Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern sysctl_proc_corename: perform KAUTH_PROCESS_CORENAM...
details: https://anonhg.NetBSD.org/src/rev/6bb07da89318
branches: trunk
changeset: 765577:6bb07da89318
user: rmind <rmind%NetBSD.org@localhost>
date: Tue May 31 00:15:28 2011 +0000
description:
sysctl_proc_corename: perform KAUTH_PROCESS_CORENAME check (for set case)
after the new name is copied into cnbuf. Spotted by enami@.
diffstat:
sys/kern/kern_resource.c | 22 +++++++++-------------
1 files changed, 9 insertions(+), 13 deletions(-)
diffs (51 lines):
diff -r 17cca96447e9 -r 6bb07da89318 sys/kern/kern_resource.c
--- a/sys/kern/kern_resource.c Mon May 30 22:52:12 2011 +0000
+++ b/sys/kern/kern_resource.c Tue May 31 00:15:28 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_resource.c,v 1.165 2011/05/24 01:19:48 mrg Exp $ */
+/* $NetBSD: kern_resource.c,v 1.166 2011/05/31 00:15:28 rmind Exp $ */
/*-
* Copyright (c) 1982, 1986, 1991, 1993
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.165 2011/05/24 01:19:48 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.166 2011/05/31 00:15:28 rmind Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -838,15 +838,6 @@
strlcpy(cnbuf, lim->pl_corename, MAXPATHLEN);
mutex_exit(&lim->pl_lock);
}
- if (newp) {
- /* Set case: just use the temporary buffer. */
- error = kauth_authorize_process(l->l_cred,
- KAUTH_PROCESS_CORENAME, p,
- KAUTH_ARG(KAUTH_REQ_PROCESS_CORENAME_SET), cnbuf, NULL);
- if (error) {
- goto done;
- }
- }
node = *rnode;
node.sysctl_data = cnbuf;
@@ -858,9 +849,14 @@
}
/*
- * Validate new core name. It must be either "core", "/core",
- * or end in ".core".
+ * Set case. Check permission and then validate new core name.
+ * It must be either "core", "/core", or end in ".core".
*/
+ error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CORENAME,
+ p, KAUTH_ARG(KAUTH_REQ_PROCESS_CORENAME_SET), cnbuf, NULL);
+ if (error) {
+ goto done;
+ }
len = strlen(cnbuf);
if ((len < 4 || strcmp(cnbuf + len - 4, "core") != 0) ||
(len > 4 && cnbuf[len - 5] != '/' && cnbuf[len - 5] != '.')) {
Home |
Main Index |
Thread Index |
Old Index