Date: Sat, 2 Mar 2013 09:58:48 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r247617 - head/sys/kern Message-ID: <201303020958.r229wm1M033189@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Sat Mar 2 09:58:47 2013 New Revision: 247617 URL: http://svnweb.freebsd.org/changeset/base/247617 Log: If the target file already exists, check for the CAP_UNLINKAT capabiity right on the target directory descriptor, but only if this is renameat(2) and real target directory descriptor is given (not AT_FDCWD). Without this fix regular rename(2) fails if the target file already exists. Reported by: Michael Butler <imb@protected-networks.net> Reported by: Larry Rosenman <ler@lerctr.org> Sponsored by: The FreeBSD Foundation Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Sat Mar 2 09:26:59 2013 (r247616) +++ head/sys/kern/vfs_syscalls.c Sat Mar 2 09:58:47 2013 (r247617) @@ -3556,13 +3556,16 @@ kern_renameat(struct thread *td, int old goto out; } #ifdef CAPABILITIES - /* - * If the target already exists we require CAP_UNLINKAT - * from 'newfd'. - */ - error = cap_check(tond.ni_filecaps.fc_rights, CAP_UNLINKAT); - if (error != 0) - goto out; + if (newfd != AT_FDCWD) { + /* + * If the target already exists we require CAP_UNLINKAT + * from 'newfd'. + */ + error = cap_check(tond.ni_filecaps.fc_rights, + CAP_UNLINKAT); + if (error != 0) + goto out; + } #endif } if (fvp == tdvp) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303020958.r229wm1M033189>