d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid checking for privileges if there is no need to.

Browse Source 
Discussed with:	rwatson
This commit is contained in:
pjd 2007-03-01 20:38:24 +00:00
parent 62de975b4d
commit 9558665f1e
3 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/gnu/fs/ext2fs/ext2_vnops.c
View File

@ -596,7 +596,7 @@ ext2_chown(vp, uid, gid, cred, td)
ip->i_gid = gid;
ip->i_uid = uid;
ip->i_flag |= IN_CHANGE;
if (ouid != uid || ogid != gid) {
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID,
SUSER_ALLOWJAIL) != 0)
ip->i_mode &= ~(ISUID | ISGID);

22
sys/ufs/ffs/ffs_vnops.c
View File

@ -788,11 +788,13 @@ ffs_write(ap)
* we clear the setuid and setgid bits as a precaution against
* tampering.
*/
if (resid > uio->uio_resid && ap->a_cred &&
priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID,
SUSER_ALLOWJAIL)) {
ip->i_mode &= ~(ISUID | ISGID);
DIP_SET(ip, i_mode, ip->i_mode);
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
ap->a_cred) {
if (priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID,
SUSER_ALLOWJAIL)) {
ip->i_mode &= ~(ISUID | ISGID);
DIP_SET(ip, i_mode, ip->i_mode);
}
}
if (error) {
if (ioflag & IO_UNIT) {
@ -1115,10 +1117,12 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred)
* we clear the setuid and setgid bits as a precaution against
* tampering.
*/
if (resid > uio->uio_resid && ucred &&
priv_check_cred(ucred, PRIV_VFS_CLEARSUGID, SUSER_ALLOWJAIL)) {
ip->i_mode &= ~(ISUID | ISGID);
dp->di_mode = ip->i_mode;
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) {
if (priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID,
SUSER_ALLOWJAIL)) {
ip->i_mode &= ~(ISUID | ISGID);
dp->di_mode = ip->i_mode;
}
}
if (error) {
if (ioflag & IO_UNIT) {

9
sys/ufs/ufs/ufs_vnops.c
View File

@ -786,10 +786,11 @@ good:
panic("ufs_chown: lost quota");
#endif /* QUOTA */
ip->i_flag |= IN_CHANGE;
if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID, SUSER_ALLOWJAIL) &&
(ouid != uid || ogid != gid)) {
ip->i_mode &= ~(ISUID | ISGID);
DIP_SET(ip, i_mode, ip->i_mode);
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID, SUSER_ALLOWJAIL)) {
ip->i_mode &= ~(ISUID | ISGID);
DIP_SET(ip, i_mode, ip->i_mode);
}
}
return (0);
}