aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-07-30 15:43:17 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-07-30 15:43:17 +0000
commit45ce708fb9758901980e06618b2eaeb8005ae348 (patch)
tree3d34515df190f7d3681263450c7224151ddc323f
parentd026fbec2d97da51dadc1cb032b44ba65ff0c0b8 (diff)
downloadsrc-45ce708fb9758901980e06618b2eaeb8005ae348.tar.gz
src-45ce708fb9758901980e06618b2eaeb8005ae348.zip
MFC sys/kern/kern_exec.c 1.178: Fix ordering of set-(user|group)-ID checks.
Notes
Notes: svn path=/releng/4.4/; revision=100952
-rw-r--r--UPDATING6
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/kern/kern_exec.c3
3 files changed, 8 insertions, 3 deletions
diff --git a/UPDATING b/UPDATING
index edcfc62d6c34..10792b7562bf 100644
--- a/UPDATING
+++ b/UPDATING
@@ -10,7 +10,7 @@ Release.
This is for the 4.4 release branch. All entries since 4.4 are an
itemized list of commits to this branch, numbered from the beginning.
-By this count, we're at 4.4-RELEASE-p15.
+By this count, we're at 4.4-RELEASE-p17.
The security advisories related to various patches contain information
on how to build/install a minimal set of binaries and start/stop a
@@ -18,6 +18,10 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20020730: p17 FreeBSD-SA-02:23.stdio.v1.2
+ A bug in the previous patch for the vulnerability described
+ in FreeBSD-SA-02:23.stdio was found and corrected.
+
20020715: p16
Upgrade to BIND 8.3.3
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 03d0dc107019..c0ee546323a5 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.4"
-BRANCH="RELEASE-p16"
+BRANCH="RELEASE-p17"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 0e546f71f9fe..e84027eaae7d 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -323,6 +323,8 @@ interpret:
vrele(p->p_tracep);
p->p_tracep = NULL;
}
+ /* Close any file descriptors 0..2 that reference procfs */
+ setugidsafety(p);
/* Make sure file descriptors 0..2 are in use. */
error = fdcheckstd(p);
if (error != 0)
@@ -335,7 +337,6 @@ interpret:
change_euid(p, attr.va_uid);
if (attr.va_mode & VSGID)
p->p_ucred->cr_gid = attr.va_gid;
- setugidsafety(p);
} else {
if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
p->p_ucred->cr_gid == p->p_cred->p_rgid)