An error about IPC permission checking
Robert Watson
rwatson at FreeBSD.org
Sun Jul 23 13:24:31 UTC 2006
On Sun, 23 Jul 2006, ÀîÉÐ½Ü wrote:
> in the source code kern/sysv_shm.c:
>
> 729 error = ipcperm(td, &shmseg->u.shm_perm, mode);
> 730 #ifdef MAC
> 731 error = mac_check_sysv_shmget(td->td_ucred, shmseg, uap->shmflg);
> 732 if (error != 0)
> 733 MPRINTF(("mac_check_sysv_shmget returned %d\n", error));
> 734 #endif
> 735 if (error)
> 736 return (error);
>
> The return value of ipcperm() call is not be checked in time, and
> interrupted by mac checking, if Mac is enabled.
Indeed, it looks like revision 1.104 was never merged from HEAD to RELENG_6,
which corrects this bug, and also re-orders the two checks so that the MAC
check occurs before the DAC check. I'll go ahead and merge that change.
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-bugs
mailing list