d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert the changes I made to devfs_setattr() in r179457.

Browse Source 
As discussed with Robert Watson and John Baldwin, it would be better if
PTY's are created with proper permissions, turning grantpt() into a
no-op.

Bypassing security frameworks like MAC by passing NOCRED to
VOP_SETATTR() will only make things more complex.

Approved by:	philip (mentor)
This commit is contained in:
Ed Schouten 2008-06-01 14:02:46 +00:00
parent be38401738
commit 16151645c2
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/fs/devfs/devfs_vnops.c
View File

@ -1264,9 +1264,8 @@ devfs_setattr(struct vop_setattr_args *ap)
else
gid = vap->va_gid;
if (uid != de->de_uid || gid != de->de_gid) {
if (ap->a_cred != NOCRED &&
(ap->a_cred->cr_uid != de->de_uid || uid != de->de_uid ||
(gid != de->de_gid && !groupmember(gid, ap->a_cred)))) {
if ((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
(gid != de->de_gid && !groupmember(gid, ap->a_cred))) {
error = priv_check(ap->a_td, PRIV_VFS_CHOWN);
if (error)
return (error);
@ -1277,7 +1276,7 @@ devfs_setattr(struct vop_setattr_args *ap)
}
if (vap->va_mode != (mode_t)VNOVAL) {
if (ap->a_cred != NOCRED && ap->a_cred->cr_uid != de->de_uid) {
if (ap->a_cred->cr_uid != de->de_uid) {
error = priv_check(ap->a_td, PRIV_VFS_ADMIN);
if (error)
return (error);