From owner-trustedbsd-cvs@FreeBSD.ORG Fri Dec 1 12:59:03 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8FC4716A4A0 for ; Fri, 1 Dec 2006 12:59:03 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id DED8B43CA3 for ; Fri, 1 Dec 2006 12:58:48 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by cyrus.watson.org (Postfix) with ESMTP id 088F946D60 for ; Fri, 1 Dec 2006 07:59:01 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [69.147.83.54]) by mx2.freebsd.org (Postfix) with ESMTP id 10BF555A71; Fri, 1 Dec 2006 12:58:55 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id E94B616A4A0; Fri, 1 Dec 2006 12:58:59 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A829616A40F for ; Fri, 1 Dec 2006 12:58:59 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 564AA43C9D for ; Fri, 1 Dec 2006 12:58:45 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kB1CwxC5076798 for ; Fri, 1 Dec 2006 12:58:59 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kB1CwxgZ076790 for perforce@freebsd.org; Fri, 1 Dec 2006 12:58:59 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Fri, 1 Dec 2006 12:58:59 GMT Message-Id: <200612011258.kB1CwxgZ076790@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 110795 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2006 12:59:03 -0000 http://perforce.freebsd.org/chv.cgi?CH=110795 Change 110795 by rwatson@rwatson_zoo on 2006/12/01 12:58:27 Revert branch-local changes in kern_priv.c. Affected files ... .. //depot/projects/trustedbsd/priv/sys/kern/kern_priv.c#5 integrate Differences ... ==== //depot/projects/trustedbsd/priv/sys/kern/kern_priv.c#5 (text+ko) ==== @@ -26,7 +26,7 @@ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: src/sys/kern/kern_priv.c,v 1.1 2006/11/06 13:37:17 rwatson Exp $ */ #include "opt_mac.h" @@ -43,15 +43,13 @@ /* * `suser_enabled' (which can be set by the security.bsd.suser_enabled - * sysctl) determines whether the system 'super-user' policy is in effect. - * If it is nonzero, an effective uid of 0 connotes special privilege, + * sysctl) determines whether the system 'super-user' policy is in effect. If + * it is nonzero, an effective uid of 0 connotes special privilege, * overriding many mandatory and discretionary protections. If it is zero, * uid 0 is offered no special privilege in the kernel security policy. - * Setting it to zero may seriously impact the functionality of many - * existing userland programs, and should not be done without careful - * consideration of the consequences. - * - * XXXRW: Update this comment as needed. + * Setting it to zero may seriously impact the functionality of many existing + * userland programs, and should not be done without careful consideration of + * the consequences. */ int suser_enabled = 1; SYSCTL_INT(_security_bsd, OID_AUTO, suser_enabled, CTLFLAG_RW, @@ -86,9 +84,11 @@ * once the SUSER_ALLOWJAIL flag has gone away. */ error = prison_priv_check(cred, priv); +#ifdef NOTYET KASSERT(!jailed(cred) || error == ((flags & SUSER_ALLOWJAIL) ? 0 : EPERM), ("priv_check_cred: prison_priv_check %d but flags %s", error, flags & SUSER_ALLOWJAIL ? "allowjail" : "!allowjail")); +#endif if (error) return (error); @@ -100,7 +100,7 @@ * * Superuser policy grants privilege based on the effective (or in * certain edge cases, real) uid being 0. We allow the policy to be - * globally disabled, although this is currently of limited uility. + * globally disabled, although this is currently of limited utility. */ if (suser_enabled) { if (flags & SUSER_RUID) { @@ -134,8 +134,8 @@ /* * Historical suser() wrapper functions, which now simply request PRIV_ROOT. - * These will be removed in the near future, and exist solely because the - * list of global privileges is not yet complete. + * These will be removed in the near future, and exist solely because + * the kernel and modules are not yet fully adapted to the new model. */ int suser_cred(struct ucred *cred, int flags)