diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2004-07-14 18:57:58 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2004-07-14 18:57:58 +0000 |
commit | a7e71064b13ef4cc51a2342fead882021aa5e8a7 (patch) | |
tree | 68f0722ec7356cff86e4537952b7cc9c6fd032a6 /sys | |
parent | d9b4d5bed12c732aa6e269d176c4299cae15cb9a (diff) |
Zero out st_gen for non-root in *stat(). OK deraadt@
Diffstat (limited to 'sys')
-rw-r--r-- | sys/compat/common/vfs_syscalls_35.c | 24 | ||||
-rw-r--r-- | sys/compat/common/vfs_syscalls_43.c | 26 |
2 files changed, 34 insertions, 16 deletions
diff --git a/sys/compat/common/vfs_syscalls_35.c b/sys/compat/common/vfs_syscalls_35.c index 60a751db655..80c900ac7fb 100644 --- a/sys/compat/common/vfs_syscalls_35.c +++ b/sys/compat/common/vfs_syscalls_35.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls_35.c,v 1.2 2004/07/14 18:00:48 millert Exp $ */ +/* $OpenBSD: vfs_syscalls_35.c,v 1.3 2004/07/14 18:57:57 millert Exp $ */ /* * Copyright (c) 1989, 1993 @@ -102,8 +102,11 @@ compat_35_sys_stat(struct proc *p, void *v, register_t *retval) vput(nd.ni_vp); if (error) return (error); + /* Don't let non-root see generation numbers (for NFS security) */ + if (suser(p, 0)) + sb.st_gen = 0; cvtstat(&sb, &osb); - error = copyout((caddr_t)&osb, (caddr_t)SCARG(uap, ub), sizeof (osb)); + error = copyout(&osb, SCARG(uap, ub), sizeof(osb)); return (error); } @@ -131,8 +134,11 @@ compat_35_sys_lstat(struct proc *p, void *v, register_t *retval) vput(nd.ni_vp); if (error) return (error); + /* Don't let non-root see generation numbers (for NFS security) */ + if (suser(p, 0)) + sb.st_gen = 0; cvtstat(&sb, &osb); - error = copyout(&osb, SCARG(uap, ub), sizeof (osb)); + error = copyout(&osb, SCARG(uap, ub), sizeof(osb)); return (error); } @@ -159,10 +165,14 @@ compat_35_sys_fstat(struct proc *p, void *v, register_t *retval) FREF(fp); error = (*fp->f_ops->fo_stat)(fp, &ub, p); FRELE(fp); - cvtstat(&ub, &oub); - if (error == 0) - error = copyout((caddr_t)&oub, (caddr_t)SCARG(uap, sb), - sizeof (oub)); + if (error == 0) { + /* Don't let non-root see generation numbers + (for NFS security) */ + if (suser(p, 0)) + ub.st_gen = 0; + cvtstat(&ub, &oub); + error = copyout(&oub, SCARG(uap, sb), sizeof(oub)); + } return (error); } diff --git a/sys/compat/common/vfs_syscalls_43.c b/sys/compat/common/vfs_syscalls_43.c index 025dfd1739b..86b3edfd681 100644 --- a/sys/compat/common/vfs_syscalls_43.c +++ b/sys/compat/common/vfs_syscalls_43.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls_43.c,v 1.24 2004/07/13 21:04:29 millert Exp $ */ +/* $OpenBSD: vfs_syscalls_43.c,v 1.25 2004/07/14 18:57:57 millert Exp $ */ /* $NetBSD: vfs_syscalls_43.c,v 1.4 1996/03/14 19:31:52 christos Exp $ */ /* @@ -132,8 +132,11 @@ compat_43_sys_stat(p, v, retval) vput(nd.ni_vp); if (error) return (error); + /* Don't let non-root see generation numbers (for NFS security) */ + if (suser(p, 0)) + sb.st_gen = 0; cvtstat(&sb, &osb); - error = copyout((caddr_t)&osb, (caddr_t)SCARG(uap, ub), sizeof (osb)); + error = copyout(&osb, SCARG(uap, ub), sizeof(osb)); return (error); } @@ -165,12 +168,14 @@ compat_43_sys_lstat(p, v, retval) vput(nd.ni_vp); if (error) return (error); + /* Don't let non-root see generation numbers (for NFS security) */ + if (suser(p, 0)) + sb.st_gen = 0; cvtstat(&sb, &osb); - error = copyout(&osb, SCARG(uap, ub), sizeof (osb)); + error = copyout(&osb, SCARG(uap, ub), sizeof(osb)); return (error); } - /* * Return status information about a file descriptor. */ @@ -197,14 +202,17 @@ compat_43_sys_fstat(p, v, retval) FREF(fp); error = (*fp->f_ops->fo_stat)(fp, &ub, p); FRELE(fp); - cvtstat(&ub, &oub); - if (error == 0) - error = copyout((caddr_t)&oub, (caddr_t)SCARG(uap, sb), - sizeof (oub)); + if (error == 0) { + /* Don't let non-root see generation numbers + (for NFS security) */ + if (suser(p, 0)) + ub.st_gen = 0; + cvtstat(&ub, &oub); + error = copyout(&oub, SCARG(uap, sb), sizeof(oub)); + } return (error); } - /* * Truncate a file given a file descriptor. */ |