Date: Mon, 8 Apr 2019 14:23:53 +0000 (UTC) From: Mariusz Zaborski <oshogbo@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r346029 - head/sys/kern Message-ID: <201904081423.x38ENrhe026139@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: oshogbo Date: Mon Apr 8 14:23:52 2019 New Revision: 346029 URL: https://svnweb.freebsd.org/changeset/base/346029 Log: In the unlinkat syscall, the operation is performed on the directory descriptor, not the file descriptor. The file descriptor is used only for verification so do not expect any additional capabilities on it. Reported by: antoine Tested by: antoine Discussed with: kib, emaste, bapt Sponsored by: Fudo Security Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Mon Apr 8 13:40:46 2019 (r346028) +++ head/sys/kern/vfs_syscalls.c Mon Apr 8 14:23:52 2019 (r346029) @@ -1809,13 +1809,11 @@ kern_funlinkat(struct thread *td, int dfd, const char struct vnode *vp; struct nameidata nd; struct stat sb; - cap_rights_t rights; int error; fp = NULL; if (fd != FD_NONE) { - error = getvnode(td, fd, cap_rights_init(&rights, CAP_LOOKUP), - &fp); + error = getvnode(td, fd, &cap_no_rights, &fp); if (error != 0) return (error); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904081423.x38ENrhe026139>