DragonFly submit List (threaded) for 2005-07
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: jail.chflags_allowed

From:	Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date:	Sat, 23 Jul 2005 10:50:59 -0700 (PDT)

    Ok, not bad, but from my read the FreeBSD version of this sysctl
    variable doesn't completely disallow chflags, it simply disallows
    super-user chflags.  Normal user chflags are still allowed as long
    as the superuser hasn't set any superuser flags.

    This is a bit harder to check for because the filesystem code needs
    to check the existing flags against the new flag, which the high
    level system call does not have direct access to.  I didn't consider
    that when I originally suggested that we move the check to the syscall
    code.

    So I guess that puts us back at the original implementation... placing
    the check directly in UFS. 

    I'll go ahead and commit the FreeBSD equivalent to vfs/ufs/ufs_vnops.c.

					-Matt
					Matthew Dillon 
					<dillon@xxxxxxxxxxxxx>

References:
- jail.chflags_allowed
  - From: Deyan Dyankov
- Re: jail.chflags_allowed
  - From: Matthew Dillon
- Re: jail.chflags_allowed
  - From: Deyan Dyankov
- Re: jail.chflags_allowed
  - From: Deyan Dyankov
- Re: jail.chflags_allowed
  - From: Michal Belczyk

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]