In tame mode, return EPERM for *chown if uid/gid change is not towards

cr_uid/cr_gid (effective ids).  Thus, chown(, -1,-1) should work OK, so
should chown(, me, -1), etc.  With this commited, more people can test.

1 files changed, 22 insertions, 4 deletions

diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index e9b6086638f..0636ee5cc63 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vfs_syscalls.c,v 1.226 2015/08/31 16:07:12 deraadt Exp $	*/
+/*	$OpenBSD: vfs_syscalls.c,v 1.227 2015/08/31 16:13:11 deraadt Exp $	*/
 /*	$NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $	*/
 
 /*
@@ -2102,8 +2102,14 @@ dofchownat(struct proc *p, int fd, const char *path, uid_t uid, gid_t gid,
 	if (vp->v_mount->mnt_flag & MNT_RDONLY)
 		error = EROFS;
 	else {
+		if ((p->p_p->ps_flags & PS_TAMED) &&
+		    ((uid != -1 && uid != p->p_ucred->cr_uid) ||
+		     (gid != -1 && gid != p->p_ucred->cr_gid))) {
+			error = EPERM;
+			goto out;
+		}
 		if ((uid != -1 || gid != -1) &&
-		    (suser(p, 0) || (p->p_p->ps_flags & PS_TAMED) || suid_clear)) {
+		    (suser(p, 0) || suid_clear)) {
 			error = VOP_GETATTR(vp, &vattr, p->p_ucred, p);
 			if (error)
 				goto out;
@@ -2152,8 +2158,14 @@ sys_lchown(struct proc *p, void *v, register_t *retval)
 	if (vp->v_mount->mnt_flag & MNT_RDONLY)
 		error = EROFS;
 	else {
+		if ((p->p_p->ps_flags & PS_TAMED) &&
+		    ((uid != -1 && uid != p->p_ucred->cr_uid) ||
+		     (gid != -1 && gid != p->p_ucred->cr_gid))) {
+			error = EPERM;
+			goto out;
+		}
 		if ((uid != -1 || gid != -1) &&
-		    (suser(p, 0) || (p->p_p->ps_flags & PS_TAMED) || suid_clear)) {
+		    (suser(p, 0) || suid_clear)) {
 			error = VOP_GETATTR(vp, &vattr, p->p_ucred, p);
 			if (error)
 				goto out;
@@ -2200,8 +2212,14 @@ sys_fchown(struct proc *p, void *v, register_t *retval)
 	if (vp->v_mount->mnt_flag & MNT_RDONLY)
 		error = EROFS;
 	else {
+		if ((p->p_p->ps_flags & PS_TAMED) &&
+		    ((uid != -1 && uid != p->p_ucred->cr_uid) ||
+		     (gid != -1 && gid != p->p_ucred->cr_gid))) {
+			error = EPERM;
+			goto out;
+		}
 		if ((uid != -1 || gid != -1) &&
-		    (suser(p, 0) || (p->p_p->ps_flags & PS_TAMED) || suid_clear)) {
+		    (suser(p, 0) || suid_clear)) {
 			error = VOP_GETATTR(vp, &vattr, p->p_ucred, p);
 			if (error)
 				goto out;