mac_check_vnode_exec() in kern_exec.c
mike halderman
mrh at nosc.mil
Mon Dec 16 22:07:39 GMT 2002
Wouldn't it make sense to call mac_check_vnode_exec() after the
VOP_GETATTR() call? Otherwise mac_check_vnode_exec() can't see the
file attributes.
-mike
Index: kern_exec.c
===================================================================
RCS file: /home/mrh/sup/src/sys/kern/kern_exec.c,v
retrieving revision 1.203
diff -u -r1.203 kern_exec.c
--- kern_exec.c 14 Dec 2002 02:07:32 -0000 1.203
+++ kern_exec.c 16 Dec 2002 23:19:09 -0000
@@ -1091,17 +1091,17 @@
td = curthread; /* XXXKSE */
-#ifdef MAC
- error = mac_check_vnode_exec(td->td_ucred, imgp->vp, imgp);
- if (error)
- return (error);
-#endif
/* Get file attributes */
error = VOP_GETATTR(vp, attr, td->td_ucred, td);
if (error)
return (error);
+#ifdef MAC
+ error = mac_check_vnode_exec(td->td_ucred, imgp->vp, imgp);
+ if (error)
+ return (error);
+#endif
/*
* 1) Check if file execution is disabled for the filesystem that this
* file resides on.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list