Plug hole reported on Bugtraq: do not allow mmap with WRITE privs for

append-only and immutable files.

Obtained from: OpenBSD (partly)
This commit is contained in:
Guido van Rooij 1998-05-18 18:26:27 +00:00
parent 068373b683
commit 05feb99ff1

View File

@ -38,7 +38,7 @@
* from: Utah $Hdr: vm_mmap.c 1.6 91/10/21$
*
* @(#)vm_mmap.c 8.4 (Berkeley) 1/12/94
* $Id: vm_mmap.c,v 1.74 1998/03/07 21:37:01 dyson Exp $
* $Id: vm_mmap.c,v 1.75 1998/03/12 19:36:18 guido Exp $
*/
/*
@ -295,12 +295,24 @@ mmap(p, uap)
* we're at securelevel < 1, to allow the XIG X server
* to continue to work.
*/
if (((flags & MAP_SHARED) != 0 ||
(vp->v_type == VCHR && disablexworkaround)) &&
(fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0)
return (EACCES);
else
if ((flags & MAP_SHARED) != 0 ||
(vp->v_type == VCHR && disablexworkaround)) {
if ((fp->f_flag & FWRITE) != 0) {
if ((error =
VOP_GETATTR(vp, &va,
p->p_ucred, p)))
return (error);
if ((va.va_flags &
(IMMUTABLE|APPEND)) == 0)
maxprot |= VM_PROT_WRITE;
else if (prot & PROT_WRITE)
return (EPERM);
} else if ((prot & PROT_WRITE) != 0)
return (EACCES);
} else
maxprot |= VM_PROT_WRITE;
handle = (void *)vp;
}
}