Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Apr 2012 15:59:37 +0000 (UTC)
From:      Jaakko Heinonen <jh@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r234103 - in head: lib/libc/sys sys/ufs/ufs
Message-ID:  <201204101559.q3AFxbX2030563@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jh
Date: Tue Apr 10 15:59:37 2012
New Revision: 234103
URL: http://svn.freebsd.org/changeset/base/234103

Log:
  - Return EPERM from ufs_setattr() when an user without PRIV_VFS_SYSFLAGS
    privilege attempts to toggle SF_SETTABLE flags.
  - Use the '^' operator in the SF_SNAPSHOT anti-toggling check.
  
  Flags are now stored to ip->i_flags in one place after all checks.
  
  Submitted by:	bde

Modified:
  head/lib/libc/sys/chflags.2
  head/sys/ufs/ufs/ufs_vnops.c

Modified: head/lib/libc/sys/chflags.2
==============================================================================
--- head/lib/libc/sys/chflags.2	Tue Apr 10 15:58:22 2012	(r234102)
+++ head/lib/libc/sys/chflags.2	Tue Apr 10 15:59:37 2012	(r234103)
@@ -28,7 +28,7 @@
 .\"	@(#)chflags.2	8.3 (Berkeley) 5/2/95
 .\" $FreeBSD$
 .\"
-.Dd Oct 29, 2010
+.Dd Apr 10, 2012
 .Dt CHFLAGS 2
 .Os
 .Sh NAME
@@ -114,8 +114,7 @@ The
 and
 .Dv SF_ARCHIVED
 flags may only be set or unset by the super-user.
-Attempts to set these flags by non-super-users are rejected, attempts by
-non-superusers to clear flags that are already unset are silently ignored.
+Attempts to toggle these flags by non-super-users are rejected.
 These flags may be set at any time, but normally may only be unset when
 the system is in single-user mode.
 (See

Modified: head/sys/ufs/ufs/ufs_vnops.c
==============================================================================
--- head/sys/ufs/ufs/ufs_vnops.c	Tue Apr 10 15:58:22 2012	(r234102)
+++ head/sys/ufs/ufs/ufs_vnops.c	Tue Apr 10 15:59:37 2012	(r234103)
@@ -555,23 +555,17 @@ ufs_setattr(ap)
 				if (error)
 					return (error);
 			}
-			/* Snapshot flag cannot be set or cleared */
-			if (((vap->va_flags & SF_SNAPSHOT) != 0 &&
-			     (ip->i_flags & SF_SNAPSHOT) == 0) ||
-			    ((vap->va_flags & SF_SNAPSHOT) == 0 &&
-			     (ip->i_flags & SF_SNAPSHOT) != 0))
+			/* The snapshot flag cannot be toggled. */
+			if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT)
 				return (EPERM);
-			ip->i_flags = vap->va_flags;
-			DIP_SET(ip, i_flags, vap->va_flags);
 		} else {
 			if (ip->i_flags &
 			    (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
-			    (vap->va_flags & UF_SETTABLE) != vap->va_flags)
+			    ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE))
 				return (EPERM);
-			ip->i_flags &= SF_SETTABLE;
-			ip->i_flags |= (vap->va_flags & UF_SETTABLE);
-			DIP_SET(ip, i_flags, ip->i_flags);
 		}
+		ip->i_flags = vap->va_flags;
+		DIP_SET(ip, i_flags, vap->va_flags);
 		ip->i_flag |= IN_CHANGE;
 		error = UFS_UPDATE(vp, 0);
 		if (ip->i_flags & (IMMUTABLE | APPEND))



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201204101559.q3AFxbX2030563>