On Sun, Jun 06, 2004 at 07:38:14PM +0000, Bjoern A. Zeeb wrote: +> Hi, +> +> if I am not wrong the part removed by the atatched diff is not +> needed because at the very beginning of the function there is a +> +> error = suser(td); +> if (error) +> return (error); +> +> so a second check should never become true again (if threads cannot be +> move in and out of jails). +> +> please correct me if I am wrong. +> +> +> --- ./vfs_syscalls.c.orig Sun Jun 6 19:32:23 2004 +> +++ ./vfs_syscalls.c Sun Jun 6 19:33:12 2004 +> _at__at_ -4128,11 +4128,6 _at__at_ fhstatfs(td, uap) +> sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; +> if ((error = VFS_STATFS(mp, sp, td)) != 0) +> return (error); +> - if (suser(td)) { +> - bcopy(sp, &sb, sizeof(sb)); +> - sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; +> - sp = &sb; +> - } +> return (copyout(sp, uap->buf, sizeof(*sp))); +> } I'm not sure what the intention was, but I think we should probably change first suser() to suser_cred(td->td_ucred, PRISON_ROOT) as leave second one. PS. I'm CCing this to alfred_at_ who bring it from NetBSD. -- Pawel Jakub Dawidek http://www.FreeBSD.org pjd_at_FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am!
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:56 UTC