From e544923453d6840a7a70fa2b14eda020d03ff11e Mon Sep 17 00:00:00 2001 From: pjd Date: Thu, 1 Mar 2007 20:47:42 +0000 Subject: [PATCH] Rename PRIV_VFS_CLEARSUGID to PRIV_VFS_RETAINSUGID, which seems to better describe the privilege. OK'ed by: rwatson --- sys/gnu/fs/ext2fs/ext2_vnops.c | 4 ++-- sys/kern/kern_jail.c | 2 +- sys/sys/priv.h | 2 +- sys/ufs/ffs/ffs_vnops.c | 4 ++-- sys/ufs/ufs/ufs_vnops.c | 3 ++- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/sys/gnu/fs/ext2fs/ext2_vnops.c b/sys/gnu/fs/ext2fs/ext2_vnops.c index c95777b2658..a1167e12696 100644 --- a/sys/gnu/fs/ext2fs/ext2_vnops.c +++ b/sys/gnu/fs/ext2fs/ext2_vnops.c @@ -597,7 +597,7 @@ ext2_chown(vp, uid, gid, cred, td) ip->i_uid = uid; ip->i_flag |= IN_CHANGE; if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { - if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID, + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL) != 0) ip->i_mode &= ~(ISUID | ISGID); } @@ -1648,7 +1648,7 @@ ext2_makeinode(mode, dvp, vpp, cnp) tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) { - if (priv_check_cred(cnp->cn_cred, PRIV_VFS_CLEARSUGID, + if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL)) ip->i_mode &= ~ISGID; } diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 6e80510ca12..550c7d9fc13 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -638,7 +638,7 @@ prison_priv_check(struct ucred *cred, int priv) case PRIV_VFS_CHFLAGS_DEV: case PRIV_VFS_CHOWN: case PRIV_VFS_CHROOT: - case PRIV_VFS_CLEARSUGID: + case PRIV_VFS_RETAINSUGID: case PRIV_VFS_FCHROOT: case PRIV_VFS_LINK: case PRIV_VFS_SETGID: diff --git a/sys/sys/priv.h b/sys/sys/priv.h index e9f620a64ab..f6c6b72a462 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -238,7 +238,7 @@ #define PRIV_VFS_CHFLAGS_DEV 316 /* Can chflags() a device node. */ #define PRIV_VFS_CHOWN 317 /* Can set user; group to non-member. */ #define PRIV_VFS_CHROOT 318 /* chroot(). */ -#define PRIV_VFS_CLEARSUGID 319 /* Don't clear sugid on change. */ +#define PRIV_VFS_RETAINSUGID 319 /* Can retain sugid bits on change. */ #define PRIV_VFS_EXCEEDQUOTA 320 /* Exempt from quota restrictions. */ #define PRIV_VFS_EXTATTR_SYSTEM 321 /* Operate on system EA namespace. */ #define PRIV_VFS_FCHROOT 322 /* fchroot(). */ diff --git a/sys/ufs/ffs/ffs_vnops.c b/sys/ufs/ffs/ffs_vnops.c index 2a6ce6b68d1..b25c1df1617 100644 --- a/sys/ufs/ffs/ffs_vnops.c +++ b/sys/ufs/ffs/ffs_vnops.c @@ -790,7 +790,7 @@ ffs_write(ap) */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ap->a_cred) { - if (priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID, + if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL)) { ip->i_mode &= ~(ISUID | ISGID); DIP_SET(ip, i_mode, ip->i_mode); @@ -1118,7 +1118,7 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred) * tampering. */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) { - if (priv_check_cred(ap->a_cred, PRIV_VFS_CLEARSUGID, + if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL)) { ip->i_mode &= ~(ISUID | ISGID); dp->di_mode = ip->i_mode; diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 8ea9ab99d36..2f5ecd0457c 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -787,7 +787,8 @@ ufs_chown(vp, uid, gid, cred, td) #endif /* QUOTA */ ip->i_flag |= IN_CHANGE; if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { - if (priv_check_cred(cred, PRIV_VFS_CLEARSUGID, SUSER_ALLOWJAIL)) { + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, + SUSER_ALLOWJAIL)) { ip->i_mode &= ~(ISUID | ISGID); DIP_SET(ip, i_mode, ip->i_mode); } -- 2.45.0