From owner-freebsd-bugs@FreeBSD.ORG  Sun Jul 23 13:24:31 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@freebsd.org
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7AF2E16A4DD
	for <freebsd-bugs@freebsd.org>; Sun, 23 Jul 2006 13:24:31 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 86FEA43D5D
	for <freebsd-bugs@freebsd.org>; Sun, 23 Jul 2006 13:24:26 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
	by cyrus.watson.org (Postfix) with ESMTP id E9CCB46BCF;
	Sun, 23 Jul 2006 09:24:25 -0400 (EDT)
Date: Sun, 23 Jul 2006 14:24:25 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: =?GB2312?B?wO7J0L3c?= <shangjie.li@gmail.com>
In-Reply-To: <de71d27b0607230239g1e37de1fye969b1b8616550c1@mail.gmail.com>
Message-ID: <20060723142340.L60996@fledge.watson.org>
References: <de71d27b0607230239g1e37de1fye969b1b8616550c1@mail.gmail.com>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-1473238974-1153661065=:60996"
Cc: freebsd-bugs@freebsd.org
Subject: Re: An error about IPC permission checking
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jul 2006 13:24:31 -0000

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--0-1473238974-1153661065=:60996
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE


On Sun, 23 Jul 2006, =C0=EE=C9=D0=BD=DC wrote:

> in the source code kern/sysv_shm.c:
>
> 729         error =3D ipcperm(td, &shmseg->u.shm_perm, mode);
> 730 #ifdef MAC
> 731         error =3D mac_check_sysv_shmget(td->td_ucred, shmseg, uap->sh=
mflg);
> 732         if (error !=3D 0)
> 733                 MPRINTF(("mac_check_sysv_shmget returned %d\n", error=
));
> 734 #endif
> 735         if (error)
> 736                 return (error);
>
> The return value of ipcperm() call is not be checked in time, and=20
> interrupted by mac checking, if Mac is enabled.

Indeed, it looks like revision 1.104 was never merged from HEAD to RELENG_6=
,=20
which corrects this bug, and also re-orders the two checks so that the MAC=
=20
check occurs before the DAC check.  I'll go ahead and merge that change.

Thanks,

Robert N M Watson
Computer Laboratory
University of Cambridge
--0-1473238974-1153661065=:60996--