Plug hole reported on Bugtraq: do not allow mmap with WRITE privs for
append-only and immutable files. Obtained from: OpenBSD (partly)
This commit is contained in:
parent
068373b683
commit
05feb99ff1
@ -38,7 +38,7 @@
|
||||
* from: Utah $Hdr: vm_mmap.c 1.6 91/10/21$
|
||||
*
|
||||
* @(#)vm_mmap.c 8.4 (Berkeley) 1/12/94
|
||||
* $Id: vm_mmap.c,v 1.74 1998/03/07 21:37:01 dyson Exp $
|
||||
* $Id: vm_mmap.c,v 1.75 1998/03/12 19:36:18 guido Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -295,12 +295,24 @@ mmap(p, uap)
|
||||
* we're at securelevel < 1, to allow the XIG X server
|
||||
* to continue to work.
|
||||
*/
|
||||
if (((flags & MAP_SHARED) != 0 ||
|
||||
(vp->v_type == VCHR && disablexworkaround)) &&
|
||||
(fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0)
|
||||
return (EACCES);
|
||||
else
|
||||
|
||||
if ((flags & MAP_SHARED) != 0 ||
|
||||
(vp->v_type == VCHR && disablexworkaround)) {
|
||||
if ((fp->f_flag & FWRITE) != 0) {
|
||||
if ((error =
|
||||
VOP_GETATTR(vp, &va,
|
||||
p->p_ucred, p)))
|
||||
return (error);
|
||||
if ((va.va_flags &
|
||||
(IMMUTABLE|APPEND)) == 0)
|
||||
maxprot |= VM_PROT_WRITE;
|
||||
else if (prot & PROT_WRITE)
|
||||
return (EPERM);
|
||||
} else if ((prot & PROT_WRITE) != 0)
|
||||
return (EACCES);
|
||||
} else
|
||||
maxprot |= VM_PROT_WRITE;
|
||||
|
||||
handle = (void *)vp;
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user