git: Fix chdir/fchdir for setuid/setgid binaries
Matthew Dillon
dillon at apollo.backplane.com
Wed Sep 30 09:22:43 PDT 2009
:
:There are certainly many more of these problems. We need to address those before we roll 2.4.1. I think we should audit all calls to VOP_ACCESS. Also, I suggest creating VOP_RACCESS, removing VOP_EACCESS and making
:the effective id check default in VOP_ACCESS, since most permission checks in the kernel refer to the effective ids, and only select ones deal with the real ids.
:
:cheers
: simon
There are only 6 calls to VOP_ACCESS() left. They should be easy to
audit. I do want to build the iso's this evening if possible so they
can propagate to the mirrors overnight.
I don't want to switch around the meaning again but I am in favor of
not having a VOP_ACCESS() macro at all and forcing callers to
explicitly use VOP_RACCESS() or VOP_EACCESS().
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Commits
mailing list