aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2014-06-03 19:03:11 +0000
committerXin LI <delphij@FreeBSD.org>2014-06-03 19:03:11 +0000
commit667a868f37054867c5ce0444b0541ea462780b04 (patch)
tree5602df2067fb2cc34187eeaefff071c78a0a0901
parent753be378f33e9a9e4a25845e89fd7a61f97cd495 (diff)
downloadsrc-667a868f37054867c5ce0444b0541ea462780b04.tar.gz
src-667a868f37054867c5ce0444b0541ea462780b04.zip
Fix sendmail improper close-on-exec flag handling. [SA-14:11]
Fix ktrace memory disclosure. [SA-14:12] Fix incorrect error handling in PAM policy parser. [SA-14:13] Fix triple-fault when executing from a threaded process. [EN-14:06] Approved by: so
Notes
Notes: svn path=/releng/9.1/; revision=267018
-rw-r--r--UPDATING14
-rw-r--r--contrib/sendmail/src/conf.c4
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/kern/kern_exec.c9
-rw-r--r--sys/kern/kern_ktrace.c1
-rw-r--r--sys/sys/proc.h1
-rw-r--r--sys/vm/vm_map.c4
7 files changed, 31 insertions, 4 deletions
diff --git a/UPDATING b/UPDATING
index 5313d12868f5..6d082208687b 100644
--- a/UPDATING
+++ b/UPDATING
@@ -9,6 +9,20 @@ handbook.
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20140603: p14 FreeBSD-SA-14:11.sendmail
+ FreeBSD-SA-14:12.ktrace
+ FreeBSD-SA-14:13.pam
+ FreeBSD-EN-14:06.exec
+
+ Fix sendmail improper close-on-exec flag handling. [SA-14:11]
+
+ Fix ktrace memory disclosure. [SA-14:12]
+
+ Fix incorrect error handling in PAM policy parser. [SA-14:13]
+
+ Fix triple-fault when executing from a threaded process.
+ [EN-14:06]
+
20140513: p13 FreeBSD-EN-14:03.pkg
FreeBSD-EN-14:04.kldxref
FreeBSD-EN-14:05.ciss
diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c
index ffc6f205c701..8b1538c67d52 100644
--- a/contrib/sendmail/src/conf.c
+++ b/contrib/sendmail/src/conf.c
@@ -5256,8 +5256,8 @@ closefd_walk(lowest, fd)
*/
void
-sm_close_on_exec(highest, lowest)
- int highest, lowest;
+sm_close_on_exec(lowest, highest)
+ int lowest, highest;
{
#if HASFDWALK
(void) fdwalk(closefd_walk, &lowest);
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 0c858cc9880e..cb698e188ed0 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="9.1"
-BRANCH="RELEASE-p13"
+BRANCH="RELEASE-p14"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 1bb6a115e067..e5175f888d25 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -280,6 +280,7 @@ kern_execve(td, args, mac_p)
struct mac *mac_p;
{
struct proc *p = td->td_proc;
+ struct vmspace *oldvmspace;
int error;
AUDIT_ARG_ARGV(args->begin_argv, args->argc,
@@ -296,6 +297,8 @@ kern_execve(td, args, mac_p)
PROC_UNLOCK(p);
}
+ KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve"));
+ oldvmspace = td->td_proc->p_vmspace;
error = do_execve(td, args, mac_p);
if (p->p_flag & P_HADTHREADS) {
@@ -310,6 +313,12 @@ kern_execve(td, args, mac_p)
thread_single_end();
PROC_UNLOCK(p);
}
+ if ((td->td_pflags & TDP_EXECVMSPC) != 0) {
+ KASSERT(td->td_proc->p_vmspace != oldvmspace,
+ ("oldvmspace still used"));
+ vmspace_free(oldvmspace);
+ td->td_pflags &= ~TDP_EXECVMSPC;
+ }
return (error);
}
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index a070ef2689dc..7718bcdf9e58 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -119,6 +119,7 @@ static int data_lengths[] = {
0, /* KTR_SYSCTL */
sizeof(struct ktr_proc_ctor), /* KTR_PROCCTOR */
0, /* KTR_PROCDTOR */
+ 0, /* unused */
sizeof(struct ktr_fault), /* KTR_FAULT */
sizeof(struct ktr_faultend), /* KTR_FAULTEND */
};
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 3d0d88e1fd8d..e0e619ce7eef 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -968,4 +968,5 @@ curthread_pflags_restore(int save)
#endif /* _KERNEL */
+#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */
#endif /* !_SYS_PROC_H_ */
diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c
index 4f40e15aa9de..644bbe7dd8c4 100644
--- a/sys/vm/vm_map.c
+++ b/sys/vm/vm_map.c
@@ -3631,6 +3631,8 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, vm_offset_t maxuser)
struct vmspace *oldvmspace = p->p_vmspace;
struct vmspace *newvmspace;
+ KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0,
+ ("vmspace_exec recursed"));
newvmspace = vmspace_alloc(minuser, maxuser);
if (newvmspace == NULL)
return (ENOMEM);
@@ -3647,7 +3649,7 @@ vmspace_exec(struct proc *p, vm_offset_t minuser, vm_offset_t maxuser)
PROC_VMSPACE_UNLOCK(p);
if (p == curthread->td_proc)
pmap_activate(curthread);
- vmspace_free(oldvmspace);
+ curthread->td_pflags |= TDP_EXECVMSPC;
return (0);
}