From owner-cvs-src@FreeBSD.ORG  Sun Aug  3 17:31:02 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5CA3837B401; Sun,  3 Aug 2003 17:31:02 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E83AF43F3F; Sun,  3 Aug 2003 17:31:01 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h740V10U058619;
	Sun, 3 Aug 2003 17:31:01 -0700 (PDT)
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h740V1iI058618;
	Sun, 3 Aug 2003 17:31:01 -0700 (PDT)
Message-Id: <200308040031.h740V1iI058618@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sun, 3 Aug 2003 17:31:01 -0700 (PDT)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/ufs/ufs ufs_vnops.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Aug 2003 00:31:02 -0000

rwatson     2003/08/03 17:31:01 PDT

  FreeBSD src repository

  Modified files:
    sys/ufs/ufs          ufs_vnops.c 
  Log:
  In ufs_chmod(), use privilege only when required in the following
  cases:
  
  - Setting sticky bit on non-directory
  - Setting setgid on a file with a group that isn't in the effective
    or extended groups of the authorizing credential
  
  I.e., test the requirement first, then do the privilege test,
  rather than doing the privilege test regardless of the need for
  privilege.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.231     +9 -5      src/sys/ufs/ufs/ufs_vnops.c