aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/sysv_shm.c
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2005-10-04 16:40:20 +0000
committerRobert Watson <rwatson@FreeBSD.org>2005-10-04 16:40:20 +0000
commit7723d5ed12851d056436eeed436f0962fbda246e (patch)
tree21edea6178f54b287506c539ced4dca55fe01b5b /sys/kern/sysv_shm.c
parentdb7db23dd87162f2e42616fb812665abd4249e9d (diff)
Re-order MAC and DAC checks in shmget() in order to give precedence to
the MAC result, as well as avoid losing the DAC check result when MAC is enabled. MFC after: 3 days Reported by: Patrick LeBlanc <Patrick dot LeBlanc at sparta dot com>
Notes
Notes: svn path=/head/; revision=150937
Diffstat (limited to 'sys/kern/sysv_shm.c')
-rw-r--r--sys/kern/sysv_shm.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/kern/sysv_shm.c b/sys/kern/sysv_shm.c
index 637beb12c41b..c52f79dd422b 100644
--- a/sys/kern/sysv_shm.c
+++ b/sys/kern/sysv_shm.c
@@ -726,12 +726,14 @@ shmget_existing(td, uap, mode, segnum)
}
if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
return (EEXIST);
- error = ipcperm(td, &shmseg->u.shm_perm, mode);
#ifdef MAC
error = mac_check_sysv_shmget(td->td_ucred, shmseg, uap->shmflg);
- if (error != 0)
+ if (error != 0) {
MPRINTF(("mac_check_sysv_shmget returned %d\n", error));
+ return (error);
+ }
#endif
+ error = ipcperm(td, &shmseg->u.shm_perm, mode);
if (error)
return (error);
if (uap->size && uap->size > shmseg->u.shm_segsz)
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-26 02:02:43 +0000