DragonFly commits List (threaded) for 2009-09
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: git: Fix chdir/fchdir for setuid/setgid binaries

From:	Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date:	Wed, 30 Sep 2009 09:22:01 -0700 (PDT)

:
:There are certainly many more of these problems.  We need to address those before we roll 2.4.1.  I think we should audit all calls to VOP_ACCESS.  Also, I suggest creating VOP_RACCESS, removing VOP_EACCESS and making 
:the effective id check default in VOP_ACCESS, since most permission checks in the kernel refer to the effective ids, and only select ones deal with the real ids.
:
:cheers
:  simon

    There are only 6 calls to VOP_ACCESS() left.  They should be easy to
    audit.  I do want to build the iso's this evening if possible so they
    can propagate to the mirrors overnight.

    I don't want to switch around the meaning again but I am in favor of 
    not having a VOP_ACCESS() macro at all and forcing callers to
    explicitly use VOP_RACCESS() or VOP_EACCESS().

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

References:
- git: Fix chdir/fchdir for setuid/setgid binaries
  - From: Simon Schubert <corecode@crater.dragonflybsd.org>
- Re: git: Fix chdir/fchdir for setuid/setgid binaries
  - From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]