svn commit: r240927 - head/sys/kern
Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue Sep 25 20:48:50 UTC 2012
Author: pjd
Date: Tue Sep 25 20:48:49 2012
New Revision: 240927
URL: http://svn.freebsd.org/changeset/base/240927
Log:
O_EXEC flag is not part of the O_ACCMODE mask, check it separately.
If O_EXEC is provided don't require CAP_READ/CAP_WRITE, as O_EXEC
is mutually exclusive to O_RDONLY/O_WRONLY/O_RDWR.
Without this change CAP_FEXECVE capability right is not enforced.
Sponsored by: FreeBSD Foundation
MFC after: 3 days
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c Tue Sep 25 20:41:43 2012 (r240926)
+++ head/sys/kern/vfs_syscalls.c Tue Sep 25 20:48:49 2012 (r240927)
@@ -1006,22 +1006,20 @@ flags_to_rights(int flags)
{
cap_rights_t rights = 0;
- switch ((flags & O_ACCMODE)) {
- case O_RDONLY:
- rights |= CAP_READ;
- break;
-
- case O_RDWR:
- rights |= CAP_READ;
- /* fall through */
-
- case O_WRONLY:
- rights |= CAP_WRITE;
- break;
-
- case O_EXEC:
+ if (flags & O_EXEC) {
rights |= CAP_FEXECVE;
- break;
+ } else {
+ switch ((flags & O_ACCMODE)) {
+ case O_RDONLY:
+ rights |= CAP_READ;
+ break;
+ case O_RDWR:
+ rights |= CAP_READ;
+ /* FALLTHROUGH */
+ case O_WRONLY:
+ rights |= CAP_WRITE;
+ break;
+ }
}
if (flags & O_CREAT)
More information about the svn-src-all
mailing list