diff --git a/sys/kern/sysv_msg.c b/sys/kern/sysv_msg.c index ace2eab349a7..3e67bd03a46f 100644 --- a/sys/kern/sysv_msg.c +++ b/sys/kern/sysv_msg.c @@ -466,6 +466,9 @@ kern_msgctl(td, msqid, cmd, msqbuf) } #endif + crfree(msqkptr->cred); + msqkptr->cred = NULL; + /* Free the message headers */ msghdr = msqkptr->u.msg_first; while (msghdr != NULL) { @@ -620,6 +623,8 @@ msgget(td, uap) msqkptr->u.msg_perm.cgid = cred->cr_gid; msqkptr->u.msg_perm.gid = cred->cr_gid; msqkptr->u.msg_perm.mode = (msgflg & 0777); + crhold(cred); + msqkptr->cred = cred; /* Make sure that the returned msqid is unique */ msqkptr->u.msg_perm.seq = (msqkptr->u.msg_perm.seq + 1) & 0x7fff; msqkptr->u.msg_first = NULL; diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c index d51fbee578e6..04284ccd950d 100644 --- a/sys/kern/sysv_sem.c +++ b/sys/kern/sysv_sem.c @@ -656,6 +656,8 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd, semakptr->u.sem_perm.cuid = cred->cr_uid; semakptr->u.sem_perm.uid = cred->cr_uid; semakptr->u.sem_perm.mode = 0; + crfree(semakptr->cred); + semakptr->cred = NULL; SEMUNDO_LOCK(); semundo_clear(semidx, -1); SEMUNDO_UNLOCK(); @@ -937,6 +939,8 @@ semget(struct thread *td, struct semget_args *uap) sema[semid].u.sem_perm.cgid = cred->cr_gid; sema[semid].u.sem_perm.gid = cred->cr_gid; sema[semid].u.sem_perm.mode = (semflg & 0777) | SEM_ALLOC; + crhold(cred); + sema[semid].cred = cred; sema[semid].u.sem_perm.seq = (sema[semid].u.sem_perm.seq + 1) & 0x7fff; sema[semid].u.sem_nsems = nsems; diff --git a/sys/kern/sysv_shm.c b/sys/kern/sysv_shm.c index 5ea9e5d2e37e..645184cdcac7 100644 --- a/sys/kern/sysv_shm.c +++ b/sys/kern/sysv_shm.c @@ -246,6 +246,8 @@ shm_deallocate_segment(shmseg) #ifdef MAC mac_sysvshm_cleanup(shmseg); #endif + crfree(shmseg->cred); + shmseg->cred = NULL; } static int @@ -694,6 +696,8 @@ shmget_allocate_segment(td, uap, mode) shmseg->u.shm_perm.cgid = shmseg->u.shm_perm.gid = cred->cr_gid; shmseg->u.shm_perm.mode = (shmseg->u.shm_perm.mode & SHMSEG_WANTED) | (mode & ACCESSPERMS) | SHMSEG_ALLOCATED; + crhold(cred); + shmseg->cred = cred; shmseg->u.shm_segsz = uap->size; shmseg->u.shm_cpid = td->td_proc->p_pid; shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0; diff --git a/sys/sys/msg.h b/sys/sys/msg.h index e4edd099b9b5..f4193c8257df 100644 --- a/sys/sys/msg.h +++ b/sys/sys/msg.h @@ -160,6 +160,7 @@ struct msqid_kernel { * Kernel-private components of the message queue. */ struct label *label; /* MAC label */ + struct ucred *cred; /* creator's credentials */ }; #else /* !_KERNEL */ diff --git a/sys/sys/sem.h b/sys/sys/sem.h index 458ffb9762e3..cce28f0ba6af 100644 --- a/sys/sys/sem.h +++ b/sys/sys/sem.h @@ -126,6 +126,7 @@ extern struct seminfo seminfo; struct semid_kernel { struct semid_ds u; struct label *label; /* MAC framework label */ + struct ucred *cred; /* creator's credentials */ }; /* internal "mode" bits */ diff --git a/sys/sys/shm.h b/sys/sys/shm.h index 7fe3dae12330..799bbf5fd8eb 100644 --- a/sys/sys/shm.h +++ b/sys/sys/shm.h @@ -124,6 +124,7 @@ struct shmid_kernel { struct shmid_ds u; vm_object_t object; struct label *label; /* MAC label */ + struct ucred *cred; /* creator's credendials */ }; extern struct shminfo shminfo;