From cf48f6e42c4efb95a6d7295493f777077d7374c3 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Mon, 18 Sep 2000 18:03:49 +0000 Subject: [PATCH] o Allow privileged processes in jail() to override sticky bit behavior on directories. o Allow privileged processes in jail() to create inodes with the setgid bit set even if they are not a member of the group denoted by the file creation gid. This occurs due to inherited gid's from parent directories on file creation, allowing a user to create a file with a gid that is not in the creating process's credentials. Obtained from: TrustedBSD Project --- sys/ufs/ufs/ufs_vnops.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index c214b4c673e4..2b34d3caee59 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -1099,7 +1099,7 @@ abortit: * root). This implements append-only directories. */ if ((dp->i_mode & S_ISTXT) && - suser_xxx(tcnp->cn_cred, NULL, 0) && + suser_xxx(tcnp->cn_cred, NULL, PRISON_ROOT) && tcnp->cn_cred->cr_uid != dp->i_uid && xp->i_uid != tcnp->cn_cred->cr_uid) { error = EPERM; @@ -2128,7 +2128,7 @@ ufs_makeinode(mode, dvp, vpp, cnp) if (DOINGSOFTDEP(tvp)) softdep_change_linkcnt(ip); if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_xxx(cnp->cn_cred, 0, 0)) + suser_xxx(cnp->cn_cred, NULL, PRISON_ROOT)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT)