- Enforce CAP_MKFIFO on mkfifoat(2), not on mknodat(2). Without this change

mkfifoat(2) was not restricted. - Introduce CAP_MKNOD and enforce it on mknodat(2). Sponsored by: FreeBSD Foundation MFC after: 2 weeks
author: pjd <pjd@FreeBSD.org> 2012-10-01 05:43:24 +0000
committer: pjd <pjd@FreeBSD.org> 2012-10-01 05:43:24 +0000
commit: ef5782071fdb5dc2ea9256b1c0f14dcad61f33d2 (patch)
tree: 3f401e4ee6ef8b30826ea97ef76358eb892d0464 /sys/kern/vfs_syscalls.c
parent: c081610de9c447caf8b6eb3137c7529f871ba3cb (diff)
download: FreeBSD-src-ef5782071fdb5dc2ea9256b1c0f14dcad61f33d2.zip
FreeBSD-src-ef5782071fdb5dc2ea9256b1c0f14dcad61f33d2.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index c47af7a..7dafc58 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1334,7 +1334,7 @@ restart:
 	bwillwrite();
 	NDINIT_ATRIGHTS(&nd, CREATE,
 	    LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, pathseg, path, fd,
-	    CAP_MKFIFO, td);
+	    CAP_MKNOD, td);
 	if ((error = namei(&nd)) != 0)
 		return (error);
 	vfslocked = NDHASGIANT(&nd);
@@ -1458,8 +1458,9 @@ kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
 	AUDIT_ARG_MODE(mode);
 restart:
 	bwillwrite();
-	NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
-	    pathseg, path, fd, td);
+	NDINIT_ATRIGHTS(&nd, CREATE,
+	    LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, pathseg, path, fd,
+	    CAP_MKFIFO, td);
 	if ((error = namei(&nd)) != 0)
 		return (error);
 	vfslocked = NDHASGIANT(&nd);
author	pjd <pjd@FreeBSD.org>	2012-10-01 05:43:24 +0000
committer	pjd <pjd@FreeBSD.org>	2012-10-01 05:43:24 +0000
commit	ef5782071fdb5dc2ea9256b1c0f14dcad61f33d2 (patch)
tree	3f401e4ee6ef8b30826ea97ef76358eb892d0464 /sys/kern/vfs_syscalls.c
parent	c081610de9c447caf8b6eb3137c7529f871ba3cb (diff)
download	FreeBSD-src-ef5782071fdb5dc2ea9256b1c0f14dcad61f33d2.zip FreeBSD-src-ef5782071fdb5dc2ea9256b1c0f14dcad61f33d2.tar.gz