| blob | 98b8dca6745ac62b90dbedcca35f4c59ec3ce43a |
1 /* Copyright (C) 1991-2017 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <http://www.gnu.org/licenses/>. */
18 #include <errno.h>
19 #include <unistd.h>
20 #include <fcntl.h>
21 #include <limits.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <hurd.h>
25 #include <hurd/fd.h>
26 #include <hurd/signal.h>
27 #include <hurd/id.h>
28 #include <assert.h>
29 #include <argz.h>
31 /* Overlay TASK, executing FILE with arguments ARGV and environment ENVP.
32 If TASK == mach_task_self (), some ports are dealloc'd by the exec server.
33 ARGV and ENVP are terminated by NULL pointers. */
34 error_t
37 {
38 error_t err;
45 {
47 }
56 /* XXX needs to be hurdmalloc XXX */
66 /* Load up the ports to give to the new program. */
69 {
70 /* This is another task, so we need to ask the proc server
71 for the right proc server port for it. */
73 {
77 }
78 }
79 else
83 /* Load up the ints to give the new program. */
86 {
94 /* We will set these all below. */
103 }
118 /* We hold the sigstate lock until the exec has failed so that no signal
119 can arrive between when we pack the blocked and ignored signals, and
120 when the exec actually happens. A signal handler could change what
121 signals are blocked and ignored. Either the change will be reflected
122 in the exec, or the signal will never be delivered. Setting the
123 critical section flag avoids anything we call trying to acquire the
124 sigstate lock. */
128 /* Pack up the descriptor table to give the new program. */
134 /* Request the exec server to deallocate some ports from us if the exec
135 succeeds. The init ports and descriptor ports will arrive in the
136 new program's exec_startup message. If we failed to deallocate
137 them, the new program would have duplicate user references for them.
138 But we cannot deallocate them ourselves, because we must still have
139 them after a failed exec call. */
142 else
147 {
152 {
155 {
158 }
161 {
162 /* This descriptor is marked to be closed on exec.
163 So don't pass it to the new program. */
166 {
167 /* We still need to deallocate the ports. */
171 }
173 }
174 else
175 {
177 /* All the elements of DTABLE are added to PLEASE_DEALLOC
178 below, so we needn't add the port itself.
179 But we must deallocate the ctty port as well as
180 the normal port that got installed in DTABLE[I]. */
184 }
185 }
186 }
187 else
188 {
192 }
194 /* Prune trailing null ports from the descriptor table. */
198 /* See if we need to diddle the auth port of the new program.
199 The purpose of this is to get the effect setting the saved-set UID and
200 GID to the respective effective IDs after the exec, as POSIX.1 requires.
201 Note that we don't reauthenticate with the proc server; that would be a
202 no-op since it only keeps track of the effective UIDs, and if it did
203 keep track of the available IDs we would have the problem that we'd be
204 changing the IDs before the exec and have to change them back after a
205 failure. Arguably we could skip all the reauthentications because the
206 available IDs have no bearing on any filesystem. But the conservative
207 approach is to reauthenticate all the io ports so that no state anywhere
208 reflects that our whole ID set differs from what we've set it to. */
215 {
216 /* We have euid != svuid or egid != svgid. POSIX.1 says that exec
217 sets svuid = euid and svgid = egid. So we must get a new auth
218 port and reauthenticate everything with it. We'll pass the new
219 ports in file_exec instead of our own ports. */
221 auth_t newauth;
227 {
230 }
240 {
241 /* Now we have to reauthenticate the ports with this new ID.
242 */
245 {
253 newport);
256 }
258 {
259 io_t newport;
265 }
276 {
277 /* Now we'll reauthenticate each file descriptor. */
279 {
284 {
289 {
293 }
294 }
295 else
297 }
298 else
299 {
301 {
302 /* Ask to deallocate all the old fd ports,
303 since we will have new ones in DTABLE. */
306 }
309 {
310 io_t newport;
316 {
321 }
322 }
325 }
326 }
327 }
330 }
333 /* The information is all set up now. Try to exec the file. */
335 {
339 {
340 /* Request the exec server to deallocate some ports from us if
341 the exec succeeds. The init ports and descriptor ports will
342 arrive in the new program's exec_startup message. If we
343 failed to deallocate them, the new program would have
344 duplicate user references for them. But we cannot deallocate
345 them ourselves, because we must still have them after a failed
346 exec call. */
352 }
355 #ifdef EXEC_SIGTRAP
356 /* PTRACE_TRACEME sets all bits in _hurdsig_traced, which is
357 propagated through exec by INIT_TRACEMASK, so this checks if
358 PTRACE_TRACEME has been called in this process in any of its
359 current or prior lives. */
362 #endif
370 }
372 /* Release references to the standard ports. */
378 else
381 /* Release references to the file descriptor ports. */
383 {
387 }
392 /* Release lock on the file descriptor table. */
395 /* Safe to let signals happen now. */
398 outargs:
400 outenv:
403 }