Date: Sun, 23 Jul 2006 14:24:25 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: =?GB2312?B?wO7J0L3c?= <shangjie.li@gmail.com> Cc: freebsd-bugs@freebsd.org Subject: Re: An error about IPC permission checking Message-ID: <20060723142340.L60996@fledge.watson.org> In-Reply-To: <de71d27b0607230239g1e37de1fye969b1b8616550c1@mail.gmail.com> References: <de71d27b0607230239g1e37de1fye969b1b8616550c1@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--0-1473238974-1153661065=:60996
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Sun, 23 Jul 2006, =C0=EE=C9=D0=BD=DC wrote:
> in the source code kern/sysv_shm.c:
>
> 729 error =3D ipcperm(td, &shmseg->u.shm_perm, mode);
> 730 #ifdef MAC
> 731 error =3D mac_check_sysv_shmget(td->td_ucred, shmseg, uap->sh=
mflg);
> 732 if (error !=3D 0)
> 733 MPRINTF(("mac_check_sysv_shmget returned %d\n", error=
));
> 734 #endif
> 735 if (error)
> 736 return (error);
>
> The return value of ipcperm() call is not be checked in time, and=20
> interrupted by mac checking, if Mac is enabled.
Indeed, it looks like revision 1.104 was never merged from HEAD to RELENG_6=
,=20
which corrects this bug, and also re-orders the two checks so that the MAC=
=20
check occurs before the DAC check. I'll go ahead and merge that change.
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
--0-1473238974-1153661065=:60996--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060723142340.L60996>