PERFORCE change 16023 for review
Robert Watson
rwatson at freebsd.org
Thu Aug 15 14:19:08 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16023
Change 16023 by rwatson at rwatson_tislabs on 2002/08/15 07:18:49
Move the invocation of mac_cred_mmapped_drop_perms() to outside
of the proc locking window during a process credential update,
closing a race condition opened when mmap revocation was
introduced. Otherwise, we were susceptible to
check-check-change-change races that violated policy module
invariants. The revocation now occurs after the atomic proc
credential update prior to re-entering userland and the
thread changing the credential re-gaining control.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#242 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#242 (text+ko) ====
@@ -2271,7 +2271,6 @@
{
MAC_PERFORM(relabel_cred, cred, newlabel);
- mac_cred_mmapped_drop_perms(curthread, cred);
}
void
@@ -3003,8 +3002,6 @@
/*
* MPSAFE
- *
- * XXX: Needs to be re-written for proc locking.
*/
int
__mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
@@ -3039,12 +3036,19 @@
setsugid(p);
crcopy(newcred, oldcred);
- PROC_UNLOCK(p);
mac_relabel_cred(newcred, &intlabel);
+ p->p_ucred = newcred;
- PROC_LOCK(p);
- p->p_ucred = newcred;
+ /*
+ * Grab additional reference for use while revoking mmaps, prior
+ * to releasing the proc lock and sharing the cred.
+ */
+ crhold(newcred);
PROC_UNLOCK(p);
+
+ mac_cred_mmapped_drop_perms(td, newcred);
+
+ crfree(newcred); /* Free revocation reference. */
crfree(oldcred);
mac_destroy_temp(&intlabel);
return (0);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list