Date: Sun, 7 Jun 2009 19:48:15 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 163728 for review Message-ID: <200906071948.n57JmFa0076455@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=163728 Change 163728 by rwatson@rwatson_freebsd_capabilities on 2009/06/07 19:47:44 Only check for CAP_WRITE on mmap() if both PROT_WRITE is set *and* MAP_SHARED is set. For copy-on-write scenarios, it's fine to allow write access even for a read-only descriptor. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/vm/vm_mmap.c#12 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/vm/vm_mmap.c#12 (text+ko) ==== @@ -310,8 +310,10 @@ rights = CAP_MMAP; if (prot & PROT_READ) rights |= CAP_READ; - if (prot & PROT_WRITE) - rights |= CAP_WRITE; + if ((flags & MAP_SHARED) != 0) { + if (prot & PROT_WRITE) + rights |= CAP_WRITE; + } if (prot & PROT_EXEC) rights |= CAP_MAPEXEC; if ((error = fget_mmap(td, uap->fd, rights, &cap_maxprot,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906071948.n57JmFa0076455>