diff options
| author | Sergey Bugaev <bugaevc@gmail.com> | 2021-05-29 17:56:38 +0300 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2022-08-10 22:15:20 +0200 |
| commit | ffead1cbcaa1db5db525403043e27d618af8752b (patch) | |
| tree | 1ec345c657e4d4b71e006f6eaef06b5bfc3b68a8 /libshouldbeinlibc | |
| parent | 281396c87082d7d09a651c5f614cf3767dcc15e3 (diff) | |
| download | hurd-ffead1cbcaa1db5db525403043e27d618af8752b.tar.gz hurd-ffead1cbcaa1db5db525403043e27d618af8752b.tar.bz2 hurd-ffead1cbcaa1db5db525403043e27d618af8752b.zip | |
libshouldbeinlibc: Do not reauthenticate proc port when secure
exec_reauth () is supposed to reauthenticate the given ports and file
descriptors with a new authentication. If the secure flag is set, this
reauthentication is happening for a future exec with the EXEC_SECURE
flag.
Now that the exec server uses proc_reauthenticate_reassign (), the process
reauthentication is done atomically with task reassignment by the exec
server. So stop doing it inside exec_reauth ().
This fixes a vulnerability where a process was able to use its
reauthenticated proc port before it got exec'ed over.
Diffstat (limited to 'libshouldbeinlibc')
| -rw-r--r-- | libshouldbeinlibc/exec-reauth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libshouldbeinlibc/exec-reauth.c b/libshouldbeinlibc/exec-reauth.c index 263b1408..cd217e02 100644 --- a/libshouldbeinlibc/exec-reauth.c +++ b/libshouldbeinlibc/exec-reauth.c @@ -93,7 +93,7 @@ exec_reauth (auth_t auth, int secure, int must_reauth, else err = reauth (&ports[INIT_PORT_CRDIR], 0); } - if (!err) + if (!err && !secure) err = reauth (&ports[INIT_PORT_PROC], 1); if (!err) err = reauth (&ports[INIT_PORT_CWDIR], 0); |