Attachment 6978 Details for Bug 15435 – file.diff

[patch] file.diff

file.diff (text/plain), 1.50 KB, created by borjam on 1999-12-12 10:30:01 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: borjam

Created: 1999-12-12 10:30:01 UTC

Size: 1.50 KB

patch

obsolete

>*** kern_exec.c	Sun Oct 31 00:50:32 1999
>--- kern_exec.c.new	Sun Oct 31 02:05:55 1999
>***************
>*** 34,39 ****
>--- 34,40 ----
>  #include <sys/mount.h>
>  #include <sys/filedesc.h>
>  #include <sys/fcntl.h>
>+ #include <sys/syslog.h>
>  #include <sys/acct.h>
>  #include <sys/exec.h>
>  #include <sys/imgact.h>
>***************
>*** 678,691 ****
>  
>  	/*
>  	 * 1) Check if file execution is disabled for the filesystem that this
>! 	 *	file resides on.
>  	 * 2) Insure that at least one execute bit is on - otherwise root
>  	 *	will always succeed, and we don't want to happen unless the
>  	 *	file really is executable.
>  	 * 3) Insure that the file is a regular file.
>  	 */
>! 	if ((vp->v_mount->mnt_flag & MNT_NOEXEC) ||
>! 	    ((attr->va_mode & 0111) == 0) ||
>  	    (attr->va_type != VREG)) {
>  		return (EACCES);
>  	}
>--- 679,699 ----
>  
>  	/*
>  	 * 1) Check if file execution is disabled for the filesystem that this
>! 	 *	file resides on. In that case, log the attempt. It can be
>! 	 *	part of an attack.
>! 	 */
>! 	if (vp->v_mount->mnt_flag & MNT_NOEXEC) {
>! 		log(LOG_NOTICE, "UID %d tried to execute %s in a noexec filesystem", imgp->proc->p_ucred->cr_uid, imgp->fname);
>! 		return (EACCES);
>! 	}
>! 
>! 	/*
>  	 * 2) Insure that at least one execute bit is on - otherwise root
>  	 *	will always succeed, and we don't want to happen unless the
>  	 *	file really is executable.
>  	 * 3) Insure that the file is a regular file.
>  	 */
>! 	if (((attr->va_mode & 0111) == 0) ||
>  	    (attr->va_type != VREG)) {
>  		return (EACCES);
>  	}

Actions: View | Diff

Attachments on bug 15435: 6978