diff options
author | rwatson <rwatson@FreeBSD.org> | 2000-09-18 17:53:22 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2000-09-18 17:53:22 +0000 |
commit | f193def48efb15a891480d8492bad80da212ed27 (patch) | |
tree | 6295dece68ce398f3915205071ee09eb87af1e46 /sys/ufs/ufs | |
parent | 1c37bf6427071914f9f830e4b0cc59b2dc459299 (diff) | |
download | FreeBSD-src-f193def48efb15a891480d8492bad80da212ed27.zip FreeBSD-src-f193def48efb15a891480d8492bad80da212ed27.tar.gz |
o Add missing PRISON_ROOT allowing a privileged process in a jail() to not
remove the setuid/setgid bits by virtue of a change to a file with those
bits set, even if the process doesn't own the file, or isn't a group
member of the file's gid.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/ufs/ufs')
-rw-r--r-- | sys/ufs/ufs/ufs_vnops.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index f355080..1ac7dd0 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -638,7 +638,7 @@ good: panic("ufs_chown: lost quota"); #endif /* QUOTA */ ip->i_flag |= IN_CHANGE; - if (suser_xxx(cred, NULL, 0) && (ouid != uid || ogid != gid)) + if (suser_xxx(cred, NULL, PRISON_ROOT) && (ouid != uid || ogid != gid)) ip->i_mode &= ~(ISUID | ISGID); return (0); } |