d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4b7369ea64
freebsd-dev/sys/sys
History
Robert Watson b114e127e6 In my first reading of POSIX.1e, I misinterpreted handling of the 
ACL_USER_OBJ and ACL_GROUP_OBJ fields, believing that modification of the
access ACL could be used by privileged processes to change file/directory
ownership.  In fact, this is incorrect; ACL_*_OBJ (+ ACL_MASK and
ACL_OTHER) should have undefined ae_id fields; this commit attempts
to correct that misunderstanding.

o Modify arguments to vaccess_acl_posix1e() to accept the uid and gid
  associated with the vnode, as those can no longer be extracted from
  the ACL passed as an argument.  Perform all comparisons against
  the passed arguments.  This actually has the effect of simplifying
  a number of components of this call, as well as reducing the indent
  level, but now seperates handling of ACL_GROUP_OBJ from ACL_GROUP.

o Modify acl_posix1e_check() to return EINVAL if the ae_id field of
  any of the ACL_{USER_OBJ,GROUP_OBJ,MASK,OTHER} entries is a value
  other than ACL_UNDEFINED_ID.  As a temporary work-around to allow
  clean upgrades, set the ae_id field to ACL_UNDEFINED_ID before
  each check so that this cannot cause a failure in the short term
  (this work-around will be removed when the userland libraries and
  utilities are updated to take this change into account).

o Modify ufs_sync_acl_from_inode() so that it forces
  ACL_{USER_OBJ,GROUP_OBJ,MASK,OTHER} ae_id fields to ACL_UNDEFINED_ID
  when synchronizing the ACL from the inode.

o Modify ufs_sync_inode_from_acl to not propagate uid and gid
  information to the inode from the ACL during ACL update.  Also
  modify the masking of permission bits that may be set from
  ALLPERMS to (S_IRWXU|S_IRWXG|S_IRWXO), as ACLs currently do not
  carry none-ACCESSPERMS (S_ISUID, S_ISGID, S_ISTXT).

o Modify ufs_getacl() so that when it emulates an access ACL from
  the inode, it initializes the ae_id fields to ACL_UNDEFINED_ID.

o Clean up ufs_setacl() substantially since it is no longer possible
  to perform chown/chgrp operations using vop_setacl(), so all the
  access control for that can be eliminated.

o Modify ufs_access() so that it passes owner uid and gid information
  into vaccess_acl_posix1e().

Pointed out by:	jedger
Obtained from:	TrustedBSD Project
2001-04-17 04:33:34 +00:00
..
_posix.h
_sigset.h Provide a new interface for the user of aio_read() and aio_write() to request 2000-11-21 19:36:36 +00:00
_timespec.h Synchronize with some of my local changes. To quote: 2001-01-23 04:40:54 +00:00
aac_ioctl.h Major bugfix and minor update. This should resolve the current issues 2000-12-27 13:14:56 +00:00
acct.h
acl.h Add acl_get_perm_np(3), a non-portable function to check if a 2001-04-13 19:37:04 +00:00
agpio.h
aio.h When aio_read/write() is used on a raw device, physical buffers are 2001-03-10 22:47:57 +00:00
assym.h
ata.h Sigh, try to get this in sync with an offical src tree... 2001-03-16 13:08:19 +00:00
bio.h A bit of sanity-checking in bioqdisksort(): panic if we recurse. 2001-01-14 18:48:42 +00:00
bitstring.h Cleanup of bitstring.h: 2000-10-09 12:34:51 +00:00
blist.h
buf.h Change and clean the mutex lock interface. 2001-02-09 06:11:45 +00:00
bus_dma.h version 1.7 made some changes to correct problems identifed by compiling 2001-03-02 05:33:53 +00:00
bus_private.h Implement a trivial but effective interface for obtaining the kernel's 2000-11-09 10:21:23 +00:00
bus.h Axe INTR_HEAVY, INTR_LIGHT, and INTR_THREADED. Add in a INTR_TYPE_CLK 2001-02-09 17:35:22 +00:00
callout.h Revert the last commit to the callout interface, and add a flag to 2000-11-25 06:22:16 +00:00
capability.h o Change the API and ABI of the Extended Attribute kernel interfaces to 2001-03-15 02:54:29 +00:00
ccdvar.h
cdefs.h after discovering that the Santa Clara Valley Medical Center actually 2001-03-10 12:05:55 +00:00
cdio.h
cdrio.h Add session argument to *CLOSEDISK, allowing to set session type on fixate. 2001-01-10 19:17:38 +00:00
chio.h
clist.h
condvar.h Remove CV_DECLARE(), which serves no useful purpose. 2001-01-25 07:29:54 +00:00
conf.h Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
cons.h
consio.h
copyright.h We are now in the year 2001, so ajust copyrights. 2001-01-01 08:05:48 +00:00
ctype.h
dataacq.h
device_port.h Add PC-Card/ISA SCSI host adpater drivers from NetBSD/pc98 2000-10-23 12:55:51 +00:00
devicestat.h
dir.h
dirent.h
disk.h Add disk_enumerate() for finding names of disks. Vinum and libh will 2000-06-15 20:30:53 +00:00
disklabel.h Use ANSI prototype and function definition for dkcksum so that this 2001-01-14 05:14:37 +00:00
diskmbr.h Use ANSI prototype and function definition for dkcksum so that this 2001-01-14 05:14:37 +00:00
diskpc98.h Use ANSI prototype and function definition for dkcksum so that this 2001-01-14 05:14:37 +00:00
diskslice.h Write support for the cd(4) driver. 2000-10-30 07:03:00 +00:00
dkstat.h Redeclare cp_time. It's no longer static, and linprocfs needs it. 2000-09-07 16:38:04 +00:00
dmap.h
domain.h
dvdio.h
elf32.h
elf64.h
elf_common.h Add "ELFOSABI_NONE" which is the symbol used in a copy of the old ELF spec, 2001-02-24 22:23:12 +00:00
elf_generic.h
errno.h
event.h Add an EV_SET() convenience macro for initializing struct kevent prior 2001-02-24 01:44:03 +00:00
eventhandler.h - Convert the per-eventhandler list mutex to a lockmgr lock so that it can 2000-12-12 04:01:35 +00:00
eventvar.h Simplify kqueue API slightly. 2000-07-18 19:31:52 +00:00
exec.h
extattr.h o Introduce extattr_{delete,get,set}_fd() to allow extended attribute 2001-03-31 16:20:05 +00:00
fbio.h
fcntl.h
fdcio.h
file.h Extend kqueue down to the device layer. 2001-02-15 16:34:11 +00:00
filedesc.h This patchset fixes a large number of file descriptor race conditions. 2000-11-18 21:01:04 +00:00
filio.h
fnv_hash.h Use the same API as the example code. 2001-03-20 02:10:18 +00:00
gmon.h
iconv.h Add function prototypes and base module for kernel side iconv library. 2001-04-09 09:39:29 +00:00
imgact_aout.h
imgact_elf.h MFS: bring the consistent `compat_3_brand' support into -CURRENT 2001-02-24 22:20:11 +00:00
imgact.h Make size of dynamic loader argument variable to support 2000-09-26 05:09:21 +00:00
inflate.h
interrupt.h Work around a race condition where an interrupt handler can be removed from 2001-02-22 02:18:32 +00:00
inttypes.h
ioccom.h
ioctl_bt848.h Fix typo in comments 2000-10-31 14:30:29 +00:00
ioctl_compat.h
ioctl_meteor.h
ioctl.h
ipc.h sysvipc loadable. 2000-12-01 08:57:47 +00:00
ipl.h Remove unused declarations for spending and sdelayed, and remove unused 2000-12-08 10:39:00 +00:00
jail.h o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
joystick.h
kbio.h Implement keyboard paste 2001-03-11 22:51:05 +00:00
kernel.h Blow away the panic mutex in favor of using a single atomic_cmpset() on a 2001-04-17 04:18:08 +00:00
kobj.h Fix typos: initalise -> initialise. 2001-02-08 20:28:57 +00:00
kthread.h Include <sys/cdefs.h> so that this file is self-sufficient. 2001-02-15 11:35:55 +00:00
ktr.h - In the KTR_EXTEND case, use a const char * to point to the passed in 2001-02-20 10:39:55 +00:00
ktrace.h Limit size of passed in data for utrace function. 2001-01-06 09:34:20 +00:00
libkern.h Rewrite of the CAM error recovery code. 2001-03-27 05:45:52 +00:00
linedisc.h Send the remains (such as I have located) of "block major numbers" to 2001-03-26 12:41:29 +00:00
link_aout.h Update the prototype for "r_brk" to correspond with the change in 2000-09-18 20:40:32 +00:00
link_elf.h Update the prototype for "r_brk" to correspond with the change in 2000-09-18 20:40:32 +00:00
linker_set.h Remove underscores from linker set stabs for the a.out case, after 2001-02-25 07:24:03 +00:00
linker.h Correct a warning where the r_debug_state() dummy function used to trigger 2000-10-06 05:20:02 +00:00
lock.h - Split out the functionality of displaying the contents of a single lock 2001-04-06 21:37:52 +00:00
lockf.h
lockmgr.h RIP <machine/lock.h>. 2001-02-11 10:44:09 +00:00
malloc.h Let M_PANIC go back to the private tree as its intention isn't understood well 2001-01-31 04:50:20 +00:00
mbuf.h Various style fixes. 2001-04-05 03:55:27 +00:00
mchain.h Introduce API for sequential reads/writes (build/dissect) of mbuf chains. 2001-02-24 15:44:30 +00:00
md4.h Import kernel part of SMB/CIFS requester. 2001-04-10 07:59:06 +00:00
md5.h Add a new entrypoint to the hashes in libmd: 2001-03-17 10:00:50 +00:00
mdioctl.h Make "md" and "mdctl" macroized parameters. 2001-02-25 13:12:57 +00:00
memrange.h
mman.h
module.h
mount.h o Rename "namespace" argument to "attrnamespace" as namespace is a C++ 2001-03-19 05:44:15 +00:00
mouse.h Initiate deorbit burn sequence for <machine/mouse.h>. 2000-10-09 08:08:36 +00:00
msg.h
msgbuf.h Replace logwakeup() with "int msgbuftrigger". There is little 2000-12-20 21:50:37 +00:00
mtio.h Make residuals signed. 2001-01-21 01:34:14 +00:00
mutex.h Rework the witness code to work with sx locks as well as mutexes. 2001-03-28 09:03:24 +00:00
namei.h Add new flag PDIRUNLOCK to the component.cn_flags which should be set by 2000-09-17 07:26:42 +00:00
nlist_aout.h
param.h Bump FreeBSD version to correspond to addition of CPUTYPE make variable. 2001-02-24 10:44:03 +00:00
pciio.h
pioctl.h
pipe.h select() DKI is now in <sys/selinfo.h>. 2001-01-09 04:33:49 +00:00
poll.h Fix typo: compatability -> compatibility. 2001-02-06 12:05:58 +00:00
posix4.h
priority.h Implement a unified run queue and adjust priority levels accordingly. 2001-02-12 00:20:08 +00:00
proc.h o Replace p_cankill() with p_cansignal(), remove wrappage of p_can() 2001-04-12 02:38:08 +00:00
procfs.h
protosw.h Remove unneeded loop increment in src/sys/netinet/in_pcb.c:in_pcbnotify 2001-02-18 09:34:55 +00:00
ptio.h
ptrace.h - Move the prototype for proc_reparent from sys/ptrace.h to sys/proc.h 2000-10-19 18:55:22 +00:00
queue.h CIRCLEQs are a disgrace to everything Knuth taught us in Volume 1 Chapter 2. 2000-12-29 09:55:40 +00:00
random.h Provide the infrastructure for sysadmins to select the broad class 2001-02-18 17:40:47 +00:00
reboot.h
resource.h
resourcevar.h Catch up to header include changes: 2001-03-28 09:17:56 +00:00
rman.h Convert all simplelocks to mutexes and remove the simplelock implementations. 2001-01-24 12:35:55 +00:00
rtprio.h Implement a unified run queue and adjust priority levels accordingly. 2001-02-12 00:20:08 +00:00
runq.h Implement a unified run queue and adjust priority levels accordingly. 2001-02-12 00:20:08 +00:00
sbuf.h Rewrite of the CAM error recovery code. 2001-03-27 05:45:52 +00:00
select.h Do not recursively include <sys/selinfo.h> from <sys/select.h>; all in-tree 2001-01-20 03:11:47 +00:00
selinfo.h Move `struct selinfo' and related functions to <sys/selinfo.h>. 2001-01-04 03:29:16 +00:00
sem.h
semaphore.h
shm.h
signal.h Provide a new interface for the user of aio_read() and aio_write() to request 2000-11-21 19:36:36 +00:00
signalvar.h Declare sigexit() as non-returning. 2000-09-17 15:23:10 +00:00
smp.h Remove the BETTER_CLOCK #ifdef's. The code is on by default and is here 2001-04-10 21:34:13 +00:00
snoop.h
socket.h Make SOMAXCONN a kernel option. 2001-04-13 03:50:37 +00:00
socketvar.h Extend kqueue down to the device layer. 2001-02-15 16:34:11 +00:00
sockio.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
soundcard.h add 32bit formats and a couple of ioctls 2000-09-01 17:38:32 +00:00
stat.h Get userland visible flags added for snapshots to give a few days 2000-07-04 04:58:34 +00:00
sx.h Rework the witness code to work with sx locks as well as mutexes. 2001-03-28 09:03:24 +00:00
syscall-hide.h o Regenerated following introduction of __setugid() system call for 2001-04-11 20:21:37 +00:00
syscall.h o Regenerated following introduction of __setugid() system call for 2001-04-11 20:21:37 +00:00
syscall.mk o Regenerated following introduction of __setugid() system call for 2001-04-11 20:21:37 +00:00
sysctl.h Convert an instance of 8 spaces to a tab. 2001-02-22 08:13:09 +00:00
sysent.h sysvipc loadable. 2000-12-01 08:57:47 +00:00
syslimits.h
syslog.h Add the "LOG_CONSOLE" facility and tell syslogd to not log it on 2000-11-25 21:00:58 +00:00
sysproto.h o Regenerated following introduction of __setugid() system call for 2001-04-11 20:21:37 +00:00
systm.h o introduce u_cansee(), which performs access control checks between 2001-03-28 20:50:15 +00:00
taskqueue.h
termios.h implement OCRNL, ONOCR, and ONLRET 2001-03-04 06:04:50 +00:00
time.h Paranthesise macros. This fixes an unlikely bug and silences lint. 2001-03-21 14:31:51 +00:00
timeb.h
timepps.h
timers.h
times.h
timespec.h This file declares `struct timespec' so that we can have a single, 2001-01-23 04:44:04 +00:00
timetc.h
timex.h Update to the 2001-04-02 version of the nanokernel code from Dave Mills. 2001-04-16 13:05:05 +00:00
tty.h Fixed unsorting of prototypes in previous commit. Is it too much to 2001-02-17 05:40:52 +00:00
ttychars.h
ttycom.h
ttydefaults.h Kernel support for erase2 character. 2000-11-28 20:03:23 +00:00
ttydev.h
types.h Unbreak build on alpha. 2001-03-24 15:17:27 +00:00
ucontext.h
ucred.h Catch up to header include changes: 2001-03-28 09:17:56 +00:00
uio.h Introduce copyinfrom and copyinstrfrom, which can copy data from either 2001-02-16 14:31:49 +00:00
un.h
unistd.h Don't allow userland to use the RFHIGHPID flag. Its only purpose is to 2001-03-13 02:55:54 +00:00
unpcb.h
user.h Catch up to header include changes: 2001-03-28 09:17:56 +00:00
utsname.h Round 1 of Brucification inspired changes. 2001-03-24 08:37:56 +00:00
vmmeter.h Add mibs to hold the number of forks since boot. New mibs are: 2001-01-23 14:32:01 +00:00
vnioctl.h
vnode.h In my first reading of POSIX.1e, I misinterpreted handling of the 2001-04-17 04:33:34 +00:00
wait.h
xrpuio.h