[src/trunk]: src/sys/miscfs/genfs Allow root to access and modify system spac...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8a79c10671f1
branches:  trunk
changeset: 931304:8a79c10671f1
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Apr 25 22:28:47 2020 +0000

description:
Allow root to access and modify system space extended attributes.
XXX: this routine should not be using the string, but the attribute namespace.
I have fixed this in the ACL code.

diffstat:

 sys/miscfs/genfs/genfs_vnops.c |  14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

diffs (35 lines):

diff -r 91476266bb3a -r 8a79c10671f1 sys/miscfs/genfs/genfs_vnops.c
--- a/sys/miscfs/genfs/genfs_vnops.c    Sat Apr 25 22:08:49 2020 +0000
+++ b/sys/miscfs/genfs/genfs_vnops.c    Sat Apr 25 22:28:47 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: genfs_vnops.c,v 1.202 2020/02/23 22:14:04 ad Exp $     */
+/*     $NetBSD: genfs_vnops.c,v 1.203 2020/04/25 22:28:47 christos Exp $       */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.202 2020/02/23 22:14:04 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.203 2020/04/25 22:28:47 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -904,9 +904,13 @@
 genfs_can_extattr(kauth_cred_t cred, int access_mode, vnode_t *vp,
     const char *attr)
 {
-       /* We can't allow privileged namespaces. */
-       if (strncasecmp(attr, "system", 6) == 0)
-               return EPERM;
+       /*
+        * This string comparison is bogus: see xattr_native in vfs_xattr.c;
+        * it is going to go away soon.
+        */
+       if (strncasecmp(attr, "system.", 7) == 0)
+              return kauth_authorize_system(cred, KAUTH_SYSTEM_FS_EXTATTR,
+                  0, vp->v_mount, NULL, NULL);
 
        return VOP_ACCESS(vp, access_mode, cred);
 }