Subject: Incorrect Account of Super-user Privs in ufs_setattr()?
To: None <>
From: Chris Jepeway <>
List: tech-kern
Date: 01/31/2002 17:23:21
If the ASU bit in a process's p_acflag means "process had
to use root's privileges to do something that a non-root
process can't do," then I think ufs_setattr() isn't
doing the right thing when checking whether the times on
a file may be set.

My understanding is that VOP_SETATTR() should allow
a process to set a file's times when any of the
following are true:

	o  process owns the file

	o  process has super-user privs

	o  process can write to the file
		and process is setting
		times to "now"

An excerpt of the code that checks this, from 
v. 1.85 of ufs/ufs/ufs_vnops.c:

    if (cred->cr_uid != ip->i_ffs_uid &&
       (error = suser(cred, &p->p_acflag)) &&
       ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || 
	(error = VOP_ACCESS(vp, VWRITE, cred, p))))
	    return (error);

I think that when the following conditions hold

	o  process is super-user

	o  time is being set to now

	o  file is writable by a group
		to which root belongs

then the process will be charged with use of 
super-user privs when perhaps it should not
have been.

Have I got this right?  Should the suser() check
be moved to the end of the conditional?

Chris <>.