diff options
author | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2007-03-01 20:47:42 +0000 |
---|---|---|
committer | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2007-03-01 20:47:42 +0000 |
commit | bb531912ff8ad8dddadba3c834ac5e748a703c4a (patch) | |
tree | f8078bd189d70d3c1b40fe6730dd81a20260b0de | |
parent | 3b2eb461e0ceecbb2f0bb227bb07f6a3e0c21f06 (diff) | |
download | src-bb531912ff8ad8dddadba3c834ac5e748a703c4a.tar.gz src-bb531912ff8ad8dddadba3c834ac5e748a703c4a.zip |
Rename PRIV_VFS_CLEARSUGID to PRIV_VFS_RETAINSUGID, which seems to better
describe the privilege.
OK'ed by: rwatson
Notes
Notes:
svn path=/head/; revision=167152
-rw-r--r-- | sys/gnu/fs/ext2fs/ext2_vnops.c | 4 | ||||
-rw-r--r-- | sys/kern/kern_jail.c | 2 | ||||
-rw-r--r-- | sys/sys/priv.h | 2 | ||||
-rw-r--r-- | sys/ufs/ffs/ffs_vnops.c | 4 | ||||
-rw-r--r-- | sys/ufs/ufs/ufs_vnops.c | 3 |
5 files changed, 8 insertions, 7 deletions
diff --git a/sys/gnu/fs/ext2fs/ext2_vnops.c b/sys/gnu/fs/ext2fs/ext2_vnops.c index c95777b26587..a1167e126962 100644 --- a/sys/gnu/fs/ext2fs/ext2_vnops.c +++ b/sys/gnu/fs/ext2fs/ext2_vnops.c @@ -597,7 +597,7 @@ ext2_chown(vp, uid, gid, cred, td) ip->i_uid = uid; ip->i_flag |= IN_CHANGE; if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { - if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID, + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL) != 0) ip->i_mode &= ~(ISUID | ISGID); } @@ -1648,7 +1648,7 @@ ext2_makeinode(mode, dvp, vpp, cnp) tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) { - if (priv_check_cred(cnp->cn_cred, PRIV_VFS_CLEARSUGID, + if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL)) ip->i_mode &= ~ISGID; } diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 6e80510ca122..550c7d9fc13c 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -638,7 +638,7 @@ prison_priv_check(struct ucred *cred, int priv) case PRIV_VFS_CHFLAGS_DEV: case PRIV_VFS_CHOWN: case PRIV_VFS_CHROOT: - case PRIV_VFS_CLEARSUGID: + case PRIV_VFS_RETAINSUGID: case PRIV_VFS_FCHROOT: case PRIV_VFS_LINK: case PRIV_VFS_SETGID: diff --git a/sys/sys/priv.h b/sys/sys/priv.h index e9f620a64ab2..f6c6b72a462a 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -238,7 +238,7 @@ #define PRIV_VFS_CHFLAGS_DEV 316 /* Can chflags() a device node. */ #define PRIV_VFS_CHOWN 317 /* Can set user; group to non-member. */ #define PRIV_VFS_CHROOT 318 /* chroot(). */ -#define PRIV_VFS_CLEARSUGID 319 /* Don't clear sugid on change. */ +#define PRIV_VFS_RETAINSUGID 319 /* Can retain sugid bits on change. */ #define PRIV_VFS_EXCEEDQUOTA 320 /* Exempt from quota restrictions. */ #define PRIV_VFS_EXTATTR_SYSTEM 321 /* Operate on system EA namespace. */ #define PRIV_VFS_FCHROOT 322 /* fchroot(). */ diff --git a/sys/ufs/ffs/ffs_vnops.c b/sys/ufs/ffs/ffs_vnops.c index 2a6ce6b68d14..b25c1df16172 100644 --- a/sys/ufs/ffs/ffs_vnops.c +++ b/sys/ufs/ffs/ffs_vnops.c @@ -790,7 +790,7 @@ ffs_write(ap) */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ap->a_cred) { - if (priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID, + if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL)) { ip->i_mode &= ~(ISUID | ISGID); DIP_SET(ip, i_mode, ip->i_mode); @@ -1118,7 +1118,7 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred) * tampering. */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) { - if (priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID, + if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL)) { ip->i_mode &= ~(ISUID | ISGID); dp->di_mode = ip->i_mode; diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 8ea9ab99d360..2f5ecd0457c3 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -787,7 +787,8 @@ good: #endif /* QUOTA */ ip->i_flag |= IN_CHANGE; if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { - if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID, SUSER_ALLOWJAIL)) { + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, + SUSER_ALLOWJAIL)) { ip->i_mode &= ~(ISUID | ISGID); DIP_SET(ip, i_mode, ip->i_mode); } |