Date: Sun, 22 Aug 2004 02:03:41 +0000 (UTC) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/ufs/ufs ufs_vnops.c Message-ID: <200408220203.i7M23fb5001923@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2004-08-22 02:03:41 UTC
FreeBSD src repository
Modified files:
sys/ufs/ufs ufs_vnops.c
Log:
Currently, if the secure level is low enough, system flags can
be manipulated by prison root. In 4.x prison root can not manipulate
system flags, regardless of the security level. This behavior
should remain consistent to avoid any surprises which could lead
to security problems for system administrators which give out
privileged access to jails.
This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL
to 0. This will prevent prison root from being able to manipulate
system flags on files.
This may be a MFC candidate for RELENG_5.
Discussed with: cperciva
Reviewed by: rwatson
Approved by: bmilekic (mentor)
PR: kern/70298
Revision Changes Path
1.243 +1 -1 src/sys/ufs/ufs/ufs_vnops.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408220203.i7M23fb5001923>