summaryrefslogtreecommitdiffstats
path: root/sys/compat
diff options
context:
space:
mode:
authorpjd <pjd@FreeBSD.org>2007-04-18 15:24:48 +0000
committerpjd <pjd@FreeBSD.org>2007-04-18 15:24:48 +0000
commit65e2222ba480c2ef86655e2a0c17548c5bb6d107 (patch)
treee4d2bf15a06031b8eb5651b0e713850b71f2167a /sys/compat
parent20ada399491004fe07383a10fdc0d2f66396ed0d (diff)
downloadFreeBSD-src-65e2222ba480c2ef86655e2a0c17548c5bb6d107.zip
FreeBSD-src-65e2222ba480c2ef86655e2a0c17548c5bb6d107.tar.gz
MFp4: Fix automatic snapshot mount when unprivileged user does lookup
on a snapshot directory: - Remove PRIV_VFS_MOUNT check - regular users can mount snapshots via lookups on snapshot directory. - Reset mount credential to kcred, so user won't be able to unmount the snapshot. - Reset owner uid. - Unlock vnode in case of a failure. Reported by: simokawa
Diffstat (limited to 'sys/compat')
-rw-r--r--sys/compat/opensolaris/kern/opensolaris_vfs.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/sys/compat/opensolaris/kern/opensolaris_vfs.c b/sys/compat/opensolaris/kern/opensolaris_vfs.c
index ee30e3b..35404ca 100644
--- a/sys/compat/opensolaris/kern/opensolaris_vfs.c
+++ b/sys/compat/opensolaris/kern/opensolaris_vfs.c
@@ -169,9 +169,6 @@ domount(kthread_t *td, vnode_t *vp, const char *fstype, char *fspath,
if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN)
return (ENAMETOOLONG);
- if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0)
- return (error);
-
vfsp = vfs_byname_kld(fstype, td, &error);
if (vfsp == NULL)
return (ENODEV);
@@ -207,6 +204,13 @@ domount(kthread_t *td, vnode_t *vp, const char *fstype, char *fspath,
mp->mnt_flag |= MNT_RDONLY;
mp->mnt_flag &=~ MNT_UPDATEMASK;
mp->mnt_flag |= fsflags & (MNT_UPDATEMASK | MNT_FORCE | MNT_ROOTFS);
+ /*
+ * Unprivileged user can trigger mounting a snapshot, but we don't want
+ * him to unmount it, so we switch to privileged credential.
+ */
+ crfree(mp->mnt_cred);
+ mp->mnt_cred = crdup(kcred);
+ mp->mnt_stat.f_owner = mp->mnt_cred->cr_uid;
MNT_IUNLOCK(mp);
/*
* Mount the filesystem.
@@ -260,12 +264,9 @@ domount(kthread_t *td, vnode_t *vp, const char *fstype, char *fspath,
VI_LOCK(vp);
vp->v_iflag &= ~VI_MOUNT;
VI_UNLOCK(vp);
+ VOP_UNLOCK(vp, 0, td);
vfs_unbusy(mp, td);
vfs_mount_destroy(mp);
- if (VOP_ISLOCKED(vp, td) != LK_EXCLUSIVE) {
- printf("%s:%u: vnode vp=%p not locked\n", __func__, __LINE__, vp);
- vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- }
}
return (error);
}
OpenPOWER on IntegriCloud