| Age | Commit message (Collapse) | Author |
|---|
|
Use a struct hurd_port for the cached exec server port,
so it is properly reference-counted and locked.
* boot-start.c (diskfs_exec): Variable removed.
(diskfs_start_bootstrap): Make it a local here.
Install that port in _diskfs_exec_portcell.
(diskfs_S_fsys_init): Use _diskfs_exec_portcell instead
of diskfs_exec.
* init-init.c (_diskfs_exec_portcell): New variable.
(diskfs_init_diskfs): Initialize it.
* priv.h: Declare it.
* diskfs.h (diskfs_exec, diskfs_exec_ctl): Remove decls.
* file-exec.c (diskfs_S_file_exec): Use _diskfs_exec_portcell instead
of diskfs_exec.
|
|
* file-exec.c (diskfs_S_file_exec): If exec server port is stale, try
once to look up a new one.
|
|
Prepend "_diskfs" to uses of NOSUID & NOEXEC.
|
|
* priv.h (nosuid, noexec): New variables.
* init-init.c (nosuid, noexec): New variables, initialized to zero.
* file-exec.c (diskfs_S_file_exec): If noexec is on, then prohibit
all execution with EACCES. If nosuid is on, then prohibit setuid
or setgid execution by silently omitting the uid substitution.
* opts-std-startup.c (parse_startup_opt): Implement --no-suid and
--no-exec.
* opts-common.c (diskfs_common_options): Add --no-suid and
--no-exec.
* opts-std-runtime.c (struct parse_hook): Add nosuid and noexec.
(parse_opt) [cases 'S', 'E', OPT_SUID_OK, OPT_EXEC_OK] Understand
--no-suid, --no-exec, --suid-ok, and --exec-ok.
(parse_opt) [case ARGP_KEY_INIT]: Initialize H->nosuid and
H->noexec.
(OPT_SUID_OK, OPT_EXEC_OK): New macros.
(std_runtime_options): Add --suid-ok and --exec-ok.
(set_opts): Set nosuid and noexec from H->nosuid and H->noexec.
* opts-common.c (diskfs_common_options): Rename --nosync to
--no-sync; leave --nosync as an alias.
|
|
* file-exec.c: Include <fcntl.h> instead of <fcntlbits.h>.
Suggested by Marcus G. Daniels (marcus@cathcart.sysc.pdx.edu).
Mon Jun 30 17:26:38 1997 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* diskfs.h (diskfs_hard_readonly): New variable.
(diskfs_readonly): Doc change.
* readonly.c (diskfs_readonly): Provide initialized declaration.
(diskfs_check_readonly): If we cannot write the media and so we
switch to readonly, set diskfs_hard_readonly too.
(diskfs_set_readonly): If diskfs_hard_readonly is set, then
inhibit any attempt to clear readonly status.
|
|
Pass a prototype peropen instead of the dotdotport and depth to
diskfs_make_peropen.
|
|
Supply DEPTH argument to diskfs_make_peropen.
|
|
* protid-rele.c (diskfs_protid_rele): Free CRED->user.
Wed Nov 6 17:55:17 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* diskfs.h (diskfs_isuid, diskfs_groupmember, diskfs_isowner,
diskfs_access, diskfs_checkdirmod): Delete functions.
* fsys-getroot.c (diskfs_S_fsys_getroot): Replace PSEUDOCRED with
a real iouser and specify that in the relevant calls.
* io-restrict-auth.c (diskfs_S_io_restrict_auth): Reworked to use
idvecs.
* file-chmod.c (diskfs_S_file_chmod): diskfs_isuid ->
idvec_contains.
* file-chown.c (diskfs_S_file_chown): Likewise.
* file-getcontrol.c (diskfs_S_file_getcontrol): Likewise.
* file-chmod.c (diskfs_S_file_chmod): diskfs_groupmember ->
idvec_contains.
* file-chown.c (diskfs_S_file_chown): Likewise.
* node-create.c (diskfs_create_node): Likewise.
* dir-lookup.c (diskfs_S_dir_lookup): diskfs_isowner ->
fshelp_isowner.
* file-chflags.c (diskfs_S_file_chflags): Likewise.
* file-chmod.c (diskfs_S_file_chmod): Likewise.
* file-chown.c (diskfs_S_file_chown): Likewise.
* file-get-transcntl.c (diskfs_S_file_get_translator_cntl):
Likewise.
* file-set-trans.c (diskfs_S_file_set_translator): Likewise.
* file-utimes.c (diskfs_S_file_utimes): Likewise.
* fsys-getroot.c (diskfs_S_fsys_getroot): Likewise.
* lithp.h (dithkfth_ithowner): Deleted macro.
(fthhelp_ithowner, uther): New macros.
* file-chauthor.c (dithkfth_TH_file_chauthor): dthkfth_ithowner ->
fthhelp_ithowner.
* dir-lookup.c (diskfs_S_dir_lookup): diskfs_access ->
fshelp_access.
* dir-mkfile.c (diskfs_S_dir_mkfile): Likewise.
* file-access.c (diskfs_S_file_check_access): Likewise.
* file-exec.c (diskfs_S_file_exec): Likewise (in dead code).
* fsys-getroot.c (diskfs_S_fsys_getroot): Likewise.
* ifsock.c (diskfs_S_ifsock_getsockaddr): Likewise.
* lookup.c (diskfs_lookup): Likewise.
(diskfs_lookup): diskfs_checkdirmod -> fshelp_checkdirmod.
* dir-lookup.c (diskfs_S_dir_lookup): New arg format for
fshelp_fetch_root.
* fsys-getroot.c (diskfs_S_fsys_getroot): Likewise.
* diskfs.h, protid-make.c (diskfs_create_protid): Delete args
`uids', `gids', `nuids', and `ngids'. Replace with new arg
`user'. All callers changed.
(diskfs_finish_protid): Likewise.
* file-inv-trans.c (diskfs_S_file_invoke_translator): Use
CRED->user instead of old fields.
* io-restrict-auth.c (diskfs_S_io_restrict_auth): Likewise.
* node-create.c (diskfs_create_node): Likewise.
* file-exec.c (diskfs_S_file_exec): Likewise. Use idvec_merge
instead of idvec_merge_ids, now that it's convenient.
* io-reauthenticate.c (diskfs_S_io_reauthenticate): Use new
iohelp_reauthenticate.
Tue Nov 5 21:10:18 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* diskfs.h: Include <idvec.h>.
(struct protid): Delete members `uids', `gids', `nuids' and
`ngids'. New member `user'.
|
|
Unlock NP before we attempt to do setuid/setgid (which otherwise can
deadlock during port reauth).
Pay attention to the error code returned by fshelp_exec_reauth, and don't
make NEWPI if it's an error.
Initialize ERR.
|
|
diskfs_make_protid, and deal with an error return.
|
|
(setid, scan_ids): Functions deleted.
|
|
Always reauth the proc port, as exec does not do it, even in the secure
case. Set the proc's owner too.
|
|
Don't touch the return params unless we succeed.
Add SETID parameter, and just copy old into new unless it's set.
Handle the NOLDGENIDS == 0 case correctly.
(diskfs_S_file_exec):
Use the new setid() properly.
Make sure that {GEN,AUX}{UIDS,GIDS} are always in a state where they can be
freed.
|
|
(scan_ids): Moved out of diskfs_S_file_exec.
(diskfs_S_file_exec):
Move duplicated code into setid().
Make the bogus auth port case work correctly.
Deleted old ifdefed-out code.
Enable setuid code.
|
|
port; just deallocate it.
|
|
directory. Dike out totally bogus set[ug]id code. Bother to lock NP
around critical section.
|
|
diskfs_make_protid.
|
|
|
|
to MACH_MSG_TYPE_COPY_SEND.
|
|
because it consumes a reference, which will be consumed again by
mach_msg_server if we return an error. So use COPY_SEND instead, and
deallocate the rights ourselves only when we are to return success.
|
|
|
|
|
|
|
|
here. (Later, we should also deal if exec_exec returns that the
previous server died.)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
