Date: Sun, 11 Nov 2001 17:50:03 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Alfred Perlstein <alfred@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, kris@FreeBSD.org Subject: Re: cvs commit: src/sys/sys vnode.h src/sys/nfsclient nfs_lock.c src/sys/kern vfs_vnops.c Message-ID: <Pine.NEB.3.96L.1011111174859.16646A-100000@fledge.watson.org> In-Reply-To: <20011111164140.H89342@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Actually, if you just want to go through and change vn_open() to always accept a cred argument, that would be fine too :-). Note that this still has odd effects regarding chroot(), but those are far less serious than the problem you just fixed. Thanks, Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Sun, 11 Nov 2001, Alfred Perlstein wrote: > * Alfred Perlstein <alfred@FreeBSD.org> [011111 16:39] wrote: > > alfred 2001/11/11 14:39:07 PST > > > > Modified files: > > sys/sys vnode.h > > sys/nfsclient nfs_lock.c > > sys/kern vfs_vnops.c > > Log: > > turn vn_open() into a wrapper around vn_open_cred() which allows > > one to perform a vn_open using temporary/other/fake credentials. > > > > Modify the nfs client side locking code to use vn_open_cred() passing > > proc0's ucred instead of the old way which was to temporary raise > > privs while running vn_open(). This should close the race hopefully. > > And on -security there was much rejoicing. :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011111174859.16646A-100000>