diff options
author | rwatson <rwatson@FreeBSD.org> | 2000-09-18 18:10:13 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2000-09-18 18:10:13 +0000 |
commit | 07ac219faf91bbdebe0489d985c725d2c08aa544 (patch) | |
tree | 050f7b48539ce966e50810d071940911ae3893be /sys/ufs | |
parent | 3546d27e15a39f4124334ef712228133bb974bb8 (diff) | |
download | FreeBSD-src-07ac219faf91bbdebe0489d985c725d2c08aa544.zip FreeBSD-src-07ac219faf91bbdebe0489d985c725d2c08aa544.tar.gz |
o Disallow privileged processes in jail() from directly accessing
system namespace extended attributes.
o Document privilege/jail() interaction relating to extended
attributes.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/ufs')
-rw-r--r-- | sys/ufs/ufs/ufs_extattr.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/ufs/ufs/ufs_extattr.c b/sys/ufs/ufs/ufs_extattr.c index 9eef017..593dde1 100644 --- a/sys/ufs/ufs/ufs_extattr.c +++ b/sys/ufs/ufs/ufs_extattr.c @@ -340,6 +340,10 @@ ufs_extattrctl(struct mount *mp, int cmd, const char *attrname, int error, flags; size_t len; + /* + * Processes with privilege, but in jail, are not allowed to + * configure extended attributes. + */ if ((error = suser_xxx(p->p_cred->pc_ucred, p, 0))) return (error); @@ -409,10 +413,14 @@ ufs_extattr_credcheck(struct vnode *vp, struct ufs_extattr_list_entry *uele, return (0); /* + * Do not allow privileged processes in jail to directly + * manipulate system attributes. + * * XXX What capability should apply here? + * Probably CAP_SYS_SETFFLAG. */ if (system_namespace) - return (suser_xxx(cred, p, PRISON_ROOT)); + return (suser_xxx(cred, p, 0)); else return (VOP_ACCESS(vp, access, cred, p)); } |