svn commit: r294903 - in stable/9/sys: amd64/linux32 dev/usb/wlan i386/linux

Xin LI delphij at FreeBSD.org
Wed Jan 27 07:34:25 UTC 2016 

Author: delphij
Date: Wed Jan 27 07:34:23 2016
New Revision: 294903
URL: https://svnweb.freebsd.org/changeset/base/294903

Log:
  MFC r294900:
  
  Implement AT_SECURE properly.
  
  AT_SECURE auxv entry has been added to the Linux 2.5 kernel to pass a
  boolean flag indicating whether secure mode should be enabled. 1 means
  that the program has changes its credentials during the execution.
  Being exported AT_SECURE used by glibc issetugid() call.
  
  Submitted by:	imp, dchagin
  Security:	FreeBSD-SA-16:10.linux
  Security:	CVE-2016-1883

Modified:
  stable/9/sys/amd64/linux32/linux32_sysvec.c
  stable/9/sys/i386/linux/linux_sysvec.c
Directory Properties:
  stable/9/sys/   (props changed)
  stable/9/sys/amd64/include/xen/   (props changed)
  stable/9/sys/boot/   (props changed)
  stable/9/sys/boot/forth/   (props changed)
  stable/9/sys/boot/i386/efi/   (props changed)
  stable/9/sys/boot/i386/gptboot/   (props changed)
  stable/9/sys/boot/ia64/efi/   (props changed)
  stable/9/sys/boot/ia64/ski/   (props changed)
  stable/9/sys/boot/powerpc/boot1.chrp/   (props changed)
  stable/9/sys/boot/powerpc/ofw/   (props changed)
  stable/9/sys/cddl/contrib/opensolaris/   (props changed)
  stable/9/sys/conf/   (props changed)
  stable/9/sys/contrib/dev/acpica/   (props changed)
  stable/9/sys/contrib/dev/run/   (props changed)
  stable/9/sys/contrib/octeon-sdk/   (props changed)
  stable/9/sys/contrib/pf/   (props changed)
  stable/9/sys/contrib/x86emu/   (props changed)
  stable/9/sys/dev/   (props changed)
  stable/9/sys/dev/e1000/   (props changed)
  stable/9/sys/dev/isp/   (props changed)
  stable/9/sys/dev/ixgbe/   (props changed)
  stable/9/sys/dev/puc/   (props changed)
  stable/9/sys/dev/usb/wlan/if_run.c   (props changed)
  stable/9/sys/dev/usb/wlan/if_runreg.h   (props changed)
  stable/9/sys/fs/   (props changed)
  stable/9/sys/fs/ntfs/   (props changed)
  stable/9/sys/modules/   (props changed)
  stable/9/sys/modules/ixgbe/   (props changed)
  stable/9/sys/modules/svr4/   (props changed)
  stable/9/sys/net/   (props changed)
  stable/9/sys/netpfil/   (props changed)
  stable/9/sys/sys/   (props changed)

Modified: stable/9/sys/amd64/linux32/linux32_sysvec.c
==============================================================================
--- stable/9/sys/amd64/linux32/linux32_sysvec.c	Wed Jan 27 07:34:00 2016	(r294902)
+++ stable/9/sys/amd64/linux32/linux32_sysvec.c	Wed Jan 27 07:34:23 2016	(r294903)
@@ -247,6 +247,7 @@ elf_linux_fixup(register_t **stack_base,
 	Elf32_Addr *base;
 	Elf32_Addr *pos, *uplatform;
 	struct linux32_ps_strings *arginfo;
+	int issetugid;
 
 	arginfo = (struct linux32_ps_strings *)LINUX32_PS_STRINGS;
 	uplatform = (Elf32_Addr *)((caddr_t)arginfo - linux_szplatform);
@@ -257,6 +258,7 @@ elf_linux_fixup(register_t **stack_base,
 	args = (Elf32_Auxargs *)imgp->auxargs;
 	pos = base + (imgp->args->argc + imgp->args->envc + 2);
 
+	issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0;
 	AUXARGS_ENTRY_32(pos, LINUX_AT_HWCAP, cpu_feature);
 
 	/*
@@ -276,7 +278,7 @@ elf_linux_fixup(register_t **stack_base,
 	AUXARGS_ENTRY_32(pos, AT_FLAGS, args->flags);
 	AUXARGS_ENTRY_32(pos, AT_ENTRY, args->entry);
 	AUXARGS_ENTRY_32(pos, AT_BASE, args->base);
-	AUXARGS_ENTRY_32(pos, LINUX_AT_SECURE, 0);
+	AUXARGS_ENTRY_32(pos, LINUX_AT_SECURE, issetugid);
 	AUXARGS_ENTRY_32(pos, AT_UID, imgp->proc->p_ucred->cr_ruid);
 	AUXARGS_ENTRY_32(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid);
 	AUXARGS_ENTRY_32(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);

Modified: stable/9/sys/i386/linux/linux_sysvec.c
==============================================================================
--- stable/9/sys/i386/linux/linux_sysvec.c	Wed Jan 27 07:34:00 2016	(r294902)
+++ stable/9/sys/i386/linux/linux_sysvec.c	Wed Jan 27 07:34:23 2016	(r294903)
@@ -243,11 +243,13 @@ elf_linux_fixup(register_t **stack_base,
 	Elf32_Addr *uplatform;
 	struct ps_strings *arginfo;
 	register_t *pos;
+	int issetugid;
 
 	KASSERT(curthread->td_proc == imgp->proc,
 	    ("unsafe elf_linux_fixup(), should be curproc"));
 
 	p = imgp->proc;
+	issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0;
 	arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
 	uplatform = (Elf32_Addr *)((caddr_t)arginfo - linux_szplatform);
 	args = (Elf32_Auxargs *)imgp->auxargs;
@@ -272,7 +274,7 @@ elf_linux_fixup(register_t **stack_base,
 	AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
 	AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
 	AUXARGS_ENTRY(pos, AT_BASE, args->base);
-	AUXARGS_ENTRY(pos, LINUX_AT_SECURE, 0);
+	AUXARGS_ENTRY(pos, LINUX_AT_SECURE, issetugid);
 	AUXARGS_ENTRY(pos, AT_UID, imgp->proc->p_ucred->cr_ruid);
 	AUXARGS_ENTRY(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid);
 	AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);

More information about the svn-src-stable-9 mailing list