Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Remplace kern.shortcorename sysctl with a more flexible ...
details: https://anonhg.NetBSD.org/src/rev/aa53b61b3617
branches: trunk
changeset: 476803:aa53b61b3617
user: bouyer <bouyer%NetBSD.org@localhost>
date: Tue Sep 28 14:47:00 1999 +0000
description:
Remplace kern.shortcorename sysctl with a more flexible sheme,
core filename format, which allow to change the name of the core dump,
and to relocate it in a directory. Credits to Bill Sommerfeld for giving me
the idea :)
The default core filename format can be changed by options DEFCORENAME and/or
kern.defcorename
Create a new sysctl tree, proc, which holds per-process values (for now
the corename format, and resources limits). Process is designed by its pid
at the second level name. These values are inherited on fork, and the corename
fomat is reset to defcorename on suid/sgid exec.
Create a p_sugid() function, to take appropriate actions on suid/sgid
exec (for now set the P_SUGID flag and reset the per-proc corename).
Adjust dosetrlimit() to allow changing limits of one proc by another, with
credential controls.
diffstat:
sys/compat/common/kern_resource_43.c | 4 +-
sys/compat/netbsd32/netbsd32_netbsd.c | 4 +-
sys/compat/svr4/svr4_resource.c | 6 +-
sys/conf/files | 4 +-
sys/kern/init_main.c | 3 +-
sys/kern/kern_exec.c | 4 +-
sys/kern/kern_exit.c | 5 +-
sys/kern/kern_proc.c | 25 +++-
sys/kern/kern_prot.c | 16 +-
sys/kern/kern_resource.c | 34 +++-
sys/kern/kern_sig.c | 63 +++++++-
sys/kern/kern_sysctl.c | 248 +++++++++++++++++++++++++++++++--
sys/sys/proc.h | 3 +-
sys/sys/resource.h | 5 +-
sys/sys/resourcevar.h | 8 +-
sys/sys/sysctl.h | 71 +++++++++-
16 files changed, 432 insertions(+), 71 deletions(-)
diffs (truncated from 975 to 300 lines):
diff -r d619cebf65bc -r aa53b61b3617 sys/compat/common/kern_resource_43.c
--- a/sys/compat/common/kern_resource_43.c Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/compat/common/kern_resource_43.c Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_resource_43.c,v 1.5 1997/10/15 17:03:52 mycroft Exp $ */
+/* $NetBSD: kern_resource_43.c,v 1.6 1999/09/28 14:47:00 bouyer Exp $ */
/*-
* Copyright (c) 1982, 1986, 1991, 1993
@@ -101,5 +101,5 @@
return (error);
lim.rlim_cur = olim.rlim_cur;
lim.rlim_max = olim.rlim_max;
- return (dosetrlimit(p, which, &lim));
+ return (dosetrlimit(p, p->p_cred, which, &lim));
}
diff -r d619cebf65bc -r aa53b61b3617 sys/compat/netbsd32/netbsd32_netbsd.c
--- a/sys/compat/netbsd32/netbsd32_netbsd.c Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/compat/netbsd32/netbsd32_netbsd.c Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_netbsd.c,v 1.17 1999/08/05 18:08:15 thorpej Exp $ */
+/* $NetBSD: netbsd32_netbsd.c,v 1.18 1999/09/28 14:47:02 bouyer Exp $ */
/*
* Copyright (c) 1998 Matthew R. Green
@@ -3591,7 +3591,7 @@
error = copyin((caddr_t)(u_long)SCARG(uap, rlp), &alim, sizeof(struct rlimit));
if (error)
return (error);
- return (dosetrlimit(p, which, &alim));
+ return (dosetrlimit(p, p->p_cred, which, &alim));
}
int
diff -r d619cebf65bc -r aa53b61b3617 sys/compat/svr4/svr4_resource.c
--- a/sys/compat/svr4/svr4_resource.c Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/compat/svr4/svr4_resource.c Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: svr4_resource.c,v 1.4 1999/09/07 18:20:19 christos Exp $ */
+/* $NetBSD: svr4_resource.c,v 1.5 1999/09/28 14:47:02 bouyer Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -185,7 +185,7 @@
else if (slim.rlim_cur == SVR4_RLIM_SAVED_CUR)
blim.rlim_cur = limp->rlim_cur;
- return dosetrlimit(p, rl, &blim);
+ return dosetrlimit(p, p->p_cred, rl, &blim);
}
@@ -283,5 +283,5 @@
else if (slim.rlim_cur == SVR4_RLIM64_SAVED_CUR)
blim.rlim_cur = limp->rlim_cur;
- return dosetrlimit(p, rl, &blim);
+ return dosetrlimit(p, p->p_cred, rl, &blim);
}
diff -r d619cebf65bc -r aa53b61b3617 sys/conf/files
--- a/sys/conf/files Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/conf/files Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: files,v 1.318 1999/09/27 23:44:27 ad Exp $
+# $NetBSD: files,v 1.319 1999/09/28 14:47:02 bouyer Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
@@ -9,7 +9,7 @@
defopt KTRACE
defopt LOCKDEBUG
defopt RTC_OFFSET
-defopt SHORTCORENAME
+defopt DEFCORENAME
defopt UCONSOLE
defopt MULTIPROCESSOR
diff -r d619cebf65bc -r aa53b61b3617 sys/kern/init_main.c
--- a/sys/kern/init_main.c Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/kern/init_main.c Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: init_main.c,v 1.156 1999/09/17 20:11:56 thorpej Exp $ */
+/* $NetBSD: init_main.c,v 1.157 1999/09/28 14:47:03 bouyer Exp $ */
/*
* Copyright (c) 1995 Christopher G. Demetriou. All rights reserved.
@@ -286,6 +286,7 @@
limit0.pl_rlimit[RLIMIT_RSS].rlim_max = i;
limit0.pl_rlimit[RLIMIT_MEMLOCK].rlim_max = i;
limit0.pl_rlimit[RLIMIT_MEMLOCK].rlim_cur = i / 3;
+ limit0.pl_corename = defcorename;
limit0.p_refcnt = 1;
/*
diff -r d619cebf65bc -r aa53b61b3617 sys/kern/kern_exec.c
--- a/sys/kern/kern_exec.c Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/kern/kern_exec.c Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_exec.c,v 1.102 1999/08/09 02:42:20 ross Exp $ */
+/* $NetBSD: kern_exec.c,v 1.103 1999/09/28 14:47:03 bouyer Exp $ */
/*-
* Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
@@ -457,7 +457,7 @@
p->p_ucred->cr_uid = attr.va_uid;
if (attr.va_mode & S_ISGID)
p->p_ucred->cr_gid = attr.va_gid;
- p->p_flag |= P_SUGID;
+ p_sugid(p);
} else
p->p_flag &= ~P_SUGID;
p->p_cred->p_svuid = p->p_ucred->cr_uid;
diff -r d619cebf65bc -r aa53b61b3617 sys/kern/kern_exit.c
--- a/sys/kern/kern_exit.c Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/kern/kern_exit.c Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_exit.c,v 1.73 1999/07/22 21:08:31 thorpej Exp $ */
+/* $NetBSD: kern_exit.c,v 1.74 1999/09/28 14:47:03 bouyer Exp $ */
/*-
* Copyright (c) 1998, 1999 The NetBSD Foundation, Inc.
@@ -326,8 +326,7 @@
* Other substructures are freed from wait().
*/
curproc = NULL;
- if (--p->p_limit->p_refcnt == 0)
- pool_put(&plimit_pool, p->p_limit);
+ limfree(p->p_limit);
/*
* Finally, call machine-dependent code to switch to a new
diff -r d619cebf65bc -r aa53b61b3617 sys/kern/kern_proc.c
--- a/sys/kern/kern_proc.c Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/kern/kern_proc.c Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_proc.c,v 1.34 1999/07/25 06:30:34 thorpej Exp $ */
+/* $NetBSD: kern_proc.c,v 1.35 1999/09/28 14:47:03 bouyer Exp $ */
/*-
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -519,6 +519,29 @@
}
}
+/* mark process as suid/sgid, reset some values do defaults */
+void
+p_sugid(p)
+ struct proc *p;
+{
+ struct plimit *newlim;
+
+ p->p_flag |= P_SUGID;
+ /* reset what needs to be reset in plimit */
+ if (p->p_limit->pl_corename != defcorename) {
+ if (p->p_limit->p_refcnt > 1 &&
+ (p->p_limit->p_lflags & PL_SHAREMOD) == 0) {
+ newlim = limcopy(p->p_limit);
+ limfree(p->p_limit);
+ p->p_limit = newlim;
+ } else {
+ free(p->p_limit->pl_corename, M_TEMP);
+ }
+ p->p_limit->pl_corename = defcorename;
+ }
+}
+
+
#ifdef DEBUG
void
pgrpdump()
diff -r d619cebf65bc -r aa53b61b3617 sys/kern/kern_prot.c
--- a/sys/kern/kern_prot.c Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/kern/kern_prot.c Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_prot.c,v 1.54 1999/04/30 05:30:32 cgd Exp $ */
+/* $NetBSD: kern_prot.c,v 1.55 1999/09/28 14:47:03 bouyer Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993
@@ -335,7 +335,7 @@
pc->pc_ucred->cr_uid = uid;
pc->p_ruid = uid;
pc->p_svuid = uid;
- p->p_flag |= P_SUGID;
+ p_sugid(p);
return (0);
}
@@ -363,7 +363,7 @@
*/
pc->pc_ucred = crcopy(pc->pc_ucred);
pc->pc_ucred->cr_uid = euid;
- p->p_flag |= P_SUGID;
+ p_sugid(p);
return (0);
}
@@ -408,7 +408,7 @@
}
if (euid != (uid_t)-1 && ruid != (uid_t)-1)
- p->p_flag |= P_SUGID;
+ p_sugid(p);
return (0);
}
@@ -434,7 +434,7 @@
pc->pc_ucred->cr_gid = gid;
pc->p_rgid = gid;
pc->p_svgid = gid;
- p->p_flag |= P_SUGID;
+ p_sugid(p);
return (0);
}
@@ -458,7 +458,7 @@
return (error);
pc->pc_ucred = crcopy(pc->pc_ucred);
pc->pc_ucred->cr_gid = egid;
- p->p_flag |= P_SUGID;
+ p_sugid(p);
return (0);
}
@@ -501,7 +501,7 @@
}
if (egid != (gid_t)-1 && rgid != (gid_t)-1)
- p->p_flag |= P_SUGID;
+ p_sugid(p);
return (0);
}
@@ -531,7 +531,7 @@
if (error)
return (error);
pc->pc_ucred->cr_ngroups = ngrp;
- p->p_flag |= P_SUGID;
+ p_sugid(p);
return (0);
}
diff -r d619cebf65bc -r aa53b61b3617 sys/kern/kern_resource.c
--- a/sys/kern/kern_resource.c Tue Sep 28 13:57:45 1999 +0000
+++ b/sys/kern/kern_resource.c Tue Sep 28 14:47:00 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_resource.c,v 1.52 1999/07/25 06:30:34 thorpej Exp $ */
+/* $NetBSD: kern_resource.c,v 1.53 1999/09/28 14:47:03 bouyer Exp $ */
/*-
* Copyright (c) 1982, 1986, 1991, 1993
@@ -56,7 +56,6 @@
#include <uvm/uvm_extern.h>
-void limfree __P((struct plimit *));
/*
* Resource controls and accounting.
*/
@@ -225,17 +224,19 @@
error = copyin(SCARG(uap, rlp), &alim, sizeof(struct rlimit));
if (error)
return (error);
- return (dosetrlimit(p, which, &alim));
+ return (dosetrlimit(p, p->p_cred, which, &alim));
}
int
-dosetrlimit(p, which, limp)
+dosetrlimit(p, cred, which, limp)
struct proc *p;
+ struct pcred *cred;
int which;
struct rlimit *limp;
{
register struct rlimit *alimp;
extern unsigned maxdmap, maxsmap;
+ struct plimit *newplim;
int error;
if ((u_int)which >= RLIM_NLIMITS)
@@ -245,16 +246,22 @@
return (EINVAL);
alimp = &p->p_rlimit[which];
+ /* if we don't change the value, no need to limcopy() */
+ if (limp->rlim_cur == alimp->rlim_cur &&
+ limp->rlim_max == alimp->rlim_max)
+ return 0;
+
if (limp->rlim_cur > alimp->rlim_max ||
limp->rlim_max > alimp->rlim_max)
- if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+ if ((error = suser(cred->pc_ucred, &p->p_acflag)) != 0)
return (error);
if (limp->rlim_cur > limp->rlim_max)
limp->rlim_cur = limp->rlim_max;
if (p->p_limit->p_refcnt > 1 &&
(p->p_limit->p_lflags & PL_SHAREMOD) == 0) {
- p->p_limit->p_refcnt--;
Home |
Main Index |
Thread Index |
Old Index