| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Message-Id: <20230508213136.608575-5-bugaevc@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Now that it's completely unused.
procinfo.owner is now simply set to the first UID that a process has.
proc_setowner () is kept for compatibility, but now does nothing.
The clients still try to call it, though, for compatibility with older
proc server versions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
exec_reauth () is supposed to reauthenticate the given ports and file
descriptors with a new authentication. If the secure flag is set, this
reauthentication is happening for a future exec with the EXEC_SECURE
flag.
Now that the exec server uses proc_reauthenticate_reassign (), the process
reauthentication is done atomically with task reassignment by the exec
server. So stop doing it inside exec_reauth ().
This fixes a vulnerability where a process was able to use its
reauthenticated proc port before it got exec'ed over.
|
| |
|
|
|
| |
* libfshelp/exec-reauth.c (fshelp_exec_reauth): Set gid in eff_gids and
avail_gids instead of in eff_uids, and avail_uids.
|
| |
|
|
|
| |
* exec-reauth.c (fshelp_exec_reauth): Always set *SECURE if nonnull,
as the comment says we do.
|
| |
|
|
|
|
| |
* exec-reauth.c (fshelp_exec_reauth): If the new set of eff_uids
is empty, then still do proc_setowner, but this time to set it to
"unowned" status.
|
| | |
|
| | |
|
| | |
|
| |
|
