mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-03 15:15:01 +00:00
Re-order MAC and DAC checks in shmget() in order to give precedence to
the MAC result, as well as avoid losing the DAC check result when MAC is enabled. MFC after: 3 days Reported by: Patrick LeBlanc <Patrick dot LeBlanc at sparta dot com>
This commit is contained in:
parent
db7db23dd8
commit
7723d5ed12
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=150937
|
@ -726,12 +726,14 @@ shmget_existing(td, uap, mode, segnum)
|
||||||
}
|
}
|
||||||
if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
|
if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL))
|
||||||
return (EEXIST);
|
return (EEXIST);
|
||||||
error = ipcperm(td, &shmseg->u.shm_perm, mode);
|
|
||||||
#ifdef MAC
|
#ifdef MAC
|
||||||
error = mac_check_sysv_shmget(td->td_ucred, shmseg, uap->shmflg);
|
error = mac_check_sysv_shmget(td->td_ucred, shmseg, uap->shmflg);
|
||||||
if (error != 0)
|
if (error != 0) {
|
||||||
MPRINTF(("mac_check_sysv_shmget returned %d\n", error));
|
MPRINTF(("mac_check_sysv_shmget returned %d\n", error));
|
||||||
|
return (error);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
error = ipcperm(td, &shmseg->u.shm_perm, mode);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
if (uap->size && uap->size > shmseg->u.shm_segsz)
|
if (uap->size && uap->size > shmseg->u.shm_segsz)
|
||||||
|
|
Loading…
Reference in a new issue