kern/79705: mac_seeotheruids not blocking root
Matthew Poole
matt at p00le.net
Sat May 14 11:50:06 GMT 2005
The following reply was made to PR kern/79705; it has been noted by GNATS.
From: Matthew Poole <matt at p00le.net>
To: matt at p00le.net, bug-followup at FreeBSD.org
Cc:
Subject: Re: kern/79705: mac_seeotheruids not blocking root
Date: Sat, 14 May 2005 23:47:37 +1200
--=-N50hT1Tf6vaf5hPTZ3cl
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Further to this, I got the mac_seeotheruids.c file from 5.3-RELEASE and
built it on a 5.4-RELEASE box, and it works fine. The diff for the two
files (the .bak is the 5.4 file) is below.
diff mac_seeotheruids.c mac_seeotheruids.c.bak
34c34
< * $FreeBSD: src/sys/security/mac_seeotheruids/mac_seeotheruids.c,v
1.6 2004/02/22 00:33:12 rwatson Exp $
---
> * $FreeBSD: src/sys/security/mac_seeotheruids/mac_seeotheruids.c,v
1.6.2.1 2005/01/22 19:18:15 rwatson Exp $
117a118,120
> return (0);
>
> if (suser_cred(u1, 0) =3D=3D 0)
I'm not sure how those two lines interact with things, but they appear
to be the cause of the problem.
--=20
Matthew Poole
--=-N50hT1Tf6vaf5hPTZ3cl
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iD8DBQBCheVZTdEtTmUCdpwRAtqmAJ9FqPyILxX0m+Ejefqe34pf4wlElwCfcwIx
OZPfMBDeyyMmqTqqpkYtukQ=
=s2C0
-----END PGP SIGNATURE-----
--=-N50hT1Tf6vaf5hPTZ3cl--
More information about the freebsd-bugs
mailing list