#include <sys/timeb.h>
#include <sys/times.h>
#include <sys/malloc.h>
-
-#define chgproccnt_ok(p) 1
+#include <sys/persona.h>
#include <security/audit/audit.h>
* XXX: Belongs in kern_proc.c
*/
int
-setpgid(proc_t curp, register struct setpgid_args *uap, __unused int32_t *retval)
+setpgid(proc_t curp, struct setpgid_args *uap, __unused int32_t *retval)
{
proc_t targp = PROC_NULL; /* target process */
struct pgrp *pg = PGRP_NULL; /* target pgrp */
* real, effective, or saved user or group IDs since beginning
* execution.
*/
+int
+proc_issetugid (proc_t p)
+{
+ return (p->p_flag & P_SUGID) ? 1 : 0;
+}
+
int
issetugid(proc_t p, __unused struct issetugid_args *uap, int32_t *retval)
{
* that libc *might* have put in their data segment.
*/
- *retval = (p->p_flag & P_SUGID) ? 1 : 0;
+ *retval = proc_issetugid(p);
return (0);
}
* may be able to decrement the proc count of B before we can increment it. This results in a panic.
* Incrementing the proc count of the target ruid, B, before setting the process credentials prevents this race.
*/
- if (ruid != KAUTH_UID_NONE && chgproccnt_ok(p)) {
+ if (ruid != KAUTH_UID_NONE && !proc_has_persona(p)) {
(void)chgproccnt(ruid, 1);
}
- proc_lock(p);
+ proc_ucred_lock(p);
/*
* We need to protect for a race where another thread
* also changed the credential after we took our
* Note: the kauth_cred_setresuid has consumed a reference to my_cred, it p_ucred != my_cred, then my_cred must not be dereferenced!
*/
if (p->p_ucred != my_cred) {
- proc_unlock(p);
+ proc_ucred_unlock(p);
/*
* We didn't successfully switch to the new ruid, so decrement
* the procs/uid count that we incremented above.
*/
- if (ruid != KAUTH_UID_NONE && chgproccnt_ok(p)) {
+ if (ruid != KAUTH_UID_NONE && !proc_has_persona(p)) {
(void)chgproccnt(ruid, -1);
}
kauth_cred_unref(&my_new_cred);
PROC_UPDATE_CREDS_ONPROC(p);
OSBitOrAtomic(P_SUGID, &p->p_flag);
- proc_unlock(p);
+ proc_ucred_unlock(p);
/*
* If we've updated the ruid, decrement the count of procs running
* under the previous ruid
*/
- if (ruid != KAUTH_UID_NONE && chgproccnt_ok(p)) {
+ if (ruid != KAUTH_UID_NONE && !proc_has_persona(p)) {
(void)chgproccnt(my_pcred->cr_ruid, -1);
}
}
DEBUG_CRED_CHANGE("seteuid CH(%d): %p/0x%08x -> %p/0x%08x\n", p->p_pid, my_cred, my_pcred->cr_flags, my_new_cred, posix_cred_get(my_new_cred)->cr_flags);
- proc_lock(p);
+ proc_ucred_lock(p);
/*
* We need to protect for a race where another thread
* also changed the credential after we took our
* should restart this again with the new cred.
*/
if (p->p_ucred != my_cred) {
- proc_unlock(p);
+ proc_ucred_unlock(p);
kauth_cred_unref(&my_new_cred);
my_cred = kauth_cred_proc_ref(p);
my_pcred = posix_cred_get(my_cred);
/* update cred on proc */
PROC_UPDATE_CREDS_ONPROC(p);
OSBitOrAtomic(P_SUGID, &p->p_flag);
- proc_unlock(p);
+ proc_ucred_unlock(p);
}
break;
}
* may be able to decrement the proc count of B before we can increment it. This results in a panic.
* Incrementing the proc count of the target ruid, B, before setting the process credentials prevents this race.
*/
- if (ruid != KAUTH_UID_NONE && chgproccnt_ok(p)) {
+ if (ruid != KAUTH_UID_NONE && !proc_has_persona(p)) {
(void)chgproccnt(ruid, 1);
}
- proc_lock(p);
+ proc_ucred_lock(p);
/*
* We need to protect for a race where another thread
* also changed the credential after we took our
* Note: the kauth_cred_setresuid has consumed a reference to my_cred, it p_ucred != my_cred, then my_cred must not be dereferenced!
*/
if (p->p_ucred != my_cred) {
- proc_unlock(p);
- if (ruid != KAUTH_UID_NONE && chgproccnt_ok(p)) {
+ proc_ucred_unlock(p);
+ if (ruid != KAUTH_UID_NONE && !proc_has_persona(p)) {
/*
* We didn't successfully switch to the new ruid, so decrement
* the procs/uid count that we incremented above.
/* update cred on proc */
PROC_UPDATE_CREDS_ONPROC(p);
OSBitOrAtomic(P_SUGID, &p->p_flag);
- proc_unlock(p);
+ proc_ucred_unlock(p);
- if (ruid != KAUTH_UID_NONE && chgproccnt_ok(p)) {
+ if (ruid != KAUTH_UID_NONE && !proc_has_persona(p)) {
/*
* We switched to a new ruid, so decrement the count of procs running
* under the previous ruid
DEBUG_CRED_CHANGE("setgid(CH)%d: %p/0x%08x->%p/0x%08x\n", p->p_pid, my_cred, my_cred->cr_flags, my_new_cred, my_new_cred->cr_flags);
- proc_lock(p);
+ proc_ucred_lock(p);
/*
* We need to protect for a race where another thread
* also changed the credential after we took our
* should restart this again with the new cred.
*/
if (p->p_ucred != my_cred) {
- proc_unlock(p);
+ proc_ucred_unlock(p);
kauth_cred_unref(&my_new_cred);
/* try again */
my_cred = kauth_cred_proc_ref(p);
/* update cred on proc */
PROC_UPDATE_CREDS_ONPROC(p);
OSBitOrAtomic(P_SUGID, &p->p_flag);
- proc_unlock(p);
+ proc_ucred_unlock(p);
}
break;
}
DEBUG_CRED_CHANGE("setegid(CH)%d: %p/0x%08x->%p/0x%08x\n", p->p_pid, my_cred, my_pcred->cr_flags, my_new_cred, posix_cred_get(my_new_cred)->cr_flags);
- proc_lock(p);
+ proc_ucred_lock(p);
/*
* We need to protect for a race where another thread
* also changed the credential after we took our
* should restart this again with the new cred.
*/
if (p->p_ucred != my_cred) {
- proc_unlock(p);
+ proc_ucred_unlock(p);
kauth_cred_unref(&my_new_cred);
/* try again */
my_cred = kauth_cred_proc_ref(p);
/* update cred on proc */
PROC_UPDATE_CREDS_ONPROC(p);
OSBitOrAtomic(P_SUGID, &p->p_flag);
- proc_unlock(p);
+ proc_ucred_unlock(p);
}
break;
}
DEBUG_CRED_CHANGE("setregid(CH)%d: %p/0x%08x->%p/0x%08x\n", p->p_pid, my_cred, my_pcred->cr_flags, my_new_cred, posix_cred_get(my_new_cred)->cr_flags);
- proc_lock(p);
+ proc_ucred_lock(p);
/* need to protect for a race where another thread
* also changed the credential after we took our
* reference. If p_ucred has changed then we
* should restart this again with the new cred.
*/
if (p->p_ucred != my_cred) {
- proc_unlock(p);
+ proc_ucred_unlock(p);
kauth_cred_unref(&my_new_cred);
/* try again */
my_cred = kauth_cred_proc_ref(p);
/* update cred on proc */
PROC_UPDATE_CREDS_ONPROC(p);
OSBitOrAtomic(P_SUGID, &p->p_flag); /* XXX redundant? */
- proc_unlock(p);
+ proc_ucred_unlock(p);
}
break;
}
DEBUG_CRED_CHANGE("setgroups1(CH)%d: %p/0x%08x->%p/0x%08x\n", p->p_pid, my_cred, my_cred->cr_flags, my_new_cred, my_new_cred->cr_flags);
- proc_lock(p);
+ proc_ucred_lock(p);
/*
* We need to protect for a race where another
* thread also changed the credential after we
* with the new cred.
*/
if (p->p_ucred != my_cred) {
- proc_unlock(p);
+ proc_ucred_unlock(p);
kauth_cred_unref(&my_new_cred);
my_cred = kauth_cred_proc_ref(p);
/* try again */
/* update cred on proc */
PROC_UPDATE_CREDS_ONPROC(p);
OSBitOrAtomic(P_SUGID, &p->p_flag);
- proc_unlock(p);
+ proc_ucred_unlock(p);
}
break;
}
*/
int
set_security_token(proc_t p)
+{
+ return set_security_token_task_internal(p, p->task);
+}
+
+/*
+ * Set the secrity token of the task with current euid and eguid
+ * The function takes a proc and a task, where proc->task might point to a
+ * different task if called from exec.
+ */
+
+int
+set_security_token_task_internal(proc_t p, void *t)
{
security_token_t sec_token;
audit_token_t audit_token;
kauth_cred_t my_cred;
posix_cred_t my_pcred;
host_priv_t host_priv;
+ task_t task = t;
/*
* Don't allow a vfork child to override the parent's token settings
* suffer along using the parent's token until the exec(). It's all
* undefined behavior anyway, right?
*/
- if (p->task == current_task()) {
+ if (task == current_task()) {
uthread_t uthread;
uthread = (uthread_t)get_bsdthread_info(current_thread());
if (uthread->uu_flag & UT_VFORK)
/*
* Update the pid an proc name for importance base if any
*/
- task_importance_update_owner_info(p->task);
+ task_importance_update_owner_info(task);
#endif
return (host_security_set_task_token(host_security_self(),
- p->task,
+ task,
sec_token,
audit_token,
host_priv) != KERN_SUCCESS);