diff options
author | pjd <pjd@FreeBSD.org> | 2012-10-01 05:43:24 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2012-10-01 05:43:24 +0000 |
commit | ef5782071fdb5dc2ea9256b1c0f14dcad61f33d2 (patch) | |
tree | 3f401e4ee6ef8b30826ea97ef76358eb892d0464 /sys/kern/vfs_syscalls.c | |
parent | c081610de9c447caf8b6eb3137c7529f871ba3cb (diff) | |
download | FreeBSD-src-ef5782071fdb5dc2ea9256b1c0f14dcad61f33d2.zip FreeBSD-src-ef5782071fdb5dc2ea9256b1c0f14dcad61f33d2.tar.gz |
- Enforce CAP_MKFIFO on mkfifoat(2), not on mknodat(2). Without this change
mkfifoat(2) was not restricted.
- Introduce CAP_MKNOD and enforce it on mknodat(2).
Sponsored by: FreeBSD Foundation
MFC after: 2 weeks
Diffstat (limited to 'sys/kern/vfs_syscalls.c')
-rw-r--r-- | sys/kern/vfs_syscalls.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index c47af7a..7dafc58 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1334,7 +1334,7 @@ restart: bwillwrite(); NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, pathseg, path, fd, - CAP_MKFIFO, td); + CAP_MKNOD, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); @@ -1458,8 +1458,9 @@ kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg, AUDIT_ARG_MODE(mode); restart: bwillwrite(); - NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, - pathseg, path, fd, td); + NDINIT_ATRIGHTS(&nd, CREATE, + LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, pathseg, path, fd, + CAP_MKFIFO, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); |