Date: Sat, 20 Jul 2002 08:04:19 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14522 for review Message-ID: <200207201504.g6KF4Jwv034162@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14522 Change 14522 by rwatson@rwatson_curry on 2002/07/20 08:04:10 Implement MAC security checks for file/directory removal in the system call implementations of unlink() and rmdir(). This duplicates the checks for deletion currently in namei()/lookup(), but puts them in a place more consistent with other checks. We should probably remove the deletion checks from namei(). Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#50 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#50 (text+ko) ==== @@ -2253,8 +2253,16 @@ VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); if (!error) { - VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); - error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd); +#ifdef MAC + error = mac_cred_check_delete_vnode(td->td_ucred, nd.ni_dvp, + vp); + if (error == 0) { +#endif + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); + error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd); +#ifdef MAC + } +#endif } NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); @@ -3902,6 +3910,11 @@ error = EBUSY; goto out; } +#ifdef MAC + error = mac_cred_check_delete_vnode(td->td_ucred, nd.ni_dvp, vp); + if (error) + goto out; +#endif if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { NDFREE(&nd, NDF_ONLY_PNBUF); if (nd.ni_dvp == vp) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207201504.g6KF4Jwv034162>