Date: Tue, 25 Sep 2012 20:48:50 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r240927 - head/sys/kern Message-ID: <201209252048.q8PKmoUP092942@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Tue Sep 25 20:48:49 2012 New Revision: 240927 URL: http://svn.freebsd.org/changeset/base/240927 Log: O_EXEC flag is not part of the O_ACCMODE mask, check it separately. If O_EXEC is provided don't require CAP_READ/CAP_WRITE, as O_EXEC is mutually exclusive to O_RDONLY/O_WRONLY/O_RDWR. Without this change CAP_FEXECVE capability right is not enforced. Sponsored by: FreeBSD Foundation MFC after: 3 days Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Tue Sep 25 20:41:43 2012 (r240926) +++ head/sys/kern/vfs_syscalls.c Tue Sep 25 20:48:49 2012 (r240927) @@ -1006,22 +1006,20 @@ flags_to_rights(int flags) { cap_rights_t rights = 0; - switch ((flags & O_ACCMODE)) { - case O_RDONLY: - rights |= CAP_READ; - break; - - case O_RDWR: - rights |= CAP_READ; - /* fall through */ - - case O_WRONLY: - rights |= CAP_WRITE; - break; - - case O_EXEC: + if (flags & O_EXEC) { rights |= CAP_FEXECVE; - break; + } else { + switch ((flags & O_ACCMODE)) { + case O_RDONLY: + rights |= CAP_READ; + break; + case O_RDWR: + rights |= CAP_READ; + /* FALLTHROUGH */ + case O_WRONLY: + rights |= CAP_WRITE; + break; + } } if (flags & O_CREAT)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209252048.q8PKmoUP092942>