summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--exec/exec.c69
1 files changed, 35 insertions, 34 deletions
diff --git a/exec/exec.c b/exec/exec.c
index a3758c0e..ff0e7836 100644
--- a/exec/exec.c
+++ b/exec/exec.c
@@ -1320,40 +1320,6 @@ do_exec (file_t file,
if (e.error)
goto stdout;
use (INIT_PORT_PROC, new, 0, 1);
-
- if (secure)
- {
- /* Find out what our UID is from the auth server. */
- neuids = negids = nauids = nagids = 10;
- euids = euidbuf, egids = egidbuf;
- auids = auidbuf, agids = agidbuf;
- e.error = auth_getids (boot->portarray[INIT_PORT_AUTH],
- &euids, &neuids, &auids, &nauids,
- &egids, &negids, &agids, &nagids);
- if (e.error)
- goto stdout;
-
- /* Set the owner with the proc server */
- e.error = proc_setowner (boot->portarray[INIT_PORT_PROC],
- neuids ? euids[0] : 0, !neuids);
-
- /* Clean up */
- if (euids != euidbuf)
- vm_deallocate (mach_task_self (), (vm_address_t) euids,
- neuids * sizeof (uid_t));
- if (egids != egidbuf)
- vm_deallocate (mach_task_self (), (vm_address_t) egids,
- negids * sizeof (uid_t));
- if (auids != auidbuf)
- vm_deallocate (mach_task_self (), (vm_address_t) auids,
- nauids * sizeof (uid_t));
- if (agids != agidbuf)
- vm_deallocate (mach_task_self (), (vm_address_t) agids,
- nagids * sizeof (uid_t));
-
- if (e.error)
- goto stdout;
- }
}
else if (oldtask != newtask && oldtask != MACH_PORT_NULL
&& boot->portarray[INIT_PORT_PROC] != MACH_PORT_NULL)
@@ -1579,6 +1545,41 @@ do_exec (file_t file,
mach_port_deallocate (mach_task_self (), oldtask);
}
+ /* Make sure the proc server has the right idea of our identity. */
+ if (secure)
+ {
+ /* Find out what our UID is from the auth server. */
+ neuids = negids = nauids = nagids = 10;
+ euids = euidbuf, egids = egidbuf;
+ auids = auidbuf, agids = agidbuf;
+ e.error = auth_getids (boot->portarray[INIT_PORT_AUTH],
+ &euids, &neuids, &auids, &nauids,
+ &egids, &negids, &agids, &nagids);
+ if (e.error)
+ goto stdout;
+
+ /* Set the owner with the proc server */
+ /* Not much we can do about errors here; caller is responsible
+ for making sure that the provided proc port is correctly
+ authenticated anyhow. */
+ proc_setowner (boot->portarray[INIT_PORT_PROC],
+ neuids ? euids[0] : 0, !neuids);
+
+ /* Clean up */
+ if (euids != euidbuf)
+ vm_deallocate (mach_task_self (), (vm_address_t) euids,
+ neuids * sizeof (uid_t));
+ if (egids != egidbuf)
+ vm_deallocate (mach_task_self (), (vm_address_t) egids,
+ negids * sizeof (uid_t));
+ if (auids != auidbuf)
+ vm_deallocate (mach_task_self (), (vm_address_t) auids,
+ nauids * sizeof (uid_t));
+ if (agids != agidbuf)
+ vm_deallocate (mach_task_self (), (vm_address_t) agids,
+ nagids * sizeof (uid_t));
+ }
+
{
mach_port_t btport = ports_get_right (boot);
mach_port_insert_right (mach_task_self (), btport, btport,