From owner-cvs-all@FreeBSD.ORG Sun Aug 22 02:03:42 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05E2C16A4CE; Sun, 22 Aug 2004 02:03:42 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6C8D43D45; Sun, 22 Aug 2004 02:03:41 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i7M23fhi001924; Sun, 22 Aug 2004 02:03:41 GMT (envelope-from csjp@repoman.freebsd.org) Received: (from csjp@localhost) by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i7M23fb5001923; Sun, 22 Aug 2004 02:03:41 GMT (envelope-from csjp) Message-Id: <200408220203.i7M23fb5001923@repoman.freebsd.org> From: "Christian S.J. Peron" Date: Sun, 22 Aug 2004 02:03:41 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/sys/ufs/ufs ufs_vnops.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Aug 2004 02:03:42 -0000 csjp 2004-08-22 02:03:41 UTC FreeBSD src repository Modified files: sys/ufs/ufs ufs_vnops.c Log: Currently, if the secure level is low enough, system flags can be manipulated by prison root. In 4.x prison root can not manipulate system flags, regardless of the security level. This behavior should remain consistent to avoid any surprises which could lead to security problems for system administrators which give out privileged access to jails. This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL to 0. This will prevent prison root from being able to manipulate system flags on files. This may be a MFC candidate for RELENG_5. Discussed with: cperciva Reviewed by: rwatson Approved by: bmilekic (mentor) PR: kern/70298 Revision Changes Path 1.243 +1 -1 src/sys/ufs/ufs/ufs_vnops.c