[fmac-discuss] [PATCH] Incorrect mode passed to fmac_vnode_access() v2
Stephen Smalley
sds at tycho.nsa.gov
Fri Apr 3 05:55:13 PDT 2009
On Thu, 2009-04-02 at 07:34 -0700, John Weeks wrote:
> Thanks Casper for catching the reversed diffs in the previous version. That's what I get for generating the diffs while answering questions from my son about a job application at the same time ;-)
>
> The value of mode only contains the DAC bits that were missing for access. The original mode value is now passed to fmac_vnode_access().
>
> -John
Acked-by: Stephen Smalley <sds at tycho.nsa.gov>
>
>
> diff --git a/usr/src/uts/common/fs/tmpfs/tmp_subr.c b/usr/src/uts/common/fs/tmpfs/tmp_subr.c
> --- a/usr/src/uts/common/fs/tmpfs/tmp_subr.c
> +++ b/usr/src/uts/common/fs/tmpfs/tmp_subr.c
> @@ -20,7 +20,7 @@
> * CDDL HEADER END
> */
> /*
> - * Copyright 1989-1999,2001-2003 Sun Microsystems, Inc. All rights reserved.
> + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
> * Use is subject to license terms.
> */
>
> @@ -54,6 +54,7 @@
> struct tmpnode *tp = vtp;
> int shift = 0;
> int error = 0;
> + int pmode;
>
> /*
> * Check access based on owner, group and
> @@ -66,11 +67,11 @@
> }
>
> /* compute missing mode bits */
> - mode &= ~(tp->tn_mode << shift);
> + pmode = mode & ~(tp->tn_mode << shift);
>
> - if (mode)
> + if (pmode)
> error = secpolicy_vnode_access(cred, TNTOV(tp), tp->tn_uid,
> - mode);
> + pmode);
>
> if (!error)
> error = fmac_vnode_access(TNTOV(tp), mode, 0, cred, B_TRUE);
> _______________________________________________
> fmac-discuss mailing list
> fmac-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/fmac-discuss
--
Stephen Smalley
National Security Agency
More information about the fmac-discuss
mailing list