Author: kib Date: Tue Sep 22 22:06:20 2020 New Revision: 366017 URL: https://svnweb.freebsd.org/changeset/base/366017
Log: Add NIRES_STRICTREL. Stop abusing internal namei flag NI_LCF_STRICTRELATIVE as indicator of cap-restricted lookup. Add designated returned flag NIRES_STRICTREL to inform kern_openat() that lookup was restricted. Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D25886 Modified: head/sys/kern/vfs_lookup.c head/sys/kern/vfs_syscalls.c head/sys/sys/namei.h Modified: head/sys/kern/vfs_lookup.c ============================================================================== --- head/sys/kern/vfs_lookup.c Tue Sep 22 21:59:18 2020 (r366016) +++ head/sys/kern/vfs_lookup.c Tue Sep 22 22:06:20 2020 (r366017) @@ -322,6 +322,7 @@ namei_setup(struct nameidata *ndp, struct vnode **dpp, */ if (IN_CAPABILITY_MODE(td) && (cnp->cn_flags & NOCAPCHECK) == 0) { ndp->ni_lcf |= NI_LCF_STRICTRELATIVE; + ndp->ni_resflags |= NIRES_STRICTREL; if (ndp->ni_dirfd == AT_FDCWD) { #ifdef KTRACE if (KTRPOINT(td, KTR_CAPFAIL)) @@ -400,6 +401,7 @@ namei_setup(struct nameidata *ndp, struct vnode **dpp, ndp->ni_filecaps.fc_fcntls != CAP_FCNTL_ALL || ndp->ni_filecaps.fc_nioctls != -1) { ndp->ni_lcf |= NI_LCF_STRICTRELATIVE; + ndp->ni_resflags |= NIRES_STRICTREL; } #endif } Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Tue Sep 22 21:59:18 2020 (r366016) +++ head/sys/kern/vfs_syscalls.c Tue Sep 22 22:06:20 2020 (r366017) @@ -1136,7 +1136,7 @@ kern_openat(struct thread *td, int fd, const char *pat * understand exactly what would happen, and we don't think * that it ever should. */ - if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) == 0 && + if ((nd.ni_resflags & NIRES_STRICTREL) == 0 && (error == ENODEV || error == ENXIO) && td->td_dupfd >= 0) { error = dupfdopen(td, fdp, td->td_dupfd, flags, error, @@ -1180,7 +1180,7 @@ success: struct filecaps *fcaps; #ifdef CAPABILITIES - if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) != 0) + if ((nd.ni_resflags & NIRES_STRICTREL) != 0) fcaps = &nd.ni_filecaps; else #endif Modified: head/sys/sys/namei.h ============================================================================== --- head/sys/sys/namei.h Tue Sep 22 21:59:18 2020 (r366016) +++ head/sys/sys/namei.h Tue Sep 22 22:06:20 2020 (r366017) @@ -183,6 +183,7 @@ int cache_fplookup(struct nameidata *ndp, enum cache_f * Namei results flags */ #define NIRES_ABS 0x00000001 /* Path was absolute */ +#define NIRES_STRICTREL 0x00000002 /* Restricted lookup result */ /* * Flags in ni_lcf, valid for the duration of the namei call. _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
