svn commit: r192694 - head/sys/cddl/compat/opensolaris/kern
Edward Tomasz Napierala
trasz at FreeBSD.org
Sun May 24 19:21:50 UTC 2009
Author: trasz
Date: Sun May 24 19:21:49 2009
New Revision: 192694
URL: http://svn.freebsd.org/changeset/base/192694
Log:
Don't allow non-owner to set SUID bit on a file. It doesn't make
any difference now, but in NFSv4 ACLs, there is write_acl permission,
which also affects mode changes.
Reviewed by: pjd
Modified:
head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
==============================================================================
--- head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c Sun May 24 18:49:53 2009 (r192693)
+++ head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c Sun May 24 19:21:49 2009 (r192694)
@@ -302,6 +302,14 @@ secpolicy_setid_setsticky_clear(struct v
if (error)
return (error);
}
+ /*
+ * Deny setting setuid if we are not the file owner.
+ */
+ if ((vap->va_mode & S_ISUID) && ovap->va_uid != cred->cr_uid) {
+ error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+ if (error)
+ return (error);
+ }
return (0);
}
More information about the svn-src-head
mailing list