upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

o Add missing PRISON_ROOT allowing a privileged process in a jail() to not

Browse source 
remove the setuid/setgid bits by virtue of a change to a file with those
  bits set, even if the process doesn't own the file, or isn't a group
  member of the file's gid.

Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2000-09-18 17:53:22 +00:00
parent cd595ef506
commit ea57890740
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/ufs/ufs/ufs_vnops.c
View file

@ -638,7 +638,7 @@ good:
panic("ufs_chown: lost quota");
#endif /* QUOTA */
ip->i_flag |= IN_CHANGE;
if (suser_xxx(cred, NULL, 0) && (ouid != uid || ogid != gid))
if (suser_xxx(cred, NULL, PRISON_ROOT) && (ouid != uid || ogid != gid))
ip->i_mode &= ~(ISUID | ISGID);
return (0);
}