From 07ac219faf91bbdebe0489d985c725d2c08aa544 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Mon, 18 Sep 2000 18:10:13 +0000
Subject: o Disallow privileged processes in jail() from directly accessing  
 system namespace extended attributes. o Document privilege/jail() interaction
 relating to extended   attributes.

Obtained from:	TrustedBSD Project
---
 sys/ufs/ufs/ufs_extattr.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'sys/ufs/ufs')

diff --git a/sys/ufs/ufs/ufs_extattr.c b/sys/ufs/ufs/ufs_extattr.c
index 9eef017..593dde1 100644
--- a/sys/ufs/ufs/ufs_extattr.c
+++ b/sys/ufs/ufs/ufs_extattr.c
@@ -340,6 +340,10 @@ ufs_extattrctl(struct mount *mp, int cmd, const char *attrname,
 	int	error, flags;
 	size_t	len;
 
+	/*
+	 * Processes with privilege, but in jail, are not allowed to
+	 * configure extended attributes.
+	 */
 	if ((error = suser_xxx(p->p_cred->pc_ucred, p, 0)))
 		return (error);
 
@@ -409,10 +413,14 @@ ufs_extattr_credcheck(struct vnode *vp, struct ufs_extattr_list_entry *uele,
 		return (0);
 
 	/*
+	 * Do not allow privileged processes in jail to directly
+	 * manipulate system attributes.
+	 *
 	 * XXX What capability should apply here?
+	 * Probably CAP_SYS_SETFFLAG.
 	 */
 	if (system_namespace)
-		return (suser_xxx(cred, p, PRISON_ROOT));
+		return (suser_xxx(cred, p, 0));
 	else
 		return (VOP_ACCESS(vp, access, cred, p));
 }
-- 
cgit v1.1