PERFORCE change 79601 for review

Robert Watson rwatson at FreeBSD.org
Tue Jul 5 12:02:12 GMT 2005 

http://perforce.freebsd.org/chv.cgi?CH=79601

Change 79601 by rwatson at rwatson_paprika on 2005/07/05 12:01:24

	Annotate some uses of suser() in file system code that will need
	more attention.  In reiserfs, the use of suser appears deffective.
	In UFS, it requires some inspection of POSIX.1e to figure out how
	to use capabilities.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/gnu/reiserfs/reiserfs_vfsops.c#2 edit
.. //depot/projects/trustedbsd/sebsd/sys/ufs/ffs/ffs_vnops.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/gnu/reiserfs/reiserfs_vfsops.c#2 (text+ko) ====

@@ -125,8 +125,15 @@
 		return (error);
 	}
 
-	/* If mount by non-root, then verify that user has necessary
-	 * permissions on the device. */
+	/*
+	 * If mount by non-root, then verify that user has necessary
+	 * permissions on the device.
+	 *
+	 * XXXRW: Probably, should check if the user has access, then
+	 * exercise appropriate privilege to override the protections if
+	 * desired.  Question: why are we not simply relying on the results
+	 * of VOP_ACCESS()?
+	 */
 	if (suser(td)) {
 		accessmode = VREAD;
 		if ((mp->mnt_flag & MNT_RDONLY) == 0)

==== //depot/projects/trustedbsd/sebsd/sys/ufs/ffs/ffs_vnops.c#11 (text+ko) ====

@@ -731,6 +731,9 @@
 	 * If we successfully wrote any data, and we are not the superuser
 	 * we clear the setuid and setgid bits as a precaution against
 	 * tampering.
+	 *
+	 * XXXRW: What should this be in the world of capabilities?  Possibly
+	 * CAP_SETUID and CAP_SETGID?
 	 */
 	if (resid > uio->uio_resid && ap->a_cred && 
 	    suser_cred(ap->a_cred, SUSER_ALLOWJAIL)) {
@@ -1056,6 +1059,9 @@
 	 * If we successfully wrote any data, and we are not the superuser
 	 * we clear the setuid and setgid bits as a precaution against
 	 * tampering.
+	 *
+	 * XXXRW: What should this be in the world of capabilities?  Possibly
+	 * CAP_SETUID and CAP_SETGID?
 	 */
 	if (resid > uio->uio_resid && ucred && 
 	    suser_cred(ucred, SUSER_ALLOWJAIL)) {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list