upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

sysent: allow ABI to disable setid on exec.

Browse source 
(cherry picked from commit 2d423f7671)
This commit is contained in:
Konstantin Belousov 2021-01-14 15:38:29 +02:00
parent 0379dc900e
commit ff59c9de32
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/kern/kern_exec.c
View file

@ -774,6 +774,10 @@ interpret:
signotify(td);
}
if (imgp->sysent->sv_setid_allowed != NULL &&
!(*imgp->sysent->sv_setid_allowed)(td, imgp))
execve_nosetid(imgp);
/*
* Implement image setuid/setgid installation.
*/

2
sys/sys/sysent.h
View file

@ -148,6 +148,8 @@ struct sysentvec {
void (*sv_onexec)(struct proc *, struct image_params *);
void (*sv_onexit)(struct proc *);
void (*sv_ontdexit)(struct thread *td);
bool (*sv_setid_allowed)(struct thread *td,
struct image_params *imgp);
};
#define SV_ILP32 0x000100 /* 32-bit executable. */