d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

O_EXEC flag is not part of the O_ACCMODE mask, check it separately.

Browse Source 
If O_EXEC is provided don't require CAP_READ/CAP_WRITE, as O_EXEC
is mutually exclusive to O_RDONLY/O_WRONLY/O_RDWR.

Without this change CAP_FEXECVE capability right is not enforced.

Sponsored by:	FreeBSD Foundation
MFC after:	3 days
This commit is contained in:
pjd 2012-09-25 20:48:49 +00:00
parent 4149ca2469
commit 76c124139f
1 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
sys/kern/vfs_syscalls.c
View File

@ -1006,22 +1006,20 @@ flags_to_rights(int flags)
{
cap_rights_t rights = 0;
switch ((flags & O_ACCMODE)) {
case O_RDONLY:
rights |= CAP_READ;
break;
case O_RDWR:
rights |= CAP_READ;
/* fall through */
case O_WRONLY:
rights |= CAP_WRITE;
break;
case O_EXEC:
if (flags & O_EXEC) {
rights |= CAP_FEXECVE;
break;
} else {
switch ((flags & O_ACCMODE)) {
case O_RDONLY:
rights |= CAP_READ;
break;
case O_RDWR:
rights |= CAP_READ;
/* FALLTHROUGH */
case O_WRONLY:
rights |= CAP_WRITE;
break;
}
}
if (flags & O_CREAT)