diff options
author | rwatson <rwatson@FreeBSD.org> | 2000-09-18 17:58:15 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2000-09-18 17:58:15 +0000 |
commit | b324dcbd3d4209d0d74487538081082dbf904bed (patch) | |
tree | efe1e66d38bf05bcf278ff72040e294de7a648dd /sys/ufs | |
parent | f193def48efb15a891480d8492bad80da212ed27 (diff) | |
download | FreeBSD-src-b324dcbd3d4209d0d74487538081082dbf904bed.zip FreeBSD-src-b324dcbd3d4209d0d74487538081082dbf904bed.tar.gz |
o Add a comment clarifying interaction between jail(), privileged processes,
and UFS file flags. Here's what the comment says, for reference:
Privileged processes in jail() are permitted to modify
arbitrary user flags on files, but are not permitted
to modify system flags.
In other words, privilege does allow a process in jail to modify user
flags for objects that the process does not own, but privilege will
not permit the setting of system flags on the file.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/ufs')
-rw-r--r-- | sys/ufs/ufs/ufs_vnops.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 1ac7dd0..c214b4c 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -408,6 +408,11 @@ ufs_setattr(ap) if (vap->va_flags != VNOVAL) { if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); + /* + * Privileged processes in jail() are permitted to modify + * arbitrary user flags on files, but are not permitted + * to modify system flags. + */ if (cred->cr_uid != ip->i_uid && (error = suser_xxx(cred, p, PRISON_ROOT))) return (error); |