Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move kauth(9) call to where it belongs. Noticed by Nicolas Joly, thanks!

This commit is contained in:
elad 2006-12-03 13:24:10 +00:00
parent da493f6484
commit 8a806df7dc
1 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
sys/miscfs/procfs/procfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: procfs_vnops.c,v 1.140 2006/11/28 17:27:09 elad Exp $ */ /* $NetBSD: procfs_vnops.c,v 1.141 2006/12/03 13:24:10 elad Exp $ */
/* /*
* Copyright (c) 1993, 1995 * Copyright (c) 1993, 1995
@ -76,7 +76,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: procfs_vnops.c,v 1.140 2006/11/28 17:27:09 elad Exp $"); __KERNEL_RCSID(0, "$NetBSD: procfs_vnops.c,v 1.141 2006/12/03 13:24:10 elad Exp $");
#include <sys/param.h> #include <sys/param.h>
#include <sys/systm.h> #include <sys/systm.h>
@ -93,7 +93,6 @@ __KERNEL_RCSID(0, "$NetBSD: procfs_vnops.c,v 1.140 2006/11/28 17:27:09 elad Exp
#include <sys/resourcevar.h> #include <sys/resourcevar.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/ptrace.h> #include <sys/ptrace.h>
#include <sys/sysctl.h> /* XXX for curtain */
#include <sys/kauth.h> #include <sys/kauth.h>
#include <uvm/uvm_extern.h> /* for PAGE_SIZE */ #include <uvm/uvm_extern.h> /* for PAGE_SIZE */
@ -291,25 +290,28 @@ procfs_open(v)
if (ISSET(p2->p_flag, P_INEXEC)) if (ISSET(p2->p_flag, P_INEXEC))
return (EAGAIN); return (EAGAIN);
#define M2K(m) (((m) & FREAD) && ((m) & FWRITE) ? \
KAUTH_REQ_PROCESS_CANPROCFS_RW : \
(m) & FWRITE ? KAUTH_REQ_PROCESS_CANPROCFS_WRITE : \
KAUTH_REQ_PROCESS_CANPROCFS_READ)
error = kauth_authorize_process(l1->l_cred, KAUTH_PROCESS_CANPROCFS,
p2, pfs, KAUTH_ARG(M2K(ap->a_mode)), NULL);
if (error)
return (error);
#undef M2K
if (!proc_isunder(p2, l1))
return (EPERM);
switch (pfs->pfs_type) { switch (pfs->pfs_type) {
case PFSmem: case PFSmem:
if (((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL)) || if (((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL)) ||
((pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE))) ((pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE)))
return (EBUSY); return (EBUSY);
#define M2K(m) (((m) & FREAD) && ((m) & FWRITE) ? \
KAUTH_REQ_PROCESS_CANPROCFS_RW : \
(m) & FWRITE ? KAUTH_REQ_PROCESS_CANPROCFS_WRITE : \
KAUTH_REQ_PROCESS_CANPROCFS_READ)
error = kauth_authorize_process(l1->l_cred,
KAUTH_PROCESS_CANPROCFS, p2, pfs,
KAUTH_ARG(M2K(ap->a_mode)), NULL);
if (error)
return (error);
#undef M2K
if (!proc_isunder(p2, l1))
return (EPERM);
if (ap->a_mode & FWRITE) if (ap->a_mode & FWRITE)
pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL); pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL);