PERFORCE change 15347 for review
John Baldwin
jhb at freebsd.org
Thu Aug 1 14:11:59 GMT 2002
On 31-Jul-2002 Brian Feldman wrote:
> http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15347
>
> Change 15347 by green at green_laptop_2 on 2002/07/31 14:31:24
>
> mac_cred_canexec() no longer exists; use mac_check_vnode_exec().
Dropping the proc lock invalidates the credential changes and any
earlier credential changes you just made unless you ensure that the
process is single threaded before you do any of the credential
checks and before you get here.
> Affected files ...
>
> .. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 edit
>
> Differences ...
>
> ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 (text+ko) ====
>
> @@ -398,10 +398,12 @@
> attr.va_gid;
>
> #ifdef MAC
> + PROC_UNLOCK(p);
> vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
> will_transition = mac_execve_will_transition(oldcred, imgp->vp);
> credential_changing |= will_transition;
> VOP_UNLOCK(imgp->vp, 0, td);
> + PROC_LOCK(p);
> #endif
>
> if (credential_changing &&
> @@ -438,11 +440,13 @@
> change_egid(newcred, attr.va_gid);
> #ifdef MAC
> if (will_transition) {
> + PROC_UNLOCK(p);
> vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
> mac_execve_transition(oldcred, newcred, imgp->vp);
> VOP_UNLOCK(imgp->vp, 0, td);
> + PROC_LOCK(p);
> }
> -#endif
> +#endif /* MAC */
> /*
> * Implement correct POSIX saved-id behavior.
> */
--
John Baldwin <jhb at FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list