Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 23 Jul 2006 14:24:25 +0100 (BST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        =?GB2312?B?wO7J0L3c?= <shangjie.li@gmail.com>
Cc:        freebsd-bugs@freebsd.org
Subject:   Re: An error about IPC permission checking
Message-ID:  <20060723142340.L60996@fledge.watson.org>
In-Reply-To: <de71d27b0607230239g1e37de1fye969b1b8616550c1@mail.gmail.com>
References:  <de71d27b0607230239g1e37de1fye969b1b8616550c1@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--0-1473238974-1153661065=:60996
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE


On Sun, 23 Jul 2006, =C0=EE=C9=D0=BD=DC wrote:

> in the source code kern/sysv_shm.c:
>
> 729         error =3D ipcperm(td, &shmseg->u.shm_perm, mode);
> 730 #ifdef MAC
> 731         error =3D mac_check_sysv_shmget(td->td_ucred, shmseg, uap->sh=
mflg);
> 732         if (error !=3D 0)
> 733                 MPRINTF(("mac_check_sysv_shmget returned %d\n", error=
));
> 734 #endif
> 735         if (error)
> 736                 return (error);
>
> The return value of ipcperm() call is not be checked in time, and=20
> interrupted by mac checking, if Mac is enabled.

Indeed, it looks like revision 1.104 was never merged from HEAD to RELENG_6=
,=20
which corrects this bug, and also re-orders the two checks so that the MAC=
=20
check occurs before the DAC check.  I'll go ahead and merge that change.

Thanks,

Robert N M Watson
Computer Laboratory
University of Cambridge
--0-1473238974-1153661065=:60996--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060723142340.L60996>