author | Casper H.S. Dik <Casper.Dik@Sun.COM> |
Wed, 28 Apr 2010 10:01:37 +0200 | |
changeset 12273 | 63678502e95e |
parent 11798 | 1e7f1f154004 |
permissions | -rw-r--r-- |
0 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
1335
99d6f0945b8f
6361644 Differences in SUID scripts between S9 and S10
casper
parents:
0
diff
changeset
|
5 |
* Common Development and Distribution License (the "License"). |
99d6f0945b8f
6361644 Differences in SUID scripts between S9 and S10
casper
parents:
0
diff
changeset
|
6 |
* You may not use this file except in compliance with the License. |
0 | 7 |
* |
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
7838
cfb39999d184
PSARC 2008/622 32-bit Address Restriction Software Capabilities Flag
Roger A. Faulkner <Roger.Faulkner@Sun.COM>
parents:
6229
diff
changeset
|
21 |
|
0 | 22 |
/* |
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
11798
diff
changeset
|
23 |
* Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved. |
0 | 24 |
*/ |
25 |
||
26 |
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ |
|
27 |
/* All Rights Reserved */ |
|
28 |
||
29 |
#ifndef _SYS_EXEC_H |
|
30 |
#define _SYS_EXEC_H |
|
31 |
||
32 |
#include <sys/systm.h> |
|
33 |
#include <vm/seg.h> |
|
34 |
#include <vm/seg_vn.h> |
|
35 |
#include <sys/model.h> |
|
36 |
#include <sys/uio.h> |
|
37 |
#include <sys/corectl.h> |
|
4440
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
38 |
#include <sys/machelf.h> |
0 | 39 |
|
40 |
#ifdef __cplusplus |
|
41 |
extern "C" { |
|
42 |
#endif |
|
43 |
||
44 |
/* |
|
45 |
* Number of bytes to read for magic string |
|
46 |
*/ |
|
47 |
#define MAGIC_BYTES 8 |
|
48 |
||
49 |
#define getexmag(x) (((x)[0] << 8) + (x)[1]) |
|
50 |
||
51 |
typedef struct execa { |
|
52 |
const char *fname; |
|
53 |
const char **argp; |
|
54 |
const char **envp; |
|
55 |
} execa_t; |
|
56 |
||
57 |
typedef struct execenv { |
|
58 |
caddr_t ex_bssbase; |
|
59 |
caddr_t ex_brkbase; |
|
60 |
size_t ex_brksize; |
|
61 |
vnode_t *ex_vp; |
|
62 |
short ex_magic; |
|
63 |
} execenv_t; |
|
64 |
||
65 |
#ifdef _KERNEL |
|
66 |
||
67 |
#define LOADABLE_EXEC(e) ((e)->exec_lock) |
|
68 |
#define LOADED_EXEC(e) ((e)->exec_func) |
|
69 |
||
70 |
||
71 |
/* |
|
72 |
* User argument structure for passing exec information around between the |
|
73 |
* common and machine-dependent portions of exec and the exec modules. |
|
74 |
*/ |
|
75 |
typedef struct uarg { |
|
76 |
ssize_t na; |
|
77 |
ssize_t ne; |
|
78 |
ssize_t nc; |
|
79 |
ssize_t arglen; |
|
80 |
char *fname; |
|
81 |
char *pathname; |
|
82 |
ssize_t auxsize; |
|
83 |
caddr_t stackend; |
|
84 |
size_t stk_align; |
|
85 |
size_t stk_size; |
|
86 |
char *stk_base; |
|
87 |
char *stk_strp; |
|
88 |
int *stk_offp; |
|
89 |
size_t usrstack_size; |
|
90 |
uint_t stk_prot; |
|
91 |
uint_t dat_prot; |
|
92 |
int traceinval; |
|
7838
cfb39999d184
PSARC 2008/622 32-bit Address Restriction Software Capabilities Flag
Roger A. Faulkner <Roger.Faulkner@Sun.COM>
parents:
6229
diff
changeset
|
93 |
int addr32; |
0 | 94 |
model_t to_model; |
95 |
model_t from_model; |
|
96 |
size_t to_ptrsize; |
|
97 |
size_t from_ptrsize; |
|
98 |
size_t ncargs; |
|
99 |
struct execsw *execswp; |
|
100 |
uintptr_t entry; |
|
101 |
uintptr_t thrptr; |
|
4528 | 102 |
vnode_t *ex_vp; |
2712
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
103 |
char *emulator; |
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
104 |
char *brandname; |
6229 | 105 |
char *auxp_auxflags; /* addr of auxflags auxv on the user stack */ |
4642
d7554fc0577a
6572719 ld.so on sparc and amd64 should be brand aware
sl108498
parents:
4528
diff
changeset
|
106 |
char *auxp_brand; /* address of first brand auxv on user stack */ |
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
11798
diff
changeset
|
107 |
cred_t *pfcred; |
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
11798
diff
changeset
|
108 |
boolean_t scrubenv; |
0 | 109 |
} uarg_t; |
110 |
||
111 |
/* |
|
2712
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
112 |
* Possible brand actions for exec. |
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
113 |
*/ |
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
114 |
#define EBA_NONE 0 |
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
115 |
#define EBA_NATIVE 1 |
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
116 |
#define EBA_BRAND 2 |
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
117 |
|
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
118 |
/* |
0 | 119 |
* The following macro is a machine dependent encapsulation of |
120 |
* postfix processing to hide the stack direction from elf.c |
|
121 |
* thereby making the elf.c code machine independent. |
|
122 |
*/ |
|
123 |
#define execpoststack(ARGS, ARRAYADDR, BYTESIZE) \ |
|
124 |
(copyout((caddr_t)(ARRAYADDR), (ARGS)->stackend, (BYTESIZE)) ? EFAULT \ |
|
125 |
: (((ARGS)->stackend += (BYTESIZE)), 0)) |
|
126 |
||
127 |
/* |
|
128 |
* This provides the current user stack address for an object of size BYTESIZE. |
|
129 |
* Used to determine the stack address just before applying execpoststack(). |
|
130 |
*/ |
|
131 |
#define stackaddress(ARGS, BYTESIZE) ((ARGS)->stackend) |
|
132 |
||
133 |
/* |
|
134 |
* Macro to add attribute/values the aux vector under construction. |
|
135 |
*/ |
|
136 |
/* BEGIN CSTYLED */ |
|
137 |
#if ((_LONG_ALIGNMENT == (2 * _INT_ALIGNMENT)) || \ |
|
138 |
(_POINTER_ALIGNMENT == (2 * _INT_ALIGNMENT))) |
|
139 |
/* END CSTYLED */ |
|
140 |
/* |
|
141 |
* This convoluted stuff is necessitated by the fact that there is |
|
142 |
* potential padding in the aux vector, but not necessarily and |
|
143 |
* without clearing the padding there is a small, but potential |
|
144 |
* security hole. |
|
145 |
*/ |
|
146 |
#define ADDAUX(p, a, v) { \ |
|
147 |
(&(p)->a_type)[1] = 0; \ |
|
148 |
(p)->a_type = (a); \ |
|
149 |
(p)->a_un.a_val = (v); \ |
|
150 |
++(p); \ |
|
151 |
} |
|
152 |
#else |
|
153 |
#define ADDAUX(p, a, v) { \ |
|
154 |
(p)->a_type = (a); \ |
|
155 |
((p)++)->a_un.a_val = (v); \ |
|
156 |
} |
|
157 |
#endif |
|
158 |
||
159 |
#define INTPSZ MAXPATHLEN |
|
160 |
typedef struct intpdata { |
|
161 |
char *intp; |
|
162 |
char *intp_name; |
|
163 |
char *intp_arg; |
|
164 |
} intpdata_t; |
|
165 |
||
1335
99d6f0945b8f
6361644 Differences in SUID scripts between S9 and S10
casper
parents:
0
diff
changeset
|
166 |
#define EXECSETID_SETID 0x1 /* setid exec */ |
99d6f0945b8f
6361644 Differences in SUID scripts between S9 and S10
casper
parents:
0
diff
changeset
|
167 |
#define EXECSETID_UGIDS 0x2 /* [ug]ids mismatch */ |
99d6f0945b8f
6361644 Differences in SUID scripts between S9 and S10
casper
parents:
0
diff
changeset
|
168 |
#define EXECSETID_PRIVS 0x4 /* more privs than before */ |
99d6f0945b8f
6361644 Differences in SUID scripts between S9 and S10
casper
parents:
0
diff
changeset
|
169 |
|
0 | 170 |
struct execsw { |
171 |
char *exec_magic; |
|
172 |
int exec_magoff; |
|
173 |
int exec_maglen; |
|
174 |
int (*exec_func)(struct vnode *vp, struct execa *uap, |
|
175 |
struct uarg *args, struct intpdata *idata, int level, |
|
176 |
long *execsz, int setid, caddr_t exec_file, |
|
2712
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
177 |
struct cred *cred, int brand_action); |
0 | 178 |
int (*exec_core)(struct vnode *vp, struct proc *p, |
179 |
struct cred *cred, rlim64_t rlimit, int sig, |
|
180 |
core_content_t content); |
|
181 |
krwlock_t *exec_lock; |
|
182 |
}; |
|
183 |
||
9694
78fafb281255
6795209 Enable compilation of ON-consolidation with GCC 4.2
Scott Rotondo <Scott.Rotondo@Sun.COM>
parents:
9521
diff
changeset
|
184 |
extern int nexectype; /* number of elements in execsw */ |
78fafb281255
6795209 Enable compilation of ON-consolidation with GCC 4.2
Scott Rotondo <Scott.Rotondo@Sun.COM>
parents:
9521
diff
changeset
|
185 |
extern struct execsw execsw[]; |
78fafb281255
6795209 Enable compilation of ON-consolidation with GCC 4.2
Scott Rotondo <Scott.Rotondo@Sun.COM>
parents:
9521
diff
changeset
|
186 |
extern kmutex_t execsw_lock; |
78fafb281255
6795209 Enable compilation of ON-consolidation with GCC 4.2
Scott Rotondo <Scott.Rotondo@Sun.COM>
parents:
9521
diff
changeset
|
187 |
|
0 | 188 |
extern short elfmagic; |
189 |
extern short intpmagic; |
|
190 |
extern short javamagic; |
|
191 |
#if defined(__sparc) |
|
192 |
extern short aout_zmagic; |
|
193 |
extern short aout_nmagic; |
|
194 |
extern short aout_omagic; |
|
195 |
#endif |
|
196 |
extern short nomagic; |
|
197 |
||
198 |
extern char elf32magicstr[]; |
|
199 |
extern char elf64magicstr[]; |
|
200 |
extern char intpmagicstr[]; |
|
201 |
extern char javamagicstr[]; |
|
202 |
#if defined(__sparc) |
|
203 |
extern char aout_nmagicstr[]; |
|
204 |
extern char aout_zmagicstr[]; |
|
205 |
extern char aout_omagicstr[]; |
|
206 |
#endif |
|
207 |
extern char nomagicstr[]; |
|
208 |
||
209 |
extern int exec_args(execa_t *, uarg_t *, intpdata_t *, void **); |
|
210 |
extern int exece(const char *fname, const char **argp, const char **envp); |
|
211 |
extern int exec_common(const char *fname, const char **argp, |
|
2712
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
212 |
const char **envp, int brand_action); |
0 | 213 |
extern int gexec(vnode_t **vp, struct execa *uap, struct uarg *args, |
214 |
struct intpdata *idata, int level, long *execsz, caddr_t exec_file, |
|
2712
f74a135872bc
PSARC/2005/471 BrandZ: Support for non-native zones
nn35248
parents:
1335
diff
changeset
|
215 |
struct cred *cred, int brand_action); |
0 | 216 |
extern struct execsw *allocate_execsw(char *name, char *magic, |
217 |
size_t magic_size); |
|
218 |
extern struct execsw *findexecsw(char *magic); |
|
219 |
extern struct execsw *findexec_by_hdr(char *header); |
|
220 |
extern struct execsw *findexec_by_magic(char *magic); |
|
221 |
extern int execpermissions(struct vnode *vp, struct vattr *vattrp, |
|
222 |
struct uarg *args); |
|
223 |
extern int execmap(vnode_t *vp, caddr_t addr, size_t len, size_t zfodlen, |
|
224 |
off_t offset, int prot, int page, uint_t); |
|
225 |
extern void setexecenv(struct execenv *ep); |
|
226 |
extern int execopen(struct vnode **vpp, int *fdp); |
|
227 |
extern int execclose(int fd); |
|
228 |
extern void setregs(uarg_t *); |
|
229 |
extern void exec_set_sp(size_t); |
|
230 |
||
231 |
/* |
|
4440
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
232 |
* Utility functions for branded process executing |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
233 |
*/ |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
234 |
#if !defined(_ELF32_COMPAT) |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
235 |
/* |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
236 |
* When compiling 64-bit kernels we don't want these definitions included |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
237 |
* when compiling the 32-bit compatability elf code in the elfexec module. |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
238 |
*/ |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
239 |
extern int elfexec(vnode_t *, execa_t *, uarg_t *, intpdata_t *, int, |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
240 |
long *, int, caddr_t, cred_t *, int); |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
241 |
extern int mapexec_brand(vnode_t *, uarg_t *, Ehdr *, Addr *, |
4642
d7554fc0577a
6572719 ld.so on sparc and amd64 should be brand aware
sl108498
parents:
4528
diff
changeset
|
242 |
intptr_t *, caddr_t, int *, caddr_t *, caddr_t *, size_t *, uintptr_t *); |
4440
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
243 |
#endif /* !_ELF32_COMPAT */ |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
244 |
|
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
245 |
#if defined(_LP64) |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
246 |
extern int elf32exec(vnode_t *, execa_t *, uarg_t *, intpdata_t *, int, |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
247 |
long *, int, caddr_t, cred_t *, int); |
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
248 |
extern int mapexec32_brand(vnode_t *, uarg_t *, Elf32_Ehdr *, Elf32_Addr *, |
4642
d7554fc0577a
6572719 ld.so on sparc and amd64 should be brand aware
sl108498
parents:
4528
diff
changeset
|
249 |
intptr_t *, caddr_t, int *, caddr_t *, caddr_t *, size_t *, uintptr_t *); |
d7554fc0577a
6572719 ld.so on sparc and amd64 should be brand aware
sl108498
parents:
4528
diff
changeset
|
250 |
#endif /* _LP64 */ |
4440
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
251 |
|
566ce8b5e131
6562537 brandz elfexec support code assumes 32-bit elf binaries
edp
parents:
2991
diff
changeset
|
252 |
/* |
0 | 253 |
* Utility functions for exec module core routines: |
254 |
*/ |
|
255 |
extern int core_seg(proc_t *, vnode_t *, offset_t, caddr_t, |
|
256 |
size_t, rlim64_t, cred_t *); |
|
257 |
||
258 |
extern int core_write(vnode_t *, enum uio_seg, offset_t, |
|
259 |
const void *, size_t, rlim64_t, cred_t *); |
|
260 |
||
261 |
/* a.out stuff */ |
|
262 |
||
263 |
struct exec; |
|
264 |
||
265 |
extern caddr_t gettmem(struct exec *exp); |
|
266 |
extern caddr_t getdmem(struct exec *exp); |
|
267 |
extern ulong_t getdfile(struct exec *exp); |
|
268 |
extern uint_t gettfile(struct exec *exp); |
|
269 |
extern int chkaout(struct exdata *exp); |
|
270 |
extern void getexinfo(struct exdata *edp_in, struct exdata *edp_out, |
|
271 |
int *pagetext, int *pagedata); |
|
272 |
||
273 |
#endif /* _KERNEL */ |
|
274 |
||
275 |
#ifdef __cplusplus |
|
276 |
} |
|
277 |
#endif |
|
278 |
||
279 |
#endif /* _SYS_EXEC_H */ |