From john.weeks at sun.com Wed Apr 1 22:11:13 2009 From: john.weeks at sun.com (John Weeks) Date: Wed, 01 Apr 2009 22:11:13 -0700 Subject: [fmac-discuss] [PATCH] Incorrect mode passed to fmac_vnode_access(). Message-ID: <49D448F1.5090306@sun.com> The value of mode only contains the DAC bits that were missing for access. The original mode value is now passed to fmac_vnode_access(). -John diff --git a/usr/src/uts/common/fs/tmpfs/tmp_subr.c b/usr/src/uts/common/fs/tmpfs/tmp_subr.c --- a/usr/src/uts/common/fs/tmpfs/tmp_subr.c +++ b/usr/src/uts/common/fs/tmpfs/tmp_subr.c @@ -20,7 +20,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 1989-1999,2001-2003 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -54,7 +54,6 @@ struct tmpnode *tp = vtp; int shift = 0; int error = 0; - int pmode; /* * Check access based on owner, group and @@ -67,11 +66,11 @@ } /* compute missing mode bits */ - pmode = mode & ~(tp->tn_mode << shift); + mode &= ~(tp->tn_mode << shift); - if (pmode) + if (mode) error = secpolicy_vnode_access(cred, TNTOV(tp), tp->tn_uid, - pmode); + mode); if (!error) error = fmac_vnode_access(TNTOV(tp), mode, 0, cred, B_TRUE); From Casper.Dik at Sun.COM Thu Apr 2 01:18:24 2009 From: Casper.Dik at Sun.COM (Casper.Dik at Sun.COM) Date: Thu, 02 Apr 2009 10:18:24 +0200 Subject: [fmac-discuss] [PATCH] Incorrect mode passed to fmac_vnode_access(). In-Reply-To: <49D448F1.5090306@sun.com> References: <49D448F1.5090306@sun.com> Message-ID: <200904020818.n328IO43027430@dm-holland-02.uk.sun.com> >The value of mode only contains the DAC bits that were missing for access. The original mode value is now passed to fmac_vnode_access(). > >-John > >diff --git a/usr/src/uts/common/fs/tmpfs/tmp_subr.c b/usr/src/uts/common/fs/tmpfs/tmp_subr.c >--- a/usr/src/uts/common/fs/tmpfs/tmp_subr.c >+++ b/usr/src/uts/common/fs/tmpfs/tmp_subr.c >@@ -20,7 +20,7 @@ > * CDDL HEADER END > */ > /* >- * Copyright 2009 Sun Microsystems, Inc. All rights reserved. >+ * Copyright 1989-1999,2001-2003 Sun Microsystems, Inc. All rights reserved. This is a reversed diff. Casper From john.weeks at sun.com Thu Apr 2 07:34:53 2009 From: john.weeks at sun.com (John Weeks) Date: Thu, 02 Apr 2009 07:34:53 -0700 Subject: [fmac-discuss] [PATCH] Incorrect mode passed to fmac_vnode_access() v2 Message-ID: <49D4CD0D.5060209@sun.com> Thanks Casper for catching the reversed diffs in the previous version. That's what I get for generating the diffs while answering questions from my son about a job application at the same time ;-) The value of mode only contains the DAC bits that were missing for access. The original mode value is now passed to fmac_vnode_access(). -John diff --git a/usr/src/uts/common/fs/tmpfs/tmp_subr.c b/usr/src/uts/common/fs/tmpfs/tmp_subr.c --- a/usr/src/uts/common/fs/tmpfs/tmp_subr.c +++ b/usr/src/uts/common/fs/tmpfs/tmp_subr.c @@ -20,7 +20,7 @@ * CDDL HEADER END */ /* - * Copyright 1989-1999,2001-2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -54,6 +54,7 @@ struct tmpnode *tp = vtp; int shift = 0; int error = 0; + int pmode; /* * Check access based on owner, group and @@ -66,11 +67,11 @@ } /* compute missing mode bits */ - mode &= ~(tp->tn_mode << shift); + pmode = mode & ~(tp->tn_mode << shift); - if (mode) + if (pmode) error = secpolicy_vnode_access(cred, TNTOV(tp), tp->tn_uid, - mode); + pmode); if (!error) error = fmac_vnode_access(TNTOV(tp), mode, 0, cred, B_TRUE); From sds at tycho.nsa.gov Fri Apr 3 05:55:13 2009 From: sds at tycho.nsa.gov (Stephen Smalley) Date: Fri, 03 Apr 2009 08:55:13 -0400 Subject: [fmac-discuss] [PATCH] Incorrect mode passed to fmac_vnode_access() v2 In-Reply-To: <49D4CD0D.5060209@sun.com> References: <49D4CD0D.5060209@sun.com> Message-ID: <1238763313.24074.35.camel@localhost.localdomain> On Thu, 2009-04-02 at 07:34 -0700, John Weeks wrote: > Thanks Casper for catching the reversed diffs in the previous version. That's what I get for generating the diffs while answering questions from my son about a job application at the same time ;-) > > The value of mode only contains the DAC bits that were missing for access. The original mode value is now passed to fmac_vnode_access(). > > -John Acked-by: Stephen Smalley > > > diff --git a/usr/src/uts/common/fs/tmpfs/tmp_subr.c b/usr/src/uts/common/fs/tmpfs/tmp_subr.c > --- a/usr/src/uts/common/fs/tmpfs/tmp_subr.c > +++ b/usr/src/uts/common/fs/tmpfs/tmp_subr.c > @@ -20,7 +20,7 @@ > * CDDL HEADER END > */ > /* > - * Copyright 1989-1999,2001-2003 Sun Microsystems, Inc. All rights reserved. > + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. > * Use is subject to license terms. > */ > > @@ -54,6 +54,7 @@ > struct tmpnode *tp = vtp; > int shift = 0; > int error = 0; > + int pmode; > > /* > * Check access based on owner, group and > @@ -66,11 +67,11 @@ > } > > /* compute missing mode bits */ > - mode &= ~(tp->tn_mode << shift); > + pmode = mode & ~(tp->tn_mode << shift); > > - if (mode) > + if (pmode) > error = secpolicy_vnode_access(cred, TNTOV(tp), tp->tn_uid, > - mode); > + pmode); > > if (!error) > error = fmac_vnode_access(TNTOV(tp), mode, 0, cred, B_TRUE); > _______________________________________________ > fmac-discuss mailing list > fmac-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/fmac-discuss -- Stephen Smalley National Security Agency