https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222258
--- Comment #8 from Ed Maste <[email protected]> --- namei() doesn't populate ndp->ni_filecaps when it performs an absolute path lookup (which is how we ended up with an invalid capability set, prompting D12391). This works for most cases of rights checks because the check is done in namei against the passed-in set of required rights (e.g., when unlinkat calls namei with CAP_UNLINKAT required), but not in the case here where an explicit check is performed afterwards in namei's caller. Of course this is irrelevant for capability mode because the absolute path is disallowed anyway. For non-capability mode I wonder if we need to fgetvp_rights also in the absolute path case? -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
