Author: oshogbo
Date: Mon Apr 8 14:23:52 2019
New Revision: 346029
URL: https://svnweb.freebsd.org/changeset/base/346029
Log:
In the unlinkat syscall, the operation is performed on the directory
descriptor, not the file descriptor. The file descriptor is used only for
verification so do not expect any additional capabilities on it.
Reported by: antoine
Tested by: antoine
Discussed with: kib, emaste, bapt
Sponsored by: Fudo Security
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c Mon Apr 8 13:40:46 2019
(r346028)
+++ head/sys/kern/vfs_syscalls.c Mon Apr 8 14:23:52 2019
(r346029)
@@ -1809,13 +1809,11 @@ kern_funlinkat(struct thread *td, int dfd, const char
struct vnode *vp;
struct nameidata nd;
struct stat sb;
- cap_rights_t rights;
int error;
fp = NULL;
if (fd != FD_NONE) {
- error = getvnode(td, fd, cap_rights_init(&rights, CAP_LOOKUP),
- &fp);
+ error = getvnode(td, fd, &cap_no_rights, &fp);
if (error != 0)
return (error);
}
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
