upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

MAC/do: allow to call setuid if real user id is 0

Browse source 
This fixed sshd not able to call restore_uid when MAC/do policy is
loaded

(cherry picked from commit 61b07f8aa52844b21637ac264ea134c1aef48cb7)
This commit is contained in:
Baptiste Daroussin 2024-05-23 12:09:11 +02:00
parent 7f66cc235b
commit 9722023c48
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/security/mac_do/mac_do.c
View file

@ -489,7 +489,7 @@ check_setuid(struct ucred *cred, uid_t uid)
if (do_enabled == 0)
return (0);
if (cred->cr_uid == uid || cred->cr_uid == 0)
if (cred->cr_uid == uid || cred->cr_uid == 0 || cred->cr_ruid == 0)
return (0);
if (vn_fullpath(curproc->p_textvp, &fullpath, &freebuf) != 0)