Date: Mon, 11 Aug 2008 16:51:59 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 147160 for review Message-ID: <200808111651.m7BGpxaG046325@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=147160 Change 147160 by trasz@trasz_traszkan on 2008/08/11 16:51:06 Fix the fix from 147154. Affected files ... .. //depot/projects/soc2008/trasz_nfs4acl/TODO#39 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c#3 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_vnops.c#11 edit Differences ... ==== //depot/projects/soc2008/trasz_nfs4acl/TODO#39 (text+ko) ==== @@ -12,6 +12,11 @@ - Add the information about correct constants to the manual pages. +- Decide what to do when chmod(2) needs to add ACL entries, but + there is no room in 'struct acl' to do that. Solaris seems to + limit the numer of user-settable entries to half of ACL_MAX_ENTRIES, + so there is no risk of running out of them in chmod(2). + - Make 'struct acl' variable size. - Benchmark things. ==== //depot/projects/soc2008/trasz_nfs4acl/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c#3 (text+ko) ==== @@ -260,8 +260,10 @@ /* * Deny setting setuid if we are not the file owner. */ - if ((vap->va_mode & S_ISUID) && ovap->va_uid != cred->cr_uid) - return (EPERM); - + if ((vap->va_mode & S_ISUID) && ovap->va_uid != cred->cr_uid) { + error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); + if (error) + return (error); + } return (0); } ==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_vnops.c#11 (text+ko) ==== @@ -721,8 +721,11 @@ /* * Deny setting setuid if we are not the file owner. */ - if ((mode & ISUID) && ip->i_uid != cred->cr_uid) - return (EPERM); + if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { + error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); + if (error) + return (error); + } ip->i_mode &= ~ALLPERMS; ip->i_mode |= (mode & ALLPERMS);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808111651.m7BGpxaG046325>