From owner-svn-src-all@FreeBSD.ORG Tue Apr 10 15:59:38 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 44084106564A; Tue, 10 Apr 2012 15:59:38 +0000 (UTC) (envelope-from jh@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 156CB8FC18; Tue, 10 Apr 2012 15:59:38 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q3AFxbLh030566; Tue, 10 Apr 2012 15:59:37 GMT (envelope-from jh@svn.freebsd.org) Received: (from jh@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q3AFxbX2030563; Tue, 10 Apr 2012 15:59:37 GMT (envelope-from jh@svn.freebsd.org) Message-Id: <201204101559.q3AFxbX2030563@svn.freebsd.org> From: Jaakko Heinonen Date: Tue, 10 Apr 2012 15:59:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r234103 - in head: lib/libc/sys sys/ufs/ufs X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2012 15:59:38 -0000 Author: jh Date: Tue Apr 10 15:59:37 2012 New Revision: 234103 URL: http://svn.freebsd.org/changeset/base/234103 Log: - Return EPERM from ufs_setattr() when an user without PRIV_VFS_SYSFLAGS privilege attempts to toggle SF_SETTABLE flags. - Use the '^' operator in the SF_SNAPSHOT anti-toggling check. Flags are now stored to ip->i_flags in one place after all checks. Submitted by: bde Modified: head/lib/libc/sys/chflags.2 head/sys/ufs/ufs/ufs_vnops.c Modified: head/lib/libc/sys/chflags.2 ============================================================================== --- head/lib/libc/sys/chflags.2 Tue Apr 10 15:58:22 2012 (r234102) +++ head/lib/libc/sys/chflags.2 Tue Apr 10 15:59:37 2012 (r234103) @@ -28,7 +28,7 @@ .\" @(#)chflags.2 8.3 (Berkeley) 5/2/95 .\" $FreeBSD$ .\" -.Dd Oct 29, 2010 +.Dd Apr 10, 2012 .Dt CHFLAGS 2 .Os .Sh NAME @@ -114,8 +114,7 @@ The and .Dv SF_ARCHIVED flags may only be set or unset by the super-user. -Attempts to set these flags by non-super-users are rejected, attempts by -non-superusers to clear flags that are already unset are silently ignored. +Attempts to toggle these flags by non-super-users are rejected. These flags may be set at any time, but normally may only be unset when the system is in single-user mode. (See Modified: head/sys/ufs/ufs/ufs_vnops.c ============================================================================== --- head/sys/ufs/ufs/ufs_vnops.c Tue Apr 10 15:58:22 2012 (r234102) +++ head/sys/ufs/ufs/ufs_vnops.c Tue Apr 10 15:59:37 2012 (r234103) @@ -555,23 +555,17 @@ ufs_setattr(ap) if (error) return (error); } - /* Snapshot flag cannot be set or cleared */ - if (((vap->va_flags & SF_SNAPSHOT) != 0 && - (ip->i_flags & SF_SNAPSHOT) == 0) || - ((vap->va_flags & SF_SNAPSHOT) == 0 && - (ip->i_flags & SF_SNAPSHOT) != 0)) + /* The snapshot flag cannot be toggled. */ + if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) return (EPERM); - ip->i_flags = vap->va_flags; - DIP_SET(ip, i_flags, vap->va_flags); } else { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || - (vap->va_flags & UF_SETTABLE) != vap->va_flags) + ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) return (EPERM); - ip->i_flags &= SF_SETTABLE; - ip->i_flags |= (vap->va_flags & UF_SETTABLE); - DIP_SET(ip, i_flags, ip->i_flags); } + ip->i_flags = vap->va_flags; + DIP_SET(ip, i_flags, vap->va_flags); ip->i_flag |= IN_CHANGE; error = UFS_UPDATE(vp, 0); if (ip->i_flags & (IMMUTABLE | APPEND))