PERFORCE change 79536 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jul 4 11:16:52 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=79536
Change 79536 by rwatson at rwatson_paprika on 2005/07/04 11:15:59
Don't expose file system id/handle information to non-CAP_SYS_ADMIN
processes. Should investigate this more, as the compat kern_foo
code should now be implementing much of this.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sys/alpha/osf1/osf1_mount.c#8 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/sys/alpha/osf1/osf1_mount.c#8 (text+ko) ====
@@ -37,6 +37,7 @@
#include <sys/param.h>
#include <sys/systm.h>
+#include <sys/capability.h>
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
@@ -187,7 +188,7 @@
(error = VFS_STATFS(mp, sp, td)))
continue;
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
- if (suser(td)) {
+ if (cap_check(td, CAP_SYS_ADMIN)) {
bcopy(sp, &sb, sizeof(sb));
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
sp = &sb;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list