[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS: cvs.openbsd.org: src
- To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
- Subject: CVS: cvs.openbsd.org: src
- From: Artur Grabowski <art_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
- Date: Thu, 28 Sep 2000 07:41:39 -0600 (MDT)
- Reply-to: Artur Grabowski <art_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
Module name: src
Changes by: art_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org 2000/09/28 07:41:39
sys/kern : kern_exec.c
When allocating the unallocated file descriptors 0, 1 and 2 for suid execs,
don't do it by doing namei on /dev/null.
The vnode for the executed file is locked and we had a race where other
processes could lock the parent directories up to the root. When the
executing process did the lookup on /dev/null it could deadlock on the
root vnode while still holding the lock on the executed vnode.
Also, it's really bad idea to depend on certain filesystem layout inside
the kernel. Now we get the null device vnode by cdevvp(getnulldev(), ...
Thanks to Matrin Portmann <map_(_at_)_infinitum_(_dot_)_ch> for providing the (large)
ktrace that allowed me to track this down.
Visit your host, monkey.org