summaryrefslogtreecommitdiff
path: root/sys/kern/kern_exec.c
AgeCommit message (Collapse)Author
2002-02-17Enable stackgap_random. Set it initially to 1k.Artur Grabowski
2002-02-08- Rename FILE_{,UN}USE to FREF and FRELE. USE is a bad verb and we don't haveArtur Grabowski
the same semantics as NetBSD anyway, so it's good to avoid name collissions. - Always fdremove before freeing the file, not the other way around. - falloc FREFs the file. - have FILE_SET_MATURE FRELE the file (It feels like a good ortogonality to falloc FREFing the file). - Use closef as much as possible instead of ffree in error paths of falloc:ing functions. closef is much more careful with the fd and can deal with the fd being forcibly closed by dup2. Also try to avoid manually calling *fo_close when closef can do that for us (this makes some error paths mroe complicated (sys_socketpair and sys_pipe), but others become simpler (sys_open)).
2002-01-20When a process is exec:ing mark it with a flag. Check that flag in ptraceArtur Grabowski
and procfs (and possibly more places in the future) and simply refuse to fiddle with the execing process. This is an ugly hack, but this far we haven't been successful in creating a race-free exec.
2001-12-19UBC was a disaster. It worked very good when it worked, but on someArtur Grabowski
machines or some configurations or in some phase of the moon (we actually don't know when or why) files disappeared. Since we've not been able to track down the problem in two weeks intense debugging and we need -current to be stable, back out everything to a state it had before UBC. We apologise for the inconvenience.
2001-11-27Merge in the unified buffer cache code as found in NetBSD 2001/03/10. TheArtur Grabowski
code is written mostly by Chuck Silvers <chuq@chuq.com>/<chs@netbsd.org>. Tested for the past few weeks by many developers, should be in a pretty stable state, but will require optimizations and additional cleanups.
2001-11-12Bring in more changes from NetBSD. Mostly pagedaemon improvements.Artur Grabowski
2001-11-06Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary.Miod Vallat
(Look ma, I might have broken the tree)
2001-10-26 - every new fd created by falloc() is marked as larval and should not be usedArtur Grabowski
any anyone. Every caller of falloc matures the fd when it's usable. - Since every lookup in the fd table must now check this flag and all of them do the same thing, move all the necessary checks into a function - fd_getfile.
2001-09-19merge vm/vm_kern.h into uvm/uvm_extern.h; art@ okMichael Shalayeff
2001-08-25It makes more sense to have argc stored as a long on the stack,Artur Grabowski
not int. Shouldn't affect any archs except sparc64 (now one step closer to a working userland).
2001-08-18Add a possibility to add a random offset to the stack on exec. This makesArtur Grabowski
it slightly harder to write generic buffer overflows. This doesn't really give any real security, but it raises the bar for script-kiddies and it's really cheap. The range of the random offsets is controlled by the sysctl kern.stackgap_random (must be a power of 2). This is disabled by default right now, but we'll set it to a reasonable value (1024?) soon, after some more testing.
2001-06-27remove old vmArtur Grabowski
2001-06-22Try again. (this time it's tested).Artur Grabowski
Add proc_cansugid that checks if a process may raise it's privileges. Rework exec to remove the old sugid workaround and check proc_cansugid just before raising privileges.
2001-06-22KNFTheo de Raadt
2001-06-19no way, you are on drugs. last commit revoked because it broke setuid majorlyTheo de Raadt
2001-06-18Check is sugid is allowed where we set the P_SUGID* flags.Artur Grabowski
Remove the ugly hack added in last revision.
2001-06-15Avoid a dangerous race.Artur Grabowski
To avoid having a ptrace(2)d process from doing an exec of a suid binary we strip off the suid bits from the executable if the process is traced. Later we P_SUGID{,EXEC} in the process flags that stops further ptrace attempts. The problem is that between the stripping of suid bits and setting P_SUGID{,EXEC} there is a pretty large window where the process can sleep and other processes can attach to it with ptrace. This is a quick fix for that. We set P_SUGID{,EXEC} early and take care to remove them (we don't want the process to become tainted unnecessarily) if exec fails. XXX - exec needs a lot more work, but people are asking for a solution now.
2001-04-01Add a macro to initialize the contents of a vmcmd set.Artur Grabowski
Correctly initialize the vmcmds in linux_exec.
2001-02-22ELF uses more than 5 vmcmds by default, so grow the default vmcmd set sizeArtur Grabowski
to 8. At the same time it seemed like a good idea to avoid to always malloc a new vmcmd array, so put the default sized array into struct exec_vmcmd_set. We might want to make a linked list of vmcmd arrays or exec_vmcmd_sets instead of reallocating them some time in the future, but right now this seems like a waste of time.
2000-11-16support kernel event queues, from FreeBSD by Jonathan Lemon,Niels Provos
okay art@, millert@
2000-11-10Change the ktrace interface functions from taking the trace vnode to taking theArtur Grabowski
traced proc. The vnode is in the proc and all functions need the proc.
2000-09-28When allocating the unallocated file descriptors 0, 1 and 2 for suid execs,Artur Grabowski
don't do it by doing namei on /dev/null. The vnode for the executed file is locked and we had a race where other processes could lock the parent directories up to the root. When the executing process did the lookup on /dev/null it could deadlock on the root vnode while still holding the lock on the executed vnode. Also, it's really bad idea to depend on certain filesystem layout inside the kernel. Now we get the null device vnode by cdevvp(getnulldev(), ... Thanks to Matrin Portmann <map@infinitum.ch> for providing the (large) ktrace that allowed me to track this down. Fixes 1369.
2000-09-26Don't use MALLOC/FREE on variable sized allocations.Artur Grabowski
2000-04-20Add a function "ktrsettracevnode", that changes the ktrace vnode for a processArtur Grabowski
in a correct way. Use it in all places where the vnode was changed. (most of the earlier code was incorrect and had races).
2000-03-23Use the new timeout facilities for ITIMER_REAL.Artur Grabowski
2000-03-22some more machine_stack_grows_upMichael Shalayeff
2000-02-01remove superflous declaration of vnops, it's now in <sys/file.h>assar
2000-01-24fix setregs call for bawkward stacks; does not affect straight caseMichael Shalayeff
2000-01-20set[ug]id, not just setuidTheo de Raadt
2000-01-20when procfs is compiled in, if a setuid process has any of descriptors 0-2Theo de Raadt
open for write on procfs, close it (and, thus, open a /dev/null instead); problem reported by nergal@idea.avet.com.pl, fix by me, thanks for help from millert
2000-01-19do not NULL dereference if fd_nfiles < 3Theo de Raadt
1999-11-05more stack direction fixes; art@ okMichael Shalayeff
1999-08-09Stop profiling (see profil(2)) when we execve() a new process; ross@netbsd.orgTodd C. Miller
1999-07-15Don't destroy sysvshm if the vmspace is shared (only affects uvm)Artur Grabowski
1999-07-15vm_offset_t -> {v,p}addr_t ; vm_size_t -> {v,p}size_tArtur Grabowski
1999-07-13introduce fdremove() to mark a file descriptor as unused. fdremove makesNiels Provos
sure that the fd_freefile hints stay in sync, otherwise free file descriptors might not be overlooked by fdalloc(); ok millert@
1999-06-23Improved sysv shared memory. Works with UVM.Artur Grabowski
Original work done in FreeBSD, but this code was ported from NetBSD by Chuck Cranor.
1999-06-03use __sparc__ just in caseTheo de Raadt
1999-04-22uvmspace_exec can change p_vmspace!Artur Grabowski
1999-02-26vm allocation changes for uvm.Artur Grabowski
Call uvmspace_exec instead of manually cleaning up.
1998-09-24pretty up previous fixArtur Grabowski
1998-09-23use the same flags for f_flag as there were used for vn_open, otherwise ↵Artur Grabowski
vn_close will not decrease v_writecount for the vnode causing panics
1998-07-28Return EINVAL when msg_iovlen or iovcnt <= 0; Make uio_resid unsigned ↵Todd C. Miller
(size_t) and don't return EINVAL if it is < 0 in sys_{read,write}. Remove check for uio_resid < 0 uiomove() now that uio_resid is unsigned and brack remaining panics with #ifdef DIAGNOSTIC. vn_rdwr() must now take a size_t * as its 9th argument so change that and clean up uses of vn_rdwr(). Fixes 549 + more
1998-07-08open fd1 and fd2 as FREAD|FWRITETheo de Raadt
1998-07-02I suppose debugging code can be removedTheo de Raadt
1998-07-02for sugid procs ensure that fd 0-2 are allocated slots (by pointing atTheo de Raadt
/dev/null -- future patch will use a dead vnode of some sort) to prevent reuse (ie. new allocations) of these fd which libc makes many assumptions about; problem noted by James Youngman
1998-06-27securelevels do NOT protect running binaries; only filesystem activityTheo de Raadt
1998-06-09if we are being ptraced, do not permit execve of an immutable binaryTheo de Raadt
1998-02-20KNFNiklas Hallqvist
1998-02-08Updates to match type changes in syscall tablesThorsten Lockert