Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6896514 tss code doesn't do correct privilege check when using mlock
authorDan Anderson <dan.anderson@oracle.com>
Mon, 23 Apr 2012 09:17:24 -0700
changeset 791 4b6378a2fe0a
parent 790 dcdb1da2980b
child 792 5aa7760aa098
6896514 tss code doesn't do correct privilege check when using mlock 7162897 tcsd daemon goes into maintenance mode after reboot
components/trousers/patches/tcsd_svrside.c.patch file | annotate | diff | comparison | revisions
components/trousers/patches/tspi_tsp_policy.c.patch file | annotate | diff | comparison | revisions 
--- a/components/trousers/patches/tcsd_svrside.c.patch	Mon Apr 23 09:12:44 2012 -0700
+++ b/components/trousers/patches/tcsd_svrside.c.patch	Mon Apr 23 09:17:24 2012 -0700
@@ -1,5 +1,5 @@
 --- src/tcsd/svrside.c	2010-06-09 13:19:00.000000000 -0700
-+++ src/tcsd/svrside.c	2012-04-11 14:37:28.993408000 -0700
++++ src/tcsd/svrside.c	2012-04-19 11:27:31.232524632 -0700
 @@ -27,6 +27,15 @@
  #include <arpa/inet.h>
  #include <errno.h>
@@ -210,7 +210,7 @@
  	char *hostname = NULL;
  	struct passwd *pwd;
  	struct hostent *client_hostent = NULL;
-@@ -245,26 +418,49 @@
+@@ -245,26 +418,50 @@
  	if ((result = tcsd_startup()))
  		return (int)result;
  
@@ -231,6 +231,7 @@
 +		serv_addr.un.sun_family = AF_UNIX;
 +		strncpy(serv_addr.un.sun_path, TCSD_DEFAULT_SOCKET,
 +			sizeof (serv_addr.un.sun_path));
++		(void) unlink(TCSD_DEFAULT_SOCKET);
 +
 +	} else { /* TCP socket */
 +		sd = socket(AF_INET, SOCK_STREAM, 0);
@@ -279,7 +280,7 @@
  		LogError("Failed bind: %s", strerror(errno));
  		return -1;
  	}
-@@ -285,7 +481,6 @@
+@@ -285,7 +482,6 @@
  		LogError("Failed listen: %s", strerror(errno));
  		return -1;
  	}
@@ -287,7 +288,7 @@
  	
  	if (getenv("TCSD_FOREGROUND") == NULL) {
  		if (daemon(0, 0) == -1) {
-@@ -295,6 +490,12 @@
+@@ -295,6 +491,12 @@
  		}
  	}
  
@@ -300,7 +301,7 @@
  	LogInfo("%s: TCSD up and running.", PACKAGE_STRING);
  	do {
  		newsd = accept(sd, (struct sockaddr *) &client_addr, &client_len);
-@@ -314,20 +515,22 @@
+@@ -314,20 +516,22 @@
  		}
  		LogDebug("accepted socket %i", newsd);
  
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tspi_tsp_policy.c.patch	Mon Apr 23 09:17:24 2012 -0700
@@ -0,0 +1,40 @@
+--- src/tspi/tsp_policy.c	2010-05-01 19:39:11.000000000 -0700
++++ src/tspi/tsp_policy.c	2012-04-20 18:10:16.757128000 -0700
+@@ -86,15 +86,13 @@
+ int
+ pin_mem(void *addr, size_t len)
+ {
+-	/* only root can lock pages into RAM */
+-	if (getuid() != (uid_t)0) {
+-		LogWarn("Not pinning secrets in memory due to insufficient perms.");
+-		return 0;
+-	}
+-
+ 	len += (uintptr_t)addr & PGOFFSET;
+ 	addr = (void *)((uintptr_t)addr & PGMASK);
+ 	if (mlock(addr, len) == -1) {
++		if (errno == EPERM) {
++			LogWarn("Not pinning secrets in memory due to insufficient perms.");
++			return 0;
++		}
+ 		LogError("mlock: %s", strerror(errno));
+ 		return 1;
+ 	}
+@@ -105,14 +103,12 @@
+ int
+ unpin_mem(void *addr, size_t len)
+ {
+-	/* only root can lock pages into RAM */
+-	if (getuid() != (uid_t)0) {
+-		return 0;
+-	}
+-
+ 	len += (uintptr_t)addr & PGOFFSET;
+ 	addr = (void *)((uintptr_t)addr & PGMASK);
+ 	if (munlock(addr, len) == -1) {
++		if (errno == EPERM) {
++			return 0;
++		}
+ 		LogError("mlock: %s", strerror(errno));
+ 		return 1;
+ 	}
upstream/oracle/userland-gate