[prev in list] [next in list] [prev in thread] [next in thread]
List: opensolaris-code
Subject: Re: [osol-code] Bug 6613349 setuid not allowed message could be
From: "Jason King" <jason () ansipunx ! net>
Date: 2008-01-29 13:53:06
Message-ID: fa9202c30801290553i61b7fd82gc6bf66e4aeed0acb () mail ! gmail ! com
[Download RAW message or body]
On Jan 29, 2008 7:48 AM, <Casper.Dik@sun.com> wrote:
>
>
> >> My personal stance on this one is that it'd be a good idea to report the
> >> mountpoint instead of the device major/minor. What did you have in mind ?
> >
> >Here's what I was thinking:
> >
> >--- a/usr/src/uts/common/os/exec.c Mon Oct 08 20:24:50 2007 -0700
> >+++ b/usr/src/uts/common/os/exec.c Fri Oct 05 17:02:44 2007 -0600
> >@@ -604,8 +604,12 @@ gexec(
> > if ((vp->v_vfsp->vfs_flag & VFS_NOSETUID) &&
> > (vattr.va_mode & (VSUID|VSGID))) {
> > cmn_err(CE_NOTE,
> >- "!%s, uid %d: setuid execution not allowed, dev=%lx",
> >- exec_file, cred->cr_uid, vp->v_vfsp->vfs_dev);
> >+ "zone: %s, uid %d: setuid execution not allowed, "
> >+ "file=%s",
> >+ cred->cr_zone->zone_name, cred->cr_uid, args->pathname);
> >
> >I wasn't sure what things in the vnode might be valid for use in this
> >context (i.e. would vp->v_vfsp->vfs_mntpt be safe to deference),
> >however the args struct from all appearances seems to be safe. For
> >me, I'm more interested in knowing what was being run (or attempted at
> >least). exec_file appears (if I'm understanding the code correctly)
> >to be the unresolved path, while args->pathname appears to be the
> >resolved pathname.
>
> Note that args->pathname may be an simple relative pathname.
>
> Why have you removed the initial '!' from the message?
>
> It has special meaning to cmn_err.
Because I forgot about that with cmn_err :) I will add it back in.
>
> >I was also wondering if perhaps instead of cmn_err, if it should be
> >zcmn_err instead -- seems like it should go to the zone's console
> >where the suid violation occurred instead of always to the global zone
> >(or perhaps both).
> >
> >If you have any suggestions on that, please let me know (though I'm
> >guessing it'd be better to move the discussion to a different list if
> >more discussion is needed). If not, I'll try to get you a build log
> >from that sometime in the next few days.
>
> May I suggest opensolaris-code?
Done.
>
> Casper
>
>
_______________________________________________
opensolaris-code mailing list
opensolaris-code@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic