6932898 panic: assertion failed: vp->v_rdcnt > 0, file: ../../common/fs/vnode.c, line: 3175

6934241 running a setuid script with an invalid interpreter panics system
author: Donghai Qiao <Donghai.Qiao@Sun.COM> 2010-03-22 17:10:24 -0400
committer: Donghai Qiao <Donghai.Qiao@Sun.COM> 2010-03-22 17:10:24 -0400
commit: 84ca78421b5e1e6e1e1ffbd26320fa59c598043e (patch)
tree: 17d6e43b8f393c362808519cfdec7f619be9f9b0
parent: e65e5c2d2f32a99e8c5f740cabae9075dab03ce7 (diff)
download: illumos-gate-84ca78421b5e1e6e1e1ffbd26320fa59c598043e.tar.gz
1 files changed, 12 insertions, 3 deletions
diff --git a/usr/src/uts/common/os/exec.c b/usr/src/uts/common/os/exec.c
index f6d31f8e8b..f9cf4e1eea 100644
--- a/usr/src/uts/common/os/exec.c
+++ b/usr/src/uts/common/os/exec.c
@@ -703,11 +703,18 @@ gexec(
 	    setidfl, exec_file, cred, brand_action);
 	rw_exit(eswp->exec_lock);
 	if (error != 0) {
-		if (newcred != NULL)
-			crfree(newcred);
 		if (execvp)
 			VN_RELE(execvp);
-		goto bad;
+		/*
+		 * If this process's p_exec has been set to the vp of
+		 * the executable by exec_func, we will return without
+		 * calling VOP_CLOSE because proc_exit will close it
+		 * on exit.
+		 */
+		if (pp->p_exec == vp)
+			goto bad_noclose;
+		else
+			goto bad;
 	}
 
 	if (level == 0) {
@@ -797,6 +804,8 @@ bad:
 	(void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, cred, NULL);
 
 bad_noclose:
+	if (newcred != NULL)
+		crfree(newcred);
 	if (error == 0)
 		error = ENOEXEC;
author	Donghai Qiao <Donghai.Qiao@Sun.COM>	2010-03-22 17:10:24 -0400
committer	Donghai Qiao <Donghai.Qiao@Sun.COM>	2010-03-22 17:10:24 -0400
commit	84ca78421b5e1e6e1e1ffbd26320fa59c598043e (patch)
tree	17d6e43b8f393c362808519cfdec7f619be9f9b0
parent	e65e5c2d2f32a99e8c5f740cabae9075dab03ce7 (diff)
download	illumos-gate-84ca78421b5e1e6e1e1ffbd26320fa59c598043e.tar.gz