git: DragonFly_RELEASE_4_8 kernel - Fix serious permissions bug for sticky directories
Matthew Dillon
dillon at crater.dragonflybsd.org
Sat Aug 5 18:06:11 PDT 2017
commit f64881d4dfa234068869b522afc728decfbb168d
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Fri Aug 4 21:38:10 2017 -0700
kernel - Fix serious permissions bug for sticky directories
* An optimization improperly bypassed the sticky-bit test, creating
a security issue with /tmp and /var/tmp.
* Fix by disabling the optimization for the second-to-last path component.
Any prior components retain the optimization, so long directory paths
are still well-optimized.
Summary of changes:
sys/kern/vfs_nlookup.c | 36 ++++++++++++++++++++++++++++--------
1 file changed, 28 insertions(+), 8 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/f64881d4dfa234068869b522afc728decfbb168d
--
DragonFly BSD source repository
More information about the Commits
mailing list