789 oruid = pp->p_cred->cr_ruid;
790
791 if (newcred != NULL) {
792 /*
793 * Free the old credentials, and set the new ones.
794 * Do this for both the process and the (single) thread.
795 */
796 crfree(pp->p_cred);
797 pp->p_cred = cred; /* cred already held for proc */
798 crhold(cred); /* hold new cred for thread */
799 /*
800 * DTrace accesses t_cred in probe context. t_cred
801 * must always be either NULL, or point to a valid,
802 * allocated cred structure.
803 */
804 oldcred = curthread->t_cred;
805 curthread->t_cred = cred;
806 crfree(oldcred);
807
808 if (priv_basic_test >= 0 &&
809 !PRIV_ISASSERT(&CR_IPRIV(newcred),
810 priv_basic_test)) {
811 pid_t pid = pp->p_pid;
812 char *fn = PTOU(pp)->u_comm;
813
814 cmn_err(CE_WARN, "%s[%d]: exec: basic_test "
815 "privilege removed from E/I", fn, pid);
816 }
817 }
818 /*
819 * On emerging from a successful exec(), the saved
820 * uid and gid equal the effective uid and gid.
821 */
822 cred->cr_suid = cred->cr_uid;
823 cred->cr_sgid = cred->cr_gid;
824
825 /*
826 * If the real and effective ids do not match, this
827 * is a setuid process that should not dump core.
828 * The group comparison is tricky; we prevent the code
829 * from flagging SNOCD when executing with an effective gid
|
789 oruid = pp->p_cred->cr_ruid;
790
791 if (newcred != NULL) {
792 /*
793 * Free the old credentials, and set the new ones.
794 * Do this for both the process and the (single) thread.
795 */
796 crfree(pp->p_cred);
797 pp->p_cred = cred; /* cred already held for proc */
798 crhold(cred); /* hold new cred for thread */
799 /*
800 * DTrace accesses t_cred in probe context. t_cred
801 * must always be either NULL, or point to a valid,
802 * allocated cred structure.
803 */
804 oldcred = curthread->t_cred;
805 curthread->t_cred = cred;
806 crfree(oldcred);
807
808 if (priv_basic_test >= 0 &&
809 !PRIV_ISMEMBER(&CR_IPRIV(newcred),
810 priv_basic_test)) {
811 pid_t pid = pp->p_pid;
812 char *fn = PTOU(pp)->u_comm;
813
814 cmn_err(CE_WARN, "%s[%d]: exec: basic_test "
815 "privilege removed from E/I", fn, pid);
816 }
817 }
818 /*
819 * On emerging from a successful exec(), the saved
820 * uid and gid equal the effective uid and gid.
821 */
822 cred->cr_suid = cred->cr_uid;
823 cred->cr_sgid = cred->cr_gid;
824
825 /*
826 * If the real and effective ids do not match, this
827 * is a setuid process that should not dump core.
828 * The group comparison is tricky; we prevent the code
829 * from flagging SNOCD when executing with an effective gid
|