o Add missing PRISON_ROOT allowing a privileged process in a jail() to not

remove the setuid/setgid bits by virtue of a change to a file with those bits set, even if the process doesn't own the file, or isn't a group member of the file's gid. Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2000-09-18 17:53:22 +0000
committer: rwatson <rwatson@FreeBSD.org> 2000-09-18 17:53:22 +0000
commit: f193def48efb15a891480d8492bad80da212ed27 (patch)
tree: 6295dece68ce398f3915205071ee09eb87af1e46 /sys/ufs/ufs
parent: 1c37bf6427071914f9f830e4b0cc59b2dc459299 (diff)
download: FreeBSD-src-f193def48efb15a891480d8492bad80da212ed27.zip
FreeBSD-src-f193def48efb15a891480d8492bad80da212ed27.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c
index f355080..1ac7dd0 100644
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@@ -638,7 +638,7 @@ good:
 		panic("ufs_chown: lost quota");
 #endif /* QUOTA */
 	ip->i_flag |= IN_CHANGE;
-	if (suser_xxx(cred, NULL, 0) && (ouid != uid || ogid != gid))
+	if (suser_xxx(cred, NULL, PRISON_ROOT) && (ouid != uid || ogid != gid))
 		ip->i_mode &= ~(ISUID | ISGID);
 	return (0);
 }
author	rwatson <rwatson@FreeBSD.org>	2000-09-18 17:53:22 +0000
committer	rwatson <rwatson@FreeBSD.org>	2000-09-18 17:53:22 +0000
commit	f193def48efb15a891480d8492bad80da212ed27 (patch)
tree	6295dece68ce398f3915205071ee09eb87af1e46 /sys/ufs/ufs
parent	1c37bf6427071914f9f830e4b0cc59b2dc459299 (diff)
download	FreeBSD-src-f193def48efb15a891480d8492bad80da212ed27.zip FreeBSD-src-f193def48efb15a891480d8492bad80da212ed27.tar.gz