| vfs_mount.c (163606) | vfs_mount.c (164033) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2004 Poul-Henning Kamp 3 * Copyright (c) 1999 Michael Smith 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph --- 21 unchanged lines hidden (view full) --- 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2004 Poul-Henning Kamp 3 * Copyright (c) 1999 Michael Smith 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph --- 21 unchanged lines hidden (view full) --- 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37#include <sys/cdefs.h> |
| 38__FBSDID("$FreeBSD: head/sys/kern/vfs_mount.c 163606 2006-10-22 11:52:19Z rwatson $"); | 38__FBSDID("$FreeBSD: head/sys/kern/vfs_mount.c 164033 2006-11-06 13:42:10Z rwatson $"); |
| 39 40#include <sys/param.h> 41#include <sys/conf.h> 42#include <sys/clock.h> 43#include <sys/jail.h> 44#include <sys/kernel.h> 45#include <sys/libkern.h> 46#include <sys/malloc.h> 47#include <sys/mount.h> 48#include <sys/mutex.h> 49#include <sys/namei.h> | 39 40#include <sys/param.h> 41#include <sys/conf.h> 42#include <sys/clock.h> 43#include <sys/jail.h> 44#include <sys/kernel.h> 45#include <sys/libkern.h> 46#include <sys/malloc.h> 47#include <sys/mount.h> 48#include <sys/mutex.h> 49#include <sys/namei.h> |
| 50#include <sys/priv.h> |
|
| 50#include <sys/proc.h> 51#include <sys/filedesc.h> 52#include <sys/reboot.h> 53#include <sys/syscallsubr.h> 54#include <sys/sysproto.h> 55#include <sys/sx.h> 56#include <sys/sysctl.h> 57#include <sys/sysent.h> --- 745 unchanged lines hidden (view full) --- 803 * terminating NUL. 804 */ 805 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 806 return (ENAMETOOLONG); 807 808 if (jailed(td->td_ucred)) 809 return (EPERM); 810 if (usermount == 0) { | 51#include <sys/proc.h> 52#include <sys/filedesc.h> 53#include <sys/reboot.h> 54#include <sys/syscallsubr.h> 55#include <sys/sysproto.h> 56#include <sys/sx.h> 57#include <sys/sysctl.h> 58#include <sys/sysent.h> --- 745 unchanged lines hidden (view full) --- 804 * terminating NUL. 805 */ 806 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 807 return (ENAMETOOLONG); 808 809 if (jailed(td->td_ucred)) 810 return (EPERM); 811 if (usermount == 0) { |
| 811 if ((error = suser(td)) != 0) | 812 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) |
| 812 return (error); 813 } 814 815 /* 816 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 817 */ | 813 return (error); 814 } 815 816 /* 817 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 818 */ |
| 818 if (fsflags & (MNT_EXPORTED | MNT_SUIDDIR)) { 819 if ((error = suser(td)) != 0) | 819 if (fsflags & MNT_EXPORTED) { 820 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 821 if (error) |
| 820 return (error); 821 } | 822 return (error); 823 } |
| 824 if (fsflags & MNT_SUIDDIR) { 825 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 826 if (error) 827 return (error); 828 829 } |
|
| 822 /* | 830 /* |
| 823 * Silently enforce MNT_NOSUID and MNT_USER for 824 * unprivileged users. | 831 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. |
| 825 */ | 832 */ |
| 826 if (suser(td) != 0) 827 fsflags |= MNT_NOSUID | MNT_USER; | 833 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 834 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 835 fsflags |= MNT_NOSUID | MNT_USER; 836 } |
| 828 829 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 830 vfsp = NULL; 831 if ((fsflags & MNT_UPDATE) == 0) { 832 /* Don't try to load KLDs if we're mounting the root. */ 833 if (fsflags & MNT_ROOTFS) 834 vfsp = vfs_byname(fstype); 835 else --- 65 unchanged lines hidden (view full) --- 901 * onto which we are attempting to mount. 902 */ 903 error = VOP_GETATTR(vp, &va, td->td_ucred, td); 904 if (error) { 905 vput(vp); 906 return (error); 907 } 908 if (va.va_uid != td->td_ucred->cr_uid) { | 837 838 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 839 vfsp = NULL; 840 if ((fsflags & MNT_UPDATE) == 0) { 841 /* Don't try to load KLDs if we're mounting the root. */ 842 if (fsflags & MNT_ROOTFS) 843 vfsp = vfs_byname(fstype); 844 else --- 65 unchanged lines hidden (view full) --- 910 * onto which we are attempting to mount. 911 */ 912 error = VOP_GETATTR(vp, &va, td->td_ucred, td); 913 if (error) { 914 vput(vp); 915 return (error); 916 } 917 if (va.va_uid != td->td_ucred->cr_uid) { |
| 909 if ((error = suser(td)) != 0) { | 918 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, 919 SUSER_ALLOWJAIL); 920 if (error) { |
| 910 vput(vp); 911 return (error); 912 } 913 } 914 error = vinvalbuf(vp, V_SAVE, td, 0, 0); 915 if (error != 0) { 916 vput(vp); 917 return (error); --- 155 unchanged lines hidden (view full) --- 1073{ 1074 struct mount *mp; 1075 char *pathbuf; 1076 int error, id0, id1; 1077 1078 if (jailed(td->td_ucred)) 1079 return (EPERM); 1080 if (usermount == 0) { | 921 vput(vp); 922 return (error); 923 } 924 } 925 error = vinvalbuf(vp, V_SAVE, td, 0, 0); 926 if (error != 0) { 927 vput(vp); 928 return (error); --- 155 unchanged lines hidden (view full) --- 1084{ 1085 struct mount *mp; 1086 char *pathbuf; 1087 int error, id0, id1; 1088 1089 if (jailed(td->td_ucred)) 1090 return (EPERM); 1091 if (usermount == 0) { |
| 1081 if ((error = suser(td)) != 0) | 1092 error = priv_check(td, PRIV_VFS_UNMOUNT); 1093 if (error) |
| 1082 return (error); 1083 } 1084 1085 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1086 error = copyinstr(uap->path, pathbuf, MNAMELEN, NULL); 1087 if (error) { 1088 free(pathbuf, M_TEMP); 1089 return (error); --- 1079 unchanged lines hidden --- | 1094 return (error); 1095 } 1096 1097 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1098 error = copyinstr(uap->path, pathbuf, MNAMELEN, NULL); 1099 if (error) { 1100 free(pathbuf, M_TEMP); 1101 return (error); --- 1079 unchanged lines hidden --- |