Remove all use of vnode->v_tag, replacing with appropriate substitutes.

v_tag is now const char * and should only be used for debugging.

Additionally:
1. All users of VT_NTS now check vfsconf->vf_type VFCF_NETWORK
2. The user of VT_PROCFS now checks for the new flag VV_PROCDEP, which
is propagated by pseudofs to all child vnodes if the fs sets PFS_PROCDEP.

Suggested by:   phk
Reviewed by:    bde, rwatson (earlier version)

1 files changed, 9 insertions, 8 deletions

diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index d88156b..9c091bd 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -53,6 +53,7 @@
 #include <sys/kernel.h>
 #include <sys/sysctl.h>
 #include <sys/vnode.h>
+#include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/namei.h>
 #include <sys/file.h>
@@ -1407,11 +1408,8 @@ fdfree(td)
 /*
  * For setugid programs, we don't want to people to use that setugidness
  * to generate error messages which write to a file which otherwise would
- * otherwise be off-limits to the process.
- *
- * This is a gross hack to plug the hole.  A better solution would involve
- * a special vop or other form of generalized access control mechanism.  We
- * go ahead and just reject all procfs filesystems accesses as dangerous.
+ * otherwise be off-limits to the process.  We check for filesystems where
+ * the vnode can change out from under us after execve (like [lin]procfs).
  *
  * Since setugidsafety calls this only for fd 0, 1 and 2, this check is
  * sufficient.  We also don't for check setugidness since we know we are.
@@ -1419,9 +1417,12 @@ fdfree(td)
 static int
 is_unsafe(struct file *fp)
 {
-	if (fp->f_type == DTYPE_VNODE && 
-	    ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS)
-		return (1);
+	if (fp->f_type == DTYPE_VNODE) {
+		struct vnode *vp = (struct vnode *)fp->f_data;
+
+		if ((vp->v_vflag & VV_PROCDEP) != 0)
+			return (1);
+	}
 	return (0);
 }