Use only the correct raw partition for writing labels. Don't use the

partition that the label ioctl is being done on just because it has
offset 0, since there is no guarantee that such a partition is large
enough to contain the label.  Don't use the wrong raw partition (0
instead of RAW_PART).

This fixes problems rewriting bizarre labels (with a nonzero offset
for the 'a' partition) in newfs(8).  Such labels shouldn't normally
be used, but creating them was allowed if the ioctl was done on the
raw partition, and sysinstall creates them if the root partition isn't
allocated first.

Note that allowing write access to a partition other than the one that
has been checked for write access doesn't increase security holes
significantly, since write access to any partition already allows
changing the in-core label.

This fix should be in 3.0R.  Rev.1.26 of newfs/newfs.c shouldn't be
in 3.0R.
This commit is contained in:
Bruce Evans 1998-10-17 07:49:04 +00:00
parent 67b8473033
commit e36b4f594a
2 changed files with 8 additions and 18 deletions

View File

@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)ufs_disksubr.c 8.5 (Berkeley) 1/21/94
* $Id: ufs_disksubr.c,v 1.36 1998/09/15 08:55:03 gibbs Exp $
* $Id: ufs_disksubr.c,v 1.37 1998/10/16 10:14:21 jkh Exp $
*/
#include <sys/param.h>
@ -269,17 +269,12 @@ writedisklabel(dev, strat, lp)
{
struct buf *bp;
struct disklabel *dlp;
int labelpart;
int error = 0;
labelpart = dkpart(dev);
if (lp->d_partitions[labelpart].p_offset != 0) {
if (lp->d_partitions[0].p_offset != 0)
return (EXDEV); /* not quite right */
labelpart = 0;
}
if (lp->d_partitions[RAW_PART].p_offset != 0)
return (EXDEV); /* not quite right */
bp = geteblk((int)lp->d_secsize);
bp->b_dev = dkmodpart(dev, labelpart);
bp->b_dev = dkmodpart(dev, RAW_PART);
bp->b_blkno = LABELSECTOR * ((int)lp->d_secsize/DEV_BSIZE);
bp->b_bcount = lp->d_secsize;
#if 1

View File

@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)ufs_disksubr.c 8.5 (Berkeley) 1/21/94
* $Id: ufs_disksubr.c,v 1.36 1998/09/15 08:55:03 gibbs Exp $
* $Id: ufs_disksubr.c,v 1.37 1998/10/16 10:14:21 jkh Exp $
*/
#include <sys/param.h>
@ -269,17 +269,12 @@ writedisklabel(dev, strat, lp)
{
struct buf *bp;
struct disklabel *dlp;
int labelpart;
int error = 0;
labelpart = dkpart(dev);
if (lp->d_partitions[labelpart].p_offset != 0) {
if (lp->d_partitions[0].p_offset != 0)
return (EXDEV); /* not quite right */
labelpart = 0;
}
if (lp->d_partitions[RAW_PART].p_offset != 0)
return (EXDEV); /* not quite right */
bp = geteblk((int)lp->d_secsize);
bp->b_dev = dkmodpart(dev, labelpart);
bp->b_dev = dkmodpart(dev, RAW_PART);
bp->b_blkno = LABELSECTOR * ((int)lp->d_secsize/DEV_BSIZE);
bp->b_bcount = lp->d_secsize;
#if 1