Re-order MAC and DAC checks in shmget() in order to give precedence to

the MAC result, as well as avoid losing the DAC check result when MAC is enabled. MFC after: 3 days Reported by: Patrick LeBlanc <Patrick dot LeBlanc at sparta dot com>
author: rwatson <rwatson@FreeBSD.org> 2005-10-04 16:40:20 +0000
committer: rwatson <rwatson@FreeBSD.org> 2005-10-04 16:40:20 +0000
commit: 540563ab582bc0f804ccd1c410799c5f4882ba99 (patch)
tree: 21edea6178f54b287506c539ced4dca55fe01b5b /sys/kern/sysv_shm.c
parent: 6d1f0bd5550940a0a67a111b6ac792368c5f8552 (diff)
download: FreeBSD-src-540563ab582bc0f804ccd1c410799c5f4882ba99.zip
FreeBSD-src-540563ab582bc0f804ccd1c410799c5f4882ba99.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/kern/sysv_shm.c b/sys/kern/sysv_shm.c
index 637beb1..c52f79d 100644
--- a/sys/kern/sysv_shm.c
+++ b/sys/kern/sysv_shm.c
@@ -726,12 +726,14 @@ shmget_existing(td, uap, mode, segnum)
 	}
 	if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
 		return (EEXIST);
-	error = ipcperm(td, &shmseg->u.shm_perm, mode);
 #ifdef MAC
 	error = mac_check_sysv_shmget(td->td_ucred, shmseg, uap->shmflg);
-	if (error != 0)
+	if (error != 0) {
 		MPRINTF(("mac_check_sysv_shmget returned %d\n", error));
+		return (error);
+	}
 #endif
+	error = ipcperm(td, &shmseg->u.shm_perm, mode);
 	if (error)
 		return (error);
 	if (uap->size && uap->size > shmseg->u.shm_segsz)
author	rwatson <rwatson@FreeBSD.org>	2005-10-04 16:40:20 +0000
committer	rwatson <rwatson@FreeBSD.org>	2005-10-04 16:40:20 +0000
commit	540563ab582bc0f804ccd1c410799c5f4882ba99 (patch)
tree	21edea6178f54b287506c539ced4dca55fe01b5b /sys/kern/sysv_shm.c
parent	6d1f0bd5550940a0a67a111b6ac792368c5f8552 (diff)
download	FreeBSD-src-540563ab582bc0f804ccd1c410799c5f4882ba99.zip FreeBSD-src-540563ab582bc0f804ccd1c410799c5f4882ba99.tar.gz