o Make procfs use vaccess() for procfs_access() DAC and super-user checks,

  rather than implementing its own {uid,gid,other} checks against vnode
  mode.  Similar change to linprocfs currently under review.

Obtained from:	TrustedBSD Project

1 files changed, 4 insertions, 28 deletions

diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c
index df8e3ca24959..0619a6893ad1 100644
--- a/sys/miscfs/procfs/procfs_vnops.c
+++ b/sys/miscfs/procfs/procfs_vnops.c
@@ -599,10 +599,6 @@ procfs_setattr(ap)
 /*
  * implement access checking.
  *
- * something very similar to this code is duplicated
- * throughout the 4bsd kernel and should be moved
- * into kern/vfs_subr.c sometime.
- *
  * actually, the check for super-user is slightly
  * broken since it will allow read access to write-only
  * objects.  this doesn't cause any particular trouble
@@ -619,6 +615,7 @@ procfs_access(ap)
 	} */ *ap;
 {
 	struct pfsnode *pfs = VTOPFS(ap->a_vp);
+	struct vnode *vp = ap->a_vp;
 	struct proc *procp;
 	struct vattr *vap;
 	struct vattr vattr;
@@ -637,33 +634,12 @@ procfs_access(ap)
         }
 
 	vap = &vattr;
-	error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p);
+	error = VOP_GETATTR(vp, vap, ap->a_cred, ap->a_p);
 	if (error)
 		return (error);
 
-	/*
-	 * Access check is based on only one of owner, group, public.
-	 * If not owner, then check group. If not a member of the
-	 * group, then check public access.
-	 */
-	if (ap->a_cred->cr_uid != vap->va_uid) {
-		gid_t *gp;
-		int i;
-
-		ap->a_mode >>= 3;
-		gp = ap->a_cred->cr_groups;
-		for (i = 0; i < ap->a_cred->cr_ngroups; i++, gp++)
-			if (vap->va_gid == *gp)
-				goto found;
-		ap->a_mode >>= 3;
-found:
-		;
-	}
-
-	if ((vap->va_mode & ap->a_mode) == ap->a_mode)
-		return (0);
-
-	return (EACCES);
+	return (vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid,
+	    ap->a_mode, ap->a_cred, NULL));
 }
 
 /*