Date: Mon, 4 Jul 2005 11:16:52 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 79536 for review Message-ID: <200507041116.j64BGq4b004804@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=79536 Change 79536 by rwatson@rwatson_paprika on 2005/07/04 11:15:59 Don't expose file system id/handle information to non-CAP_SYS_ADMIN processes. Should investigate this more, as the compat kern_foo code should now be implementing much of this. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/alpha/osf1/osf1_mount.c#8 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/alpha/osf1/osf1_mount.c#8 (text+ko) ==== @@ -37,6 +37,7 @@ #include <sys/param.h> #include <sys/systm.h> +#include <sys/capability.h> #include <sys/sysproto.h> #include <sys/kernel.h> #include <sys/sysctl.h> @@ -187,7 +188,7 @@ (error = VFS_STATFS(mp, sp, td))) continue; sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser(td)) { + if (cap_check(td, CAP_SYS_ADMIN)) { bcopy(sp, &sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507041116.j64BGq4b004804>