Date: Sun, 21 Jul 2002 07:04:42 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14599 for review Message-ID: <200207211404.g6LE4gJw076945@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14599 Change 14599 by rwatson@rwatson_curry on 2002/07/21 07:03:46 Add comments for places where we'll need access control checks. Specifically: - O_TRUNC on open - O_CREAT open case Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#54 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#22 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#54 (text+ko) ==== @@ -1800,6 +1800,9 @@ VATTR_NULL(&vat); vat.va_size = 0; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); +#ifdef MAC + /* XXXMAC: Truncation check here. */ +#endif error = VOP_SETATTR(vp, &vat, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); @@ -4477,6 +4480,9 @@ } VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */ +#ifdef MAC + /* XXXMAC: Truncation check here. */ +#endif VATTR_NULL(vap); vap->va_size = 0; error = VOP_SETATTR(vp, vap, td->td_ucred, td); ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#22 (text+ko) ==== @@ -212,6 +212,11 @@ if (fmode & O_APPEND) mode |= VAPPEND; #ifdef MAC + /* + * XXXMAC: Note that for newly created files, we never + * perform an open check. This is probably wrong, but if + * we add it, the failure modes need to be right. + */ error = mac_cred_check_open_vnode(cred, vp, mode); if (error) goto bad; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207211404.g6LE4gJw076945>