From e36b4f594a110b0fc5c12bbda2cd60bc9952755c Mon Sep 17 00:00:00 2001 From: Bruce Evans Date: Sat, 17 Oct 1998 07:49:04 +0000 Subject: [PATCH] Use only the correct raw partition for writing labels. Don't use the partition that the label ioctl is being done on just because it has offset 0, since there is no guarantee that such a partition is large enough to contain the label. Don't use the wrong raw partition (0 instead of RAW_PART). This fixes problems rewriting bizarre labels (with a nonzero offset for the 'a' partition) in newfs(8). Such labels shouldn't normally be used, but creating them was allowed if the ioctl was done on the raw partition, and sysinstall creates them if the root partition isn't allocated first. Note that allowing write access to a partition other than the one that has been checked for write access doesn't increase security holes significantly, since write access to any partition already allows changing the in-core label. This fix should be in 3.0R. Rev.1.26 of newfs/newfs.c shouldn't be in 3.0R. --- sys/kern/subr_disklabel.c | 13 ++++--------- sys/ufs/ufs/ufs_disksubr.c | 13 ++++--------- 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/sys/kern/subr_disklabel.c b/sys/kern/subr_disklabel.c index 3eecb303ffd4..8a2de1498836 100644 --- a/sys/kern/subr_disklabel.c +++ b/sys/kern/subr_disklabel.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)ufs_disksubr.c 8.5 (Berkeley) 1/21/94 - * $Id: ufs_disksubr.c,v 1.36 1998/09/15 08:55:03 gibbs Exp $ + * $Id: ufs_disksubr.c,v 1.37 1998/10/16 10:14:21 jkh Exp $ */ #include @@ -269,17 +269,12 @@ writedisklabel(dev, strat, lp) { struct buf *bp; struct disklabel *dlp; - int labelpart; int error = 0; - labelpart = dkpart(dev); - if (lp->d_partitions[labelpart].p_offset != 0) { - if (lp->d_partitions[0].p_offset != 0) - return (EXDEV); /* not quite right */ - labelpart = 0; - } + if (lp->d_partitions[RAW_PART].p_offset != 0) + return (EXDEV); /* not quite right */ bp = geteblk((int)lp->d_secsize); - bp->b_dev = dkmodpart(dev, labelpart); + bp->b_dev = dkmodpart(dev, RAW_PART); bp->b_blkno = LABELSECTOR * ((int)lp->d_secsize/DEV_BSIZE); bp->b_bcount = lp->d_secsize; #if 1 diff --git a/sys/ufs/ufs/ufs_disksubr.c b/sys/ufs/ufs/ufs_disksubr.c index 3eecb303ffd4..8a2de1498836 100644 --- a/sys/ufs/ufs/ufs_disksubr.c +++ b/sys/ufs/ufs/ufs_disksubr.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)ufs_disksubr.c 8.5 (Berkeley) 1/21/94 - * $Id: ufs_disksubr.c,v 1.36 1998/09/15 08:55:03 gibbs Exp $ + * $Id: ufs_disksubr.c,v 1.37 1998/10/16 10:14:21 jkh Exp $ */ #include @@ -269,17 +269,12 @@ writedisklabel(dev, strat, lp) { struct buf *bp; struct disklabel *dlp; - int labelpart; int error = 0; - labelpart = dkpart(dev); - if (lp->d_partitions[labelpart].p_offset != 0) { - if (lp->d_partitions[0].p_offset != 0) - return (EXDEV); /* not quite right */ - labelpart = 0; - } + if (lp->d_partitions[RAW_PART].p_offset != 0) + return (EXDEV); /* not quite right */ bp = geteblk((int)lp->d_secsize); - bp->b_dev = dkmodpart(dev, labelpart); + bp->b_dev = dkmodpart(dev, RAW_PART); bp->b_blkno = LABELSECTOR * ((int)lp->d_secsize/DEV_BSIZE); bp->b_bcount = lp->d_secsize; #if 1