DragonFly-2.3.0.889.g3a907 master sys/emulation/linux linux_misc.c sys/kern kern_descrip.c vfs_helper.c vfs_nlookup.c vfs_syscalls.c vfs_vnops.c sys/sys fcntl.h nlookup.h vnode.h sys/vfs/gnu/ext2fs ext2_vnops.c sys/vfs/hpfs hpfs_vnops.c sys/vfs/msdosfs msdosfs_vnops.c sys/vfs/nfs nfs_serv.c nfs_subs.c sys/vfs/ntfs ntfs_vnops.c sys/vfs/nwfs nwfs_vnops.c sys/vfs/smbfs smbfs_vnops.c sys/vfs/udf udf_vnops.c sys/vfs/ufs ufs_vnops.c

Matthew Dillon dillon at crater.dragonflybsd.org
Tue May 5 19:18:39 PDT 2009


commit 3a9074756db62e72aa58b1ea90d7cfdef217b8b6
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Tue May 5 19:14:31 2009 -0700

    Add kernel-layer support for chflags checks, remove (most) from the VFS layer.
    
    Give nlookup() and nlookup_va() the tools to do nearly all chflags related
    activities.  Here are the rules:
    
    Immutable (uchg, schg)
    
        If set on a directory no files associated with the directory may
        be created, deleted, linked, or renamed.  In addition, any files open()ed
        via the directory will be immutable whether they are flagged that
        way or not.
    
        If set on a file or directory the file or directory may not be
        written to, chmodded, chowned, chgrped, or renamed.  The file can
        still be hardlinked and the file/directory can still be chflagged.
        If you do not wish the file to be linkable then set the immutable bit
        on all directories containing a link of the file.  Once you form
        this closure no further links will be possible.
    
        NOTE ON REASONING:  Security scripts should check link counts anyway,
        depending on a file flag which can be changed as a replacement for
        checking the link count is stupid.  If you are secure then your closures
        will hold.  If you aren't then nothing will save you.
    
        This feature is not recursive.  If the directory contains
        subdirectories they must be flagged immutable as well.
    
    Undeletable (uunlnk, sunlnk)
    
        If set on a file or directory that file or directory cannot be removed
        or renamed.  The file can still otherwise be manipulated, linked, and
        so forth.  However, it should be noted that any hardlinks you create
        will also not be deletable :-)
    
        If set on a directory this flag has no effect on the contents
        of the directory (yet).  See APPEND-ONLY on directories for what
        you want.
    
    Append-only (uappnd/sappnd)
    
        If set on a directory no file within the directory may be deleted or
        renamed.  However, new files may be created in the directory and
        the files in the directory can be modified or hardlinked without
        restriction.
    
        If set on a file the file cannot be truncated, random-written, or
        deleted.  It CAN be chmoded, chowned, renamed, and appended to
        with O_APPEND etc.
    
        If you do not wish the file to be renameable then you must also
        set the Undeletable flag.  Setting the append-only flag will ensure
        that the file doesn't disappear from the filesystem, but does not
        prevent it from being moved about the filesystem.
    
    Security fix - futimes()
    
        futimes() could be called on any open descriptor.  Restrict
        it to just those files you own or have write permission on.
    
    Security fix - Hardlinks
    
        Users can no longer hardlink foreign-owned files which they do not
        have write access to.  The user must now have write permission on
        the file being hardlinked or the user must own the file, or be root.
    
    Security fix - fcntl()
    
        fcntl() can no longer be used to turn of O_APPEND mode if the file
        was flagged append-only.
    
    NOTE - DIFFERENCES WITH FREEBSD
    
        * Append-only on directories
    
        * Immutable on directories to control set-in-stone & hardlinking
    
        * Immutable files can be hardlinked on DragonFly, not on FreeBSD.
    
        * User must be the owner of the file or have write access to the
          file being hardlinked.

Summary of changes:
 sys/emulation/linux/linux_misc.c |    6 +-
 sys/kern/kern_descrip.c          |   16 ++-
 sys/kern/vfs_helper.c            |    2 -
 sys/kern/vfs_nlookup.c           |  323 ++++++++++++++++++++++++++++----------
 sys/kern/vfs_syscalls.c          |   98 ++++++++----
 sys/kern/vfs_vnops.c             |   36 ++---
 sys/sys/fcntl.h                  |    3 +-
 sys/sys/nlookup.h                |   40 +++++-
 sys/sys/vnode.h                  |    9 -
 sys/vfs/gnu/ext2fs/ext2_vnops.c  |    2 -
 sys/vfs/hpfs/hpfs_vnops.c        |    2 -
 sys/vfs/msdosfs/msdosfs_vnops.c  |    2 -
 sys/vfs/nfs/nfs_serv.c           |   21 ++--
 sys/vfs/nfs/nfs_subs.c           |   16 +--
 sys/vfs/ntfs/ntfs_vnops.c        |    2 -
 sys/vfs/nwfs/nwfs_vnops.c        |    2 -
 sys/vfs/smbfs/smbfs_vnops.c      |    2 -
 sys/vfs/udf/udf_vnops.c          |    2 -
 sys/vfs/ufs/ufs_vnops.c          |   45 ++----
 19 files changed, 396 insertions(+), 233 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/3a9074756db62e72aa58b1ea90d7cfdef217b8b6


-- 
DragonFly BSD source repository





More information about the Commits mailing list