summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2004-07-14 18:57:58 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2004-07-14 18:57:58 +0000
commita7e71064b13ef4cc51a2342fead882021aa5e8a7 (patch)
tree68f0722ec7356cff86e4537952b7cc9c6fd032a6 /sys
parentd9b4d5bed12c732aa6e269d176c4299cae15cb9a (diff)
Zero out st_gen for non-root in *stat(). OK deraadt@
Diffstat (limited to 'sys')
-rw-r--r--sys/compat/common/vfs_syscalls_35.c24
-rw-r--r--sys/compat/common/vfs_syscalls_43.c26
2 files changed, 34 insertions, 16 deletions
diff --git a/sys/compat/common/vfs_syscalls_35.c b/sys/compat/common/vfs_syscalls_35.c
index 60a751db655..80c900ac7fb 100644
--- a/sys/compat/common/vfs_syscalls_35.c
+++ b/sys/compat/common/vfs_syscalls_35.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vfs_syscalls_35.c,v 1.2 2004/07/14 18:00:48 millert Exp $ */
+/* $OpenBSD: vfs_syscalls_35.c,v 1.3 2004/07/14 18:57:57 millert Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -102,8 +102,11 @@ compat_35_sys_stat(struct proc *p, void *v, register_t *retval)
vput(nd.ni_vp);
if (error)
return (error);
+ /* Don't let non-root see generation numbers (for NFS security) */
+ if (suser(p, 0))
+ sb.st_gen = 0;
cvtstat(&sb, &osb);
- error = copyout((caddr_t)&osb, (caddr_t)SCARG(uap, ub), sizeof (osb));
+ error = copyout(&osb, SCARG(uap, ub), sizeof(osb));
return (error);
}
@@ -131,8 +134,11 @@ compat_35_sys_lstat(struct proc *p, void *v, register_t *retval)
vput(nd.ni_vp);
if (error)
return (error);
+ /* Don't let non-root see generation numbers (for NFS security) */
+ if (suser(p, 0))
+ sb.st_gen = 0;
cvtstat(&sb, &osb);
- error = copyout(&osb, SCARG(uap, ub), sizeof (osb));
+ error = copyout(&osb, SCARG(uap, ub), sizeof(osb));
return (error);
}
@@ -159,10 +165,14 @@ compat_35_sys_fstat(struct proc *p, void *v, register_t *retval)
FREF(fp);
error = (*fp->f_ops->fo_stat)(fp, &ub, p);
FRELE(fp);
- cvtstat(&ub, &oub);
- if (error == 0)
- error = copyout((caddr_t)&oub, (caddr_t)SCARG(uap, sb),
- sizeof (oub));
+ if (error == 0) {
+ /* Don't let non-root see generation numbers
+ (for NFS security) */
+ if (suser(p, 0))
+ ub.st_gen = 0;
+ cvtstat(&ub, &oub);
+ error = copyout(&oub, SCARG(uap, sb), sizeof(oub));
+ }
return (error);
}
diff --git a/sys/compat/common/vfs_syscalls_43.c b/sys/compat/common/vfs_syscalls_43.c
index 025dfd1739b..86b3edfd681 100644
--- a/sys/compat/common/vfs_syscalls_43.c
+++ b/sys/compat/common/vfs_syscalls_43.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vfs_syscalls_43.c,v 1.24 2004/07/13 21:04:29 millert Exp $ */
+/* $OpenBSD: vfs_syscalls_43.c,v 1.25 2004/07/14 18:57:57 millert Exp $ */
/* $NetBSD: vfs_syscalls_43.c,v 1.4 1996/03/14 19:31:52 christos Exp $ */
/*
@@ -132,8 +132,11 @@ compat_43_sys_stat(p, v, retval)
vput(nd.ni_vp);
if (error)
return (error);
+ /* Don't let non-root see generation numbers (for NFS security) */
+ if (suser(p, 0))
+ sb.st_gen = 0;
cvtstat(&sb, &osb);
- error = copyout((caddr_t)&osb, (caddr_t)SCARG(uap, ub), sizeof (osb));
+ error = copyout(&osb, SCARG(uap, ub), sizeof(osb));
return (error);
}
@@ -165,12 +168,14 @@ compat_43_sys_lstat(p, v, retval)
vput(nd.ni_vp);
if (error)
return (error);
+ /* Don't let non-root see generation numbers (for NFS security) */
+ if (suser(p, 0))
+ sb.st_gen = 0;
cvtstat(&sb, &osb);
- error = copyout(&osb, SCARG(uap, ub), sizeof (osb));
+ error = copyout(&osb, SCARG(uap, ub), sizeof(osb));
return (error);
}
-
/*
* Return status information about a file descriptor.
*/
@@ -197,14 +202,17 @@ compat_43_sys_fstat(p, v, retval)
FREF(fp);
error = (*fp->f_ops->fo_stat)(fp, &ub, p);
FRELE(fp);
- cvtstat(&ub, &oub);
- if (error == 0)
- error = copyout((caddr_t)&oub, (caddr_t)SCARG(uap, sb),
- sizeof (oub));
+ if (error == 0) {
+ /* Don't let non-root see generation numbers
+ (for NFS security) */
+ if (suser(p, 0))
+ ub.st_gen = 0;
+ cvtstat(&ub, &oub);
+ error = copyout(&oub, SCARG(uap, sb), sizeof(oub));
+ }
return (error);
}
-
/*
* Truncate a file given a file descriptor.
*/