diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1997-02-13 02:45:44 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1997-02-13 02:45:44 +0000 |
commit | 25d0adf66104abc4f0e65121d4b36e44ac291747 (patch) | |
tree | e5cb35a8d9e7aa0da8f338955b3efad2e1f18349 | |
parent | bac3c998667f3b450e9f449c272a223943ece2d9 (diff) |
Don't expose f_fsid to non-root.
-rw-r--r-- | sys/kern/vfs_syscalls.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 1148201af3b..c8736e31db2 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.21 1997/02/02 00:32:02 tholo Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.22 1997/02/13 02:45:43 millert Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -526,6 +526,7 @@ sys_statfs(p, v, retval) register struct statfs *sp; int error; struct nameidata nd; + struct statfs sb; NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); if ((error = namei(&nd)) != 0) @@ -536,6 +537,12 @@ sys_statfs(p, v, retval) if ((error = VFS_STATFS(mp, sp, p)) != 0) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; + /* Don't let non-root see filesystem id (for NFS security) */ + if (suser(p->p_ucred, &p->p_acflag)) { + bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); + sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; + sp = &sb; + } return (copyout((caddr_t)sp, (caddr_t)SCARG(uap, buf), sizeof(*sp))); } @@ -557,6 +564,7 @@ sys_fstatfs(p, v, retval) struct mount *mp; register struct statfs *sp; int error; + struct statfs sb; if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0) return (error); @@ -565,6 +573,12 @@ sys_fstatfs(p, v, retval) if ((error = VFS_STATFS(mp, sp, p)) != 0) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; + /* Don't let non-root see filesystem id (for NFS security) */ + if (suser(p->p_ucred, &p->p_acflag)) { + bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); + sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; + sp = &sb; + } return (copyout((caddr_t)sp, (caddr_t)SCARG(uap, buf), sizeof(*sp))); } |