diff options
| author | pjd <pjd@FreeBSD.org> | 2007-03-01 20:38:24 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2007-03-01 20:38:24 +0000 |
| commit | 9558665f1e9f1f9706571aaa461046ce5b51544e (patch) | |
| tree | 63f80dc58e09bd7368c1fc36f80e0a5cb3f09a2b | |
| parent | 62de975b4dd173f6b7bf54718b6fab2809bec4fb (diff) | |
| download | FreeBSD-src-9558665f1e9f1f9706571aaa461046ce5b51544e.zip FreeBSD-src-9558665f1e9f1f9706571aaa461046ce5b51544e.tar.gz | |
Avoid checking for privileges if there is no need to.
Discussed with: rwatson
| -rw-r--r-- | sys/gnu/fs/ext2fs/ext2_vnops.c | 2 | ||||
| -rw-r--r-- | sys/ufs/ffs/ffs_vnops.c | 22 | ||||
| -rw-r--r-- | sys/ufs/ufs/ufs_vnops.c | 9 |
3 files changed, 19 insertions, 14 deletions
diff --git a/sys/gnu/fs/ext2fs/ext2_vnops.c b/sys/gnu/fs/ext2fs/ext2_vnops.c index 5ed7d11..c95777b 100644 --- a/sys/gnu/fs/ext2fs/ext2_vnops.c +++ b/sys/gnu/fs/ext2fs/ext2_vnops.c @@ -596,7 +596,7 @@ ext2_chown(vp, uid, gid, cred, td) ip->i_gid = gid; ip->i_uid = uid; ip->i_flag |= IN_CHANGE; - if (ouid != uid || ogid != gid) { + if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID, SUSER_ALLOWJAIL) != 0) ip->i_mode &= ~(ISUID | ISGID); diff --git a/sys/ufs/ffs/ffs_vnops.c b/sys/ufs/ffs/ffs_vnops.c index 0e323f7..2a6ce6b 100644 --- a/sys/ufs/ffs/ffs_vnops.c +++ b/sys/ufs/ffs/ffs_vnops.c @@ -788,11 +788,13 @@ ffs_write(ap) * we clear the setuid and setgid bits as a precaution against * tampering. */ - if (resid > uio->uio_resid && ap->a_cred && - priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID, - SUSER_ALLOWJAIL)) { - ip->i_mode &= ~(ISUID | ISGID); - DIP_SET(ip, i_mode, ip->i_mode); + if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && + ap->a_cred) { + if (priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID, + SUSER_ALLOWJAIL)) { + ip->i_mode &= ~(ISUID | ISGID); + DIP_SET(ip, i_mode, ip->i_mode); + } } if (error) { if (ioflag & IO_UNIT) { @@ -1115,10 +1117,12 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred) * we clear the setuid and setgid bits as a precaution against * tampering. */ - if (resid > uio->uio_resid && ucred && - priv_check_cred(ucred, PRIV_VFS_CLEARSUGID, SUSER_ALLOWJAIL)) { - ip->i_mode &= ~(ISUID | ISGID); - dp->di_mode = ip->i_mode; + if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) { + if (priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID, + SUSER_ALLOWJAIL)) { + ip->i_mode &= ~(ISUID | ISGID); + dp->di_mode = ip->i_mode; + } } if (error) { if (ioflag & IO_UNIT) { diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 3c74f79..8ea9ab9 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -786,10 +786,11 @@ good: panic("ufs_chown: lost quota"); #endif /* QUOTA */ ip->i_flag |= IN_CHANGE; - if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID, SUSER_ALLOWJAIL) && - (ouid != uid || ogid != gid)) { - ip->i_mode &= ~(ISUID | ISGID); - DIP_SET(ip, i_mode, ip->i_mode); + if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { + if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID, SUSER_ALLOWJAIL)) { + ip->i_mode &= ~(ISUID | ISGID); + DIP_SET(ip, i_mode, ip->i_mode); + } } return (0); } |
