diff options
| author | phk <phk@FreeBSD.org> | 2002-09-05 20:38:57 +0000 |
|---|---|---|
| committer | phk <phk@FreeBSD.org> | 2002-09-05 20:38:57 +0000 |
| commit | 55be95d1615c2305ac667d206ff3231fca09b5d8 (patch) | |
| tree | 61f3e8f641200c248577bf99f355a59977009af4 /sys/kern/vfs_subr.c | |
| parent | b0ff5bb69d99fd3750297c3f567c1a5cd50782e7 (diff) | |
| download | FreeBSD-src-55be95d1615c2305ac667d206ff3231fca09b5d8.zip FreeBSD-src-55be95d1615c2305ac667d206ff3231fca09b5d8.tar.gz | |
Introduce new extattr_check_cred() function which implements the canonical
crential washing for extended attributes.
Sponsored by: DARPA & NAI Labs.
Diffstat (limited to 'sys/kern/vfs_subr.c')
| -rw-r--r-- | sys/kern/vfs_subr.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 300f051..31ecb5b 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -51,6 +51,7 @@ #include <sys/buf.h> #include <sys/conf.h> #include <sys/eventhandler.h> +#include <sys/extattr.h> #include <sys/fcntl.h> #include <sys/kernel.h> #include <sys/kthread.h> @@ -3539,3 +3540,36 @@ privcheck: return ((acc_mode & VADMIN) ? EPERM : EACCES); } + +/* + * Credential check based on process requesting service, and per-attribute + * permissions. + */ +int +extattr_check_cred(struct vnode *vp, int attrnamespace, + struct ucred *cred, struct thread *td, int access) +{ + + /* + * Kernel-invoked always succeeds. + */ + if (cred == NULL) + return (0); + + /* + * Do not allow privileged processes in jail to directly + * manipulate system attributes. + * + * XXX What capability should apply here? + * Probably CAP_SYS_SETFFLAG. + */ + switch (attrnamespace) { + case EXTATTR_NAMESPACE_SYSTEM: + /* Potentially should be: return (EPERM); */ + return (suser_cred(cred, 0)); + case EXTATTR_NAMESPACE_USER: + return (VOP_ACCESS(vp, access, cred, td)); + default: + return (EPERM); + } +} |
