Date: Sat, 7 Oct 2000 04:23:40 +0200 (CEST) From: mbendiks@eunet.no To: FreeBSD-gnats-submit@freebsd.org Subject: kern/21807: [patches] Request change to msdosfs semantics Message-ID: <200010070223.EAA23805@suiram.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 21807 >Category: kern >Synopsis: [patches] Make System attribute correspond to SF_IMMUTABLE >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Oct 06 21:40:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Marius Bendiksen >Release: FreeBSD 4.1-RELEASE i386 >Organization: n/a >Environment: not relevant. >Description: In MS-DOS, the usage of the system attribute roughly corresponds to the typical use of the SF_IMMUTABLE attribute in Unix. I think changing the current semantics would be an improvement as far as compatibility goes, and there should be few POLA issues with it. >How-To-Repeat: not relevant. >Fix: In /sys/msdosfs; diff -u4 --- ./msdosfs_vnops.c.orig Sun Sep 24 14:12:47 2000 +++ ./msdosfs_vnops.c Sun Sep 24 14:18:58 2000 @@ -171,10 +171,12 @@ error = uniqdosname(pdep, cnp, ndirent.de_Name); if (error) goto bad; - ndirent.de_Attributes = (ap->a_vap->va_mode & VWRITE) ? - ATTR_ARCHIVE : ATTR_ARCHIVE | ATTR_READONLY; + ndirent.de_Attributes = ((ap->a_vap->va_mode & VWRITE) ? + ATTR_ARCHIVE : ATTR_ARCHIVE | ATTR_READONLY) | + ((ap->a_vap->va_flags & SF_IMMUTABLE) ? + ATTR_SYSTEM : 0); ndirent.de_LowerCase = 0; ndirent.de_StartCluster = 0; ndirent.de_FileSize = 0; ndirent.de_dev = pdep->de_dev; @@ -275,8 +277,12 @@ break; } } + /* System (SF_IMMUTABLE) files cannot be written by anyone. */ + if ((mode & VEXEC) && (dep->de_Attributes & ATTR_SYSTEM)) + return EPERM; + return (vaccess(vp->v_type, file_mode, pmp->pm_uid, pmp->pm_gid, ap->a_mode, ap->a_cred, NULL)); } @@ -333,9 +339,9 @@ } else { vap->va_atime = vap->va_mtime; vap->va_ctime = vap->va_mtime; } - vap->va_flags = 0; + vap->va_flags = (dep->de_Attributes & ATTR_SYSTEM) ? SF_IMMUTABLE : 0; if ((dep->de_Attributes & ATTR_ARCHIVE) == 0) vap->va_flags |= SF_ARCHIVED; vap->va_gen = 0; vap->va_blocksize = pmp->pm_bpcluster; @@ -384,8 +390,12 @@ vap->va_uid, vap->va_gid); #endif return (EINVAL); } + /* Check for immutability and securelevel */ + if ((dep->de_Attributes & ATTR_SYSTEM) && (securelevel > 0)) + return EPERM; + /* Set appropriate flags */ if (vap->va_flags != VNOVAL) { if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && @@ -401,12 +411,19 @@ * users to attempt to set SF_SETTABLE bits or anyone to * set unsupported bits. However, we ignore attempts to * set ATTR_ARCHIVE for directories `cp -pr' from a more * sensible file system attempts it a lot. + * + * An exception with regards to the SF_SETTABLE bits, is + * SF_IMMUTABLE, which we map to ATTR_SYSTEM. */ if (cred->cr_uid != 0) { - if (vap->va_flags & SF_SETTABLE) + if (vap->va_flags & (SF_SETTABLE^SF_IMMUTABLE)) return EPERM; + if (vap->va_flags & SF_IMMUTABLE) + dep->de_Attributes |= ATTR_SYSTEM; + else + dep->de_Attributes &= ~ATTR_SYSTEM; } if (vap->va_flags & ~SF_ARCHIVED) return EOPNOTSUPP; if (vap->va_flags & SF_ARCHIVED) @@ -414,8 +431,10 @@ else if (!(dep->de_Attributes & ATTR_DIRECTORY)) dep->de_Attributes |= ATTR_ARCHIVE; dep->de_flag |= DE_MODIFIED; } + if (dep->de_Attributes & ATTR_SYSTEM) + return EPERM; if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { uid_t uid; gid_t gid; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010070223.EAA23805>