Date: Fri, 28 May 2004 06:43:27 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 53659 for review Message-ID: <200405281343.i4SDhRmY053339@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=53659 Change 53659 by cvance@cvance_sony on 2004/05/28 06:43:25 Consistently call cap_check_cred with a thread as the second parameter. It's ok to use a NULL thread (though it's odd that cap_check_cred even requires a thread, since it doesn't use it) Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#6 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet/in_pcb.c#12 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet/raw_ip.c#11 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_pcb.c#11 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_src.c#8 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#6 (text+ko) ==== @@ -153,5 +153,5 @@ int cap_check(struct thread *td, cap_value_t cap) { - return cap_check_cred(td->td_ucred, cap, 0); + return cap_check_cred(td->td_ucred, td, cap, 0); } ==== //depot/projects/trustedbsd/sebsd/sys/netinet/in_pcb.c#12 (text+ko) ==== @@ -320,7 +320,7 @@ /* GROSS */ if (ntohs(lport) <= ipport_reservedhigh && ntohs(lport) >= ipport_reservedlow && - cap_check_cred(cred, CAP_NET_BIND_SERVICE, PRISON_ROOT)) + cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, PRISON_ROOT)) return (EACCES); if (jailed(cred)) prison = 1; @@ -395,7 +395,7 @@ last = ipport_hilastauto; lastport = &pcbinfo->lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - if ((error = cap_check_cred(cred, CAP_NET_BIND_SERVICE, PRISON_ROOT)) != 0) + if ((error = cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, PRISON_ROOT)) != 0) return error; first = ipport_lowfirstauto; /* 1023 */ last = ipport_lowlastauto; /* 600 */ ==== //depot/projects/trustedbsd/sebsd/sys/netinet/raw_ip.c#11 (text+ko) ==== @@ -543,7 +543,7 @@ INP_INFO_WUNLOCK(&ripcbinfo); return (EPERM); } - if (td && (error = cap_check_cred(td->td_ucred, CAP_NET_RAW, PRISON_ROOT)) != 0) { + if (td && (error = cap_check_cred(td->td_ucred, td, CAP_NET_RAW, PRISON_ROOT)) != 0) { INP_INFO_WUNLOCK(&ripcbinfo); return error; } ==== //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_pcb.c#11 (text+ko) ==== @@ -188,7 +188,7 @@ /* GROSS */ if (ntohs(lport) < IPV6PORT_RESERVED && - cap_check_cred(cred, CAP_NET_BIND_SERVICE, PRISON_ROOT)) + cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, PRISON_ROOT)) return (EACCES); if (so->so_cred->cr_uid != 0 && !IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { ==== //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_src.c#8 (text+ko) ==== @@ -760,7 +760,7 @@ last = ipport_hilastauto; lastport = &pcbinfo->lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - if ((error = cap_check_cred(cred, CAP_NET_BIND_SERVICE, 0))) + if ((error = cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, 0))) return error; first = ipport_lowfirstauto; /* 1023 */ last = ipport_lowlastauto; /* 600 */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405281343.i4SDhRmY053339>