmcmd set sizeArtur Grabowski
to 8. At the same time it seemed like a good idea to avoid to always malloc a new vmcmd array, so put the default sized array into struct exec_vmcmd_set. We might want to make a linked list of vmcmd arrays or exec_vmcmd_sets instead of reallocating them some time in the future, but right now this seems like a waste of time.
2000-11-16support kernel event queues, from FreeBSD by Jonathan Lemon,Niels Provos
okay art@, millert@
2000-11-10Change the ktrace interface functions from taking the trace vnode to taking theArtur Grabowski
traced proc. The vnode is in the proc and all functions need the proc.
2000-09-28When allocating the unallocated file descriptors 0, 1 and 2 for suid execs,Artur Grabowski
don't do it by doing namei on /dev/null. The vnode for the executed file is locked and we had a race where other processes could lock the parent directories up to the root. When the executing process did the lookup on /dev/null it could deadlock on the root vnode while still holding the lock on the executed vnode. Also, it's really bad idea to depend on certain filesystem layout inside the kernel. Now we get the null device vnode by cdevvp(getnulldev(), ... Thanks to Matrin Portmann <map@infinitum.ch> for providing the (large) ktrace that allowed me to track this down. Fixes 1369.
2000-09-26Don't use MALLOC/FREE on variable sized allocations.Artur Grabowski
2000-04-20Add a function "ktrsettracevnode", that changes the ktrace vnode for a processArtur Grabowski
in a correct way. Use it in all places where the vnode was changed. (most of the earlier code was incorrect and had races).
2000-03-23Use the new timeout facilities for ITIMER_REAL.Artur Grabowski
2000-03-22some more machine_stack_grows_upMichael Shalayeff
2000-02-01remove superflous declaration of vnops, it's now in <sys/file.h>assar
2000-01-24fix setregs call for bawkward stacks; does not affect straight caseMichael Shalayeff
2000-01-20set[ug]id, not just setuidTheo de Raadt
2000-01-20when procfs is compiled in, if a setuid process has any of descriptors 0-2Theo de Raadt
open for write on procfs, close it (and, thus, open a /dev/null instead); problem reported by nergal@idea.avet.com.pl, fix by me, thanks for help from millert
2000-01-19do not NULL dereference if fd_nfiles < 3Theo de Raadt
1999-11-05more stack direction fixes; art@ okMichael Shalayeff
1999-08-09Stop profiling (see profil(2)) when we execve() a new process; ross@netbsd.orgTodd C. Miller
1999-07-15Don't destroy sysvshm if the vmspace is shared (only affects uvm)Artur Grabowski
1999-07-15vm_offset_t -> {v,p}addr_t ; vm_size_t -> {v,p}size_tArtur Grabowski
1999-07-13introduce fdremove() to mark a file descriptor as unused. fdremove makesNiels Provos
sure that the fd_freefile hints stay in sync, otherwise free file descriptors might not be overlooked by fdalloc(); ok millert@