o Add missing PRISON_ROOT allowing a privileged process in a jail() to not

remove the setuid/setgid bits by virtue of a change to a file with those bits set, even if the process doesn't own the file, or isn't a group member of the file's gid. Obtained from: TrustedBSD Project
2000-09-18 17:53:22 +00:00 · 2000-09-18 17:53:22 +00:00 · ea57890740
commit ea57890740
parent cd595ef506
1 changed files with 1 additions and 1 deletions
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@ -638,7 +638,7 @@ good:
 		panic("ufs_chown: lost quota");
 #endif /* QUOTA */
 	ip->i_flag |= IN_CHANGE;
-	if (suser_xxx(cred, NULL, 0) && (ouid != uid || ogid != gid))
+	if (suser_xxx(cred, NULL, PRISON_ROOT) && (ouid != uid || ogid != gid))
 		ip->i_mode &= ~(ISUID | ISGID);
 	return (0);
 }