PERFORCE change 163728 for review
Robert Watson
rwatson at FreeBSD.org
Sun Jun 7 19:48:17 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=163728
Change 163728 by rwatson at rwatson_freebsd_capabilities on 2009/06/07 19:47:44
Only check for CAP_WRITE on mmap() if both PROT_WRITE is set *and*
MAP_SHARED is set. For copy-on-write scenarios, it's fine to allow
write access even for a read-only descriptor.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/vm/vm_mmap.c#12 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/vm/vm_mmap.c#12 (text+ko) ====
@@ -310,8 +310,10 @@
rights = CAP_MMAP;
if (prot & PROT_READ)
rights |= CAP_READ;
- if (prot & PROT_WRITE)
- rights |= CAP_WRITE;
+ if ((flags & MAP_SHARED) != 0) {
+ if (prot & PROT_WRITE)
+ rights |= CAP_WRITE;
+ }
if (prot & PROT_EXEC)
rights |= CAP_MAPEXEC;
if ((error = fget_mmap(td, uap->fd, rights, &cap_maxprot,
More information about the p4-projects
mailing list