diff options
author | njl <njl@FreeBSD.org> | 2002-09-14 09:02:28 +0000 |
---|---|---|
committer | njl <njl@FreeBSD.org> | 2002-09-14 09:02:28 +0000 |
commit | 0590c43070aac7fb636a1f4c4b94469046a317a0 (patch) | |
tree | e9205d0e4985af46af0db4bd26e9662b1c25f85b /sys/kern/kern_descrip.c | |
parent | bb76739de046ae1f81a36e96d18f0ee3b1afd323 (diff) | |
download | FreeBSD-src-0590c43070aac7fb636a1f4c4b94469046a317a0.zip FreeBSD-src-0590c43070aac7fb636a1f4c4b94469046a317a0.tar.gz |
Remove all use of vnode->v_tag, replacing with appropriate substitutes.
v_tag is now const char * and should only be used for debugging.
Additionally:
1. All users of VT_NTS now check vfsconf->vf_type VFCF_NETWORK
2. The user of VT_PROCFS now checks for the new flag VV_PROCDEP, which
is propagated by pseudofs to all child vnodes if the fs sets PFS_PROCDEP.
Suggested by: phk
Reviewed by: bde, rwatson (earlier version)
Diffstat (limited to 'sys/kern/kern_descrip.c')
-rw-r--r-- | sys/kern/kern_descrip.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index d88156b..9c091bd 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -53,6 +53,7 @@ #include <sys/kernel.h> #include <sys/sysctl.h> #include <sys/vnode.h> +#include <sys/mount.h> #include <sys/proc.h> #include <sys/namei.h> #include <sys/file.h> @@ -1407,11 +1408,8 @@ fdfree(td) /* * For setugid programs, we don't want to people to use that setugidness * to generate error messages which write to a file which otherwise would - * otherwise be off-limits to the process. - * - * This is a gross hack to plug the hole. A better solution would involve - * a special vop or other form of generalized access control mechanism. We - * go ahead and just reject all procfs filesystems accesses as dangerous. + * otherwise be off-limits to the process. We check for filesystems where + * the vnode can change out from under us after execve (like [lin]procfs). * * Since setugidsafety calls this only for fd 0, 1 and 2, this check is * sufficient. We also don't for check setugidness since we know we are. @@ -1419,9 +1417,12 @@ fdfree(td) static int is_unsafe(struct file *fp) { - if (fp->f_type == DTYPE_VNODE && - ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS) - return (1); + if (fp->f_type == DTYPE_VNODE) { + struct vnode *vp = (struct vnode *)fp->f_data; + + if ((vp->v_vflag & VV_PROCDEP) != 0) + return (1); + } return (0); } |