From ca94dd37a357e2d5cd091f20feda3767ea1092a2 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Fri, 1 Sep 2000 13:41:41 +0000 Subject: [PATCH] o Make procfs use vaccess() for procfs_access() DAC and super-user checks, rather than implementing its own {uid,gid,other} checks against vnode mode. Similar change to linprocfs currently under review. Obtained from: TrustedBSD Project --- sys/fs/procfs/procfs_vnops.c | 32 ++++---------------------------- sys/miscfs/procfs/procfs_vnops.c | 32 ++++---------------------------- 2 files changed, 8 insertions(+), 56 deletions(-) diff --git a/sys/fs/procfs/procfs_vnops.c b/sys/fs/procfs/procfs_vnops.c index df8e3ca24959..0619a6893ad1 100644 --- a/sys/fs/procfs/procfs_vnops.c +++ b/sys/fs/procfs/procfs_vnops.c @@ -599,10 +599,6 @@ procfs_setattr(ap) /* * implement access checking. * - * something very similar to this code is duplicated - * throughout the 4bsd kernel and should be moved - * into kern/vfs_subr.c sometime. - * * actually, the check for super-user is slightly * broken since it will allow read access to write-only * objects. this doesn't cause any particular trouble @@ -619,6 +615,7 @@ procfs_access(ap) } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); + struct vnode *vp = ap->a_vp; struct proc *procp; struct vattr *vap; struct vattr vattr; @@ -637,33 +634,12 @@ procfs_access(ap) } vap = &vattr; - error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p); + error = VOP_GETATTR(vp, vap, ap->a_cred, ap->a_p); if (error) return (error); - /* - * Access check is based on only one of owner, group, public. - * If not owner, then check group. If not a member of the - * group, then check public access. - */ - if (ap->a_cred->cr_uid != vap->va_uid) { - gid_t *gp; - int i; - - ap->a_mode >>= 3; - gp = ap->a_cred->cr_groups; - for (i = 0; i < ap->a_cred->cr_ngroups; i++, gp++) - if (vap->va_gid == *gp) - goto found; - ap->a_mode >>= 3; -found: - ; - } - - if ((vap->va_mode & ap->a_mode) == ap->a_mode) - return (0); - - return (EACCES); + return (vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid, + ap->a_mode, ap->a_cred, NULL)); } /* diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c index df8e3ca24959..0619a6893ad1 100644 --- a/sys/miscfs/procfs/procfs_vnops.c +++ b/sys/miscfs/procfs/procfs_vnops.c @@ -599,10 +599,6 @@ procfs_setattr(ap) /* * implement access checking. * - * something very similar to this code is duplicated - * throughout the 4bsd kernel and should be moved - * into kern/vfs_subr.c sometime. - * * actually, the check for super-user is slightly * broken since it will allow read access to write-only * objects. this doesn't cause any particular trouble @@ -619,6 +615,7 @@ procfs_access(ap) } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); + struct vnode *vp = ap->a_vp; struct proc *procp; struct vattr *vap; struct vattr vattr; @@ -637,33 +634,12 @@ procfs_access(ap) } vap = &vattr; - error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p); + error = VOP_GETATTR(vp, vap, ap->a_cred, ap->a_p); if (error) return (error); - /* - * Access check is based on only one of owner, group, public. - * If not owner, then check group. If not a member of the - * group, then check public access. - */ - if (ap->a_cred->cr_uid != vap->va_uid) { - gid_t *gp; - int i; - - ap->a_mode >>= 3; - gp = ap->a_cred->cr_groups; - for (i = 0; i < ap->a_cred->cr_ngroups; i++, gp++) - if (vap->va_gid == *gp) - goto found; - ap->a_mode >>= 3; -found: - ; - } - - if ((vap->va_mode & ap->a_mode) == ap->a_mode) - return (0); - - return (EACCES); + return (vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid, + ap->a_mode, ap->a_cred, NULL)); } /*