o Modify ufs_setattr() so that it uses securelevel_gt() instead of

direct variable access. Obtained from: TrustedBSD Project
2001-09-26 20:31:37 +00:00 · 2001-09-26 20:31:37 +00:00 · 6748bcc51e
commit 6748bcc51e
parent 8c5d4fe829
1 changed files with 6 additions and 4 deletions
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@ -488,10 +488,12 @@ ufs_setattr(ap)
 		 * if securelevel > 0 and any existing system flags are set.
 		 */
 		if (!suser_xxx(cred, NULL, 0)) {
-			if ((ip->i_flags
-			    & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) &&
-			    securelevel > 0)
-				return (EPERM);
+			if (ip->i_flags
+			    & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
+				error = securelevel_gt(cred, 0);
+				if (error)
+					return (error);
+			}
 			/* Snapshot flag cannot be set or cleared */
 			if (((vap->va_flags & SF_SNAPSHOT) != 0 &&
 			     (ip->i_flags & SF_SNAPSHOT) == 0) ||