Author: pjd
Date: Tue Sep 25 20:48:49 2012
New Revision: 240927
URL: http://svn.freebsd.org/changeset/base/240927
Log:
O_EXEC flag is not part of the O_ACCMODE mask, check it separately.
If O_EXEC is provided don't require CAP_READ/CAP_WRITE, as O_EXEC
is mutually exclusive to O_RDONLY/O_WRONLY/O_RDWR.
Without this change CAP_FEXECVE capability right is not enforced.
Sponsored by: FreeBSD Foundation
MFC after: 3 days
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c Tue Sep 25 20:41:43 2012
(r240926)
+++ head/sys/kern/vfs_syscalls.c Tue Sep 25 20:48:49 2012
(r240927)
@@ -1006,22 +1006,20 @@ flags_to_rights(int flags)
{
cap_rights_t rights = 0;
- switch ((flags & O_ACCMODE)) {
- case O_RDONLY:
- rights |= CAP_READ;
- break;
-
- case O_RDWR:
- rights |= CAP_READ;
- /* fall through */
-
- case O_WRONLY:
- rights |= CAP_WRITE;
- break;
-
- case O_EXEC:
+ if (flags & O_EXEC) {
rights |= CAP_FEXECVE;
- break;
+ } else {
+ switch ((flags & O_ACCMODE)) {
+ case O_RDONLY:
+ rights |= CAP_READ;
+ break;
+ case O_RDWR:
+ rights |= CAP_READ;
+ /* FALLTHROUGH */
+ case O_WRONLY:
+ rights |= CAP_WRITE;
+ break;
+ }
}
if (flags & O_CREAT)
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
