diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-04-29 19:53:50 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-04-29 19:53:50 +0000 |
commit | 616044a97d6acb9dd6d7a177315b83e81f34541f (patch) | |
tree | 5862e16af112d097ea0217ed3438215a2fa40264 /sys/kern/vfs_acl.c | |
parent | 87e44c1171b1e522b54787176ee605ed3effc52a (diff) | |
download | FreeBSD-src-616044a97d6acb9dd6d7a177315b83e81f34541f.zip FreeBSD-src-616044a97d6acb9dd6d7a177315b83e81f34541f.tar.gz |
o As part of the move to not maintaining copies of the vnode owning uid
and gid in the ACL, vaccess_acl_posix1e() was changed to accept
explicit file_uid and file_gid as arguments. However, in making the
change, I explicitly checked file_gid against cr->cr_groups[0], rather
than using groupmember, resulting in ACL_GROUP_OBJ entries being
compared to the caller's effective gid only, not the remainder of
its groups. This was recently corrected for the version of the
group call without privilege, but the second test (when privilege is
added) was missed. This change replaces an additiona cr->cr_groups[0]
check with groupmember().
Pointed out by: jedgar
Reviewed by: jedgar
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/kern/vfs_acl.c')
-rw-r--r-- | sys/kern/vfs_acl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c index 915f12d..10d2363 100644 --- a/sys/kern/vfs_acl.c +++ b/sys/kern/vfs_acl.c @@ -276,7 +276,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, for (i = 0; i < acl->acl_cnt; i++) { switch (acl->acl_entry[i].ae_tag) { case ACL_GROUP_OBJ: - if (file_gid != cred->cr_groups[0]) + if (!groupmember(file_gid, cred)) break; dac_granted = 0; if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) |