upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-05 01:15:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

After much consulting with bde, concluded that this fix was the best fix

Browse source 
to the current jail/chflags interactions.  This fix conditionalizes ``root
behavior'' in the chflags() case on not being in jail, so attempts to
perform a chflags in a jail are limited to what a normal user could do.
For example, this does allow setting of user flags as appropriate, but
prohibits changing of system flags.

Reviewed by:	bde
This commit is contained in:
Robert Watson 2000-02-22 03:56:58 +00:00
parent b75ebc058c
commit 0f71afb31e
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/ufs/ufs/ufs_vnops.c
View file

@ -444,9 +444,9 @@ ufs_setattr(ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
(error = suser(p)))
(error = suser_xxx(cred, p, PRISON_ROOT)))
return (error);
if (cred->cr_uid == 0) {
if ((cred->cr_uid == 0) && (p->p_prison == NULL)) {
if ((ip->i_flags
& (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) &&
securelevel > 0)