o Make procfs use vaccess() for procfs_access() DAC and super-user checks,

rather than implementing its own {uid,gid,other} checks against vnode
  mode.  Similar change to linprocfs currently under review.

Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2000-09-01 13:41:41 +00:00
parent 56338d5acb
commit ca94dd37a3
2 changed files with 8 additions and 56 deletions

View File

@ -599,10 +599,6 @@ procfs_setattr(ap)
/*
* implement access checking.
*
* something very similar to this code is duplicated
* throughout the 4bsd kernel and should be moved
* into kern/vfs_subr.c sometime.
*
* actually, the check for super-user is slightly
* broken since it will allow read access to write-only
* objects. this doesn't cause any particular trouble
@ -619,6 +615,7 @@ procfs_access(ap)
} */ *ap;
{
struct pfsnode *pfs = VTOPFS(ap->a_vp);
struct vnode *vp = ap->a_vp;
struct proc *procp;
struct vattr *vap;
struct vattr vattr;
@ -637,33 +634,12 @@ procfs_access(ap)
}
vap = &vattr;
error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p);
error = VOP_GETATTR(vp, vap, ap->a_cred, ap->a_p);
if (error)
return (error);
/*
* Access check is based on only one of owner, group, public.
* If not owner, then check group. If not a member of the
* group, then check public access.
*/
if (ap->a_cred->cr_uid != vap->va_uid) {
gid_t *gp;
int i;
ap->a_mode >>= 3;
gp = ap->a_cred->cr_groups;
for (i = 0; i < ap->a_cred->cr_ngroups; i++, gp++)
if (vap->va_gid == *gp)
goto found;
ap->a_mode >>= 3;
found:
;
}
if ((vap->va_mode & ap->a_mode) == ap->a_mode)
return (0);
return (EACCES);
return (vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid,
ap->a_mode, ap->a_cred, NULL));
}
/*

View File

@ -599,10 +599,6 @@ procfs_setattr(ap)
/*
* implement access checking.
*
* something very similar to this code is duplicated
* throughout the 4bsd kernel and should be moved
* into kern/vfs_subr.c sometime.
*
* actually, the check for super-user is slightly
* broken since it will allow read access to write-only
* objects. this doesn't cause any particular trouble
@ -619,6 +615,7 @@ procfs_access(ap)
} */ *ap;
{
struct pfsnode *pfs = VTOPFS(ap->a_vp);
struct vnode *vp = ap->a_vp;
struct proc *procp;
struct vattr *vap;
struct vattr vattr;
@ -637,33 +634,12 @@ procfs_access(ap)
}
vap = &vattr;
error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p);
error = VOP_GETATTR(vp, vap, ap->a_cred, ap->a_p);
if (error)
return (error);
/*
* Access check is based on only one of owner, group, public.
* If not owner, then check group. If not a member of the
* group, then check public access.
*/
if (ap->a_cred->cr_uid != vap->va_uid) {
gid_t *gp;
int i;
ap->a_mode >>= 3;
gp = ap->a_cred->cr_groups;
for (i = 0; i < ap->a_cred->cr_ngroups; i++, gp++)
if (vap->va_gid == *gp)
goto found;
ap->a_mode >>= 3;
found:
;
}
if ((vap->va_mode & ap->a_mode) == ap->a_mode)
return (0);
return (EACCES);
return (vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid,
ap->a_mode, ap->a_cred, NULL));
}
/*