Subject: Incorrect Account of Super-user Privs in ufs_setattr()?
To: None <firstname.lastname@example.org>
From: Chris Jepeway <email@example.com>
Date: 01/31/2002 17:23:21
If the ASU bit in a process's p_acflag means "process had
to use root's privileges to do something that a non-root
process can't do," then I think ufs_setattr() isn't
doing the right thing when checking whether the times on
a file may be set.
My understanding is that VOP_SETATTR() should allow
a process to set a file's times when any of the
following are true:
o process owns the file
o process has super-user privs
o process can write to the file
and process is setting
times to "now"
An excerpt of the code that checks this, from
v. 1.85 of ufs/ufs/ufs_vnops.c:
if (cred->cr_uid != ip->i_ffs_uid &&
(error = suser(cred, &p->p_acflag)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred, p))))
I think that when the following conditions hold
o process is super-user
o time is being set to now
o file is writable by a group
to which root belongs
then the process will be charged with use of
super-user privs when perhaps it should not
Have I got this right? Should the suser() check
be moved to the end of the conditional?