Author: oshogbo Date: Mon Apr 8 14:23:52 2019 New Revision: 346029 URL: https://svnweb.freebsd.org/changeset/base/346029
Log: In the unlinkat syscall, the operation is performed on the directory descriptor, not the file descriptor. The file descriptor is used only for verification so do not expect any additional capabilities on it. Reported by: antoine Tested by: antoine Discussed with: kib, emaste, bapt Sponsored by: Fudo Security Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Mon Apr 8 13:40:46 2019 (r346028) +++ head/sys/kern/vfs_syscalls.c Mon Apr 8 14:23:52 2019 (r346029) @@ -1809,13 +1809,11 @@ kern_funlinkat(struct thread *td, int dfd, const char struct vnode *vp; struct nameidata nd; struct stat sb; - cap_rights_t rights; int error; fp = NULL; if (fd != FD_NONE) { - error = getvnode(td, fd, cap_rights_init(&rights, CAP_LOOKUP), - &fp); + error = getvnode(td, fd, &cap_no_rights, &fp); if (error != 0) return (error); } _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"