diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2000-09-18 17:53:22 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2000-09-18 17:53:22 +0000 |
| commit | ea57890740237f1576d84e9506fc1586bd529498 (patch) | |
| tree | 768b34d24caabb11b376e0d8c1c0e0b070675afb /sys/ufs | |
| parent | cd595ef506db796a1e4e513874d5edf1acfa123e (diff) | |
| download | src-ea57890740237f1576d84e9506fc1586bd529498.tar.gz src-ea57890740237f1576d84e9506fc1586bd529498.zip | |
o Add missing PRISON_ROOT allowing a privileged process in a jail() to not
remove the setuid/setgid bits by virtue of a change to a file with those
bits set, even if the process doesn't own the file, or isn't a group
member of the file's gid.
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=66038
Diffstat (limited to 'sys/ufs')
| -rw-r--r-- | sys/ufs/ufs/ufs_vnops.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index f355080613e8..1ac7dd0b5243 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -638,7 +638,7 @@ good: panic("ufs_chown: lost quota"); #endif /* QUOTA */ ip->i_flag |= IN_CHANGE; - if (suser_xxx(cred, NULL, 0) && (ouid != uid || ogid != gid)) + if (suser_xxx(cred, NULL, PRISON_ROOT) && (ouid != uid || ogid != gid)) ip->i_mode &= ~(ISUID | ISGID); return (0); } |