mirror of
https://github.com/opnsense/src.git
synced 2026-03-02 05:13:58 -05:00
- Change namei() to use td_ucred instead of p_ucred.
- Change the hack in access() that uses a temporary credential to set td_ucred to the temp cred instead of p_ucred.
This commit is contained in:
John Baldwin
parent
6f105b3444
commit
bdd67d483c
3 changed files with 7 additions and 7 deletions
|
|
@ -1838,7 +1838,6 @@ access(td, uap)
|
|||
int error;
|
||||
struct nameidata nd;
|
||||
|
||||
cred = td->td_proc->p_ucred;
|
||||
/*
|
||||
* Create and modify a temporary credential instead of one that
|
||||
* is potentially shared. This could also mess up socket
|
||||
|
|
@ -1848,10 +1847,11 @@ access(td, uap)
|
|||
* may be better to explicitly pass the credential to namei()
|
||||
* rather than to modify the potentially shared process structure.
|
||||
*/
|
||||
cred = td->td_ucred;
|
||||
tmpcred = crdup(cred);
|
||||
tmpcred->cr_uid = cred->cr_ruid;
|
||||
tmpcred->cr_groups[0] = cred->cr_rgid;
|
||||
td->td_proc->p_ucred = tmpcred;
|
||||
td->td_ucred = tmpcred;
|
||||
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
|
||||
SCARG(uap, path), td);
|
||||
if ((error = namei(&nd)) != 0)
|
||||
|
|
@ -1862,7 +1862,7 @@ access(td, uap)
|
|||
NDFREE(&nd, NDF_ONLY_PNBUF);
|
||||
vput(vp);
|
||||
out1:
|
||||
td->td_proc->p_ucred = cred;
|
||||
td->td_ucred = cred;
|
||||
crfree(tmpcred);
|
||||
return (error);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ namei(ndp)
|
|||
struct thread *td = cnp->cn_thread;
|
||||
struct proc *p = td->td_proc;
|
||||
|
||||
ndp->ni_cnd.cn_cred = ndp->ni_cnd.cn_thread->td_proc->p_ucred;
|
||||
ndp->ni_cnd.cn_cred = ndp->ni_cnd.cn_thread->td_ucred;
|
||||
KASSERT(cnp->cn_cred && p, ("namei: bad cred/proc"));
|
||||
KASSERT((cnp->cn_nameiop & (~OPMASK)) == 0,
|
||||
("namei: nameiop contaminated with flags"));
|
||||
|
|
|
|||
|
|
@ -1838,7 +1838,6 @@ access(td, uap)
|
|||
int error;
|
||||
struct nameidata nd;
|
||||
|
||||
cred = td->td_proc->p_ucred;
|
||||
/*
|
||||
* Create and modify a temporary credential instead of one that
|
||||
* is potentially shared. This could also mess up socket
|
||||
|
|
@ -1848,10 +1847,11 @@ access(td, uap)
|
|||
* may be better to explicitly pass the credential to namei()
|
||||
* rather than to modify the potentially shared process structure.
|
||||
*/
|
||||
cred = td->td_ucred;
|
||||
tmpcred = crdup(cred);
|
||||
tmpcred->cr_uid = cred->cr_ruid;
|
||||
tmpcred->cr_groups[0] = cred->cr_rgid;
|
||||
td->td_proc->p_ucred = tmpcred;
|
||||
td->td_ucred = tmpcred;
|
||||
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
|
||||
SCARG(uap, path), td);
|
||||
if ((error = namei(&nd)) != 0)
|
||||
|
|
@ -1862,7 +1862,7 @@ access(td, uap)
|
|||
NDFREE(&nd, NDF_ONLY_PNBUF);
|
||||
vput(vp);
|
||||
out1:
|
||||
td->td_proc->p_ucred = cred;
|
||||
td->td_ucred = cred;
|
||||
crfree(tmpcred);
|
||||
return (error);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue