From owner-freebsd-current@FreeBSD.ORG Sat Dec 16 13:11:40 2006 Return-Path: X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3FF5016A509; Sat, 16 Dec 2006 13:11:40 +0000 (UTC) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (nagual.pp.ru [194.87.13.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4272443CAA; Sat, 16 Dec 2006 13:11:37 +0000 (GMT) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (ache@localhost [127.0.0.1]) by nagual.pp.ru (8.13.8/8.13.8) with ESMTP id kBGDBZiF001534; Sat, 16 Dec 2006 16:11:35 +0300 (MSK) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.13.8/8.13.8/Submit) id kBGDBZHc001533; Sat, 16 Dec 2006 16:11:35 +0300 (MSK) (envelope-from ache) Date: Sat, 16 Dec 2006 16:11:35 +0300 From: Andrey Chernov To: Robert Watson Message-ID: <20061216131135.GA1393@nagual.pp.ru> Mail-Followup-To: Andrey Chernov , Robert Watson , current@FreeBSD.org References: <20061216055903.GA2712@nagual.pp.ru> <20061216111656.GA7501@nagual.pp.ru> <20061216112117.P72986@fledge.watson.org> <20061216114426.GA7735@nagual.pp.ru> <20061216120746.E72986@fledge.watson.org> <20061216125136.GA1094@nagual.pp.ru> <20061216125419.J72986@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061216125419.J72986@fledge.watson.org> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: current@FreeBSD.org Subject: Re: sysv_ipc.c broken in v1.30 (was Re: sysvshm appearse broken in -current) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 13:11:40 -0000 On Sat, Dec 16, 2006 at 01:00:56PM +0000, Robert Watson wrote: > Only if IPC_M is being requested. Is IPC_M being requested in the case > where you are seeing an error? I can read code too, so what I'm asking is > how the system is behaving. I'll track exact case a bit later. For now I just speak about differences between new code and old code I found. New code check all bits match while old code check IPC_M bit match only at this place. > is requested. We grant valid rights, not all rights, to the super user. This is clearly wrong. Think about files. Even file is read-only, root _can_ write into it while normal user in the same situation can't. root> touch aaa root> chmod 444 aaa root> cat > aaa OK ^D > As I said, this is something that I hope to revisit in the next few days. > However, it would be helpful if you could tell me the arguments and call > path to the ipcperm() function instance that's generating the improper > failure. It could be that both a bug in ipcperm() and a big in shmget() I'll try to make ktrace output, a bit later. -- http://ache.pp.ru/