diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2001-04-29 19:53:50 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2001-04-29 19:53:50 +0000 |
| commit | 46157a65d713530b640103823b6928627508526c (patch) | |
| tree | 1c4d92d8b49c5981aeee44cdf7557f6a16719d0a /sys/kern | |
| parent | b31c959ff3761c27dc0cfed925c04cdd4cfd195f (diff) | |
| download | src-46157a65d713530b640103823b6928627508526c.tar.gz src-46157a65d713530b640103823b6928627508526c.zip | |
o As part of the move to not maintaining copies of the vnode owning uid
and gid in the ACL, vaccess_acl_posix1e() was changed to accept
explicit file_uid and file_gid as arguments. However, in making the
change, I explicitly checked file_gid against cr->cr_groups[0], rather
than using groupmember, resulting in ACL_GROUP_OBJ entries being
compared to the caller's effective gid only, not the remainder of
its groups. This was recently corrected for the version of the
group call without privilege, but the second test (when privilege is
added) was missed. This change replaces an additiona cr->cr_groups[0]
check with groupmember().
Pointed out by: jedgar
Reviewed by: jedgar
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=76139
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_acl.c | 2 | ||||
| -rw-r--r-- | sys/kern/subr_acl_posix1e.c | 2 | ||||
| -rw-r--r-- | sys/kern/vfs_acl.c | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/sys/kern/kern_acl.c b/sys/kern/kern_acl.c index 915f12df03df..10d2363060a2 100644 --- a/sys/kern/kern_acl.c +++ b/sys/kern/kern_acl.c @@ -276,7 +276,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, for (i = 0; i < acl->acl_cnt; i++) { switch (acl->acl_entry[i].ae_tag) { case ACL_GROUP_OBJ: - if (file_gid != cred->cr_groups[0]) + if (!groupmember(file_gid, cred)) break; dac_granted = 0; if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c index 915f12df03df..10d2363060a2 100644 --- a/sys/kern/subr_acl_posix1e.c +++ b/sys/kern/subr_acl_posix1e.c @@ -276,7 +276,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, for (i = 0; i < acl->acl_cnt; i++) { switch (acl->acl_entry[i].ae_tag) { case ACL_GROUP_OBJ: - if (file_gid != cred->cr_groups[0]) + if (!groupmember(file_gid, cred)) break; dac_granted = 0; if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c index 915f12df03df..10d2363060a2 100644 --- a/sys/kern/vfs_acl.c +++ b/sys/kern/vfs_acl.c @@ -276,7 +276,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, for (i = 0; i < acl->acl_cnt; i++) { switch (acl->acl_entry[i].ae_tag) { case ACL_GROUP_OBJ: - if (file_gid != cred->cr_groups[0]) + if (!groupmember(file_gid, cred)) break; dac_granted = 0; if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) |