d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

o Allow privileged processes in jail() to override sticky bit behavior

Browse Source 
on directories.
o Allow privileged processes in jail() to create inodes with the
  setgid bit set even if they are not a member of the group denoted
  by the file creation gid.  This occurs due to inherited gid's from
  parent directories on file creation, allowing a user to create a
  file with a gid that is not in the creating process's credentials.

Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2000-09-18 18:03:49 +00:00
parent f5770bb46a
commit cf48f6e42c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/ufs/ufs/ufs_vnops.c
View File

@ -1099,7 +1099,7 @@ ufs_rename(ap)
* root). This implements append-only directories.
*/
if ((dp->i_mode & S_ISTXT) &&
suser_xxx(tcnp->cn_cred, NULL, 0) &&
suser_xxx(tcnp->cn_cred, NULL, PRISON_ROOT) &&
tcnp->cn_cred->cr_uid != dp->i_uid &&
xp->i_uid != tcnp->cn_cred->cr_uid) {
error = EPERM;
@ -2128,7 +2128,7 @@ ufs_makeinode(mode, dvp, vpp, cnp)
if (DOINGSOFTDEP(tvp))
softdep_change_linkcnt(ip);
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
suser_xxx(cnp->cn_cred, 0, 0))
suser_xxx(cnp->cn_cred, NULL, PRISON_ROOT))
ip->i_mode &= ~ISGID;
if (cnp->cn_flags & ISWHITEOUT)