cvs commit: src/sys/ufs/ufs ufs_vnops.c

Christian S.J. Peron csjp at
Sat Aug 21 19:03:42 PDT 2004

csjp        2004-08-22 02:03:41 UTC

  FreeBSD src repository

  Modified files:
    sys/ufs/ufs          ufs_vnops.c 
  Currently, if the secure level is low enough, system flags can
  be manipulated by prison root. In 4.x prison root can not manipulate
  system flags, regardless of the security level. This behavior
  should remain consistent to avoid any surprises which could lead
  to security problems for system administrators which give out
  privileged access to jails.
  This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL
  to 0. This will prevent prison root from being able to manipulate
  system flags on files.
  This may be a MFC candidate for RELENG_5.
  Discussed with: cperciva
  Reviewed by:    rwatson
  Approved by:    bmilekic (mentor)
  PR:             kern/70298
  Revision  Changes    Path
  1.243     +1 -1      src/sys/ufs/ufs/ufs_vnops.c

More information about the cvs-src mailing list