hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-17 08:00:48 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Dont allow directories to be link()ed or unlink()ed, even for root

Browse Source 
(returns EPERM always, the errno is specified by POSIX).

If you really have a desperate need to link or unlink a directory, you
can use fsdb. :-)

This should stop any chance of ftpd, rdist, "rm -rf", etc from
bugging out and damaging the filesystem structure or loosing races
with malicious users.

Reviewed by: davidg, bde
This commit is contained in:
Peter Wemm 1996-05-24 16:19:23 +00:00
parent cee931a411
commit 472fe5e4db
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=15897
2 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sys/kern/vfs_extattr.c
View File

@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
* $Id: vfs_syscalls.c,v 1.46 1996/01/16 13:07:14 davidg Exp $
* $Id: vfs_syscalls.c,v 1.47 1996/05/11 04:39:53 bde Exp $
*/
/*
@ -886,11 +886,10 @@ link(p, uap, retval)
if (error)
return (error);
vp = nd.ni_vp;
if (vp->v_type != VDIR ||
(error = suser(p->p_ucred, &p->p_acflag)) == 0) {
if (vp->v_type == VDIR)
error = EPERM; /* POSIX */
else {
NDINIT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, uap->link, p);
if (vp->v_type == VDIR)
nd.ni_cnd.cn_flags |= WILLBEDIR;
error = namei(&nd);
if (!error) {
if (nd.ni_vp != NULL) {
@ -990,10 +989,13 @@ unlink(p, uap, retval)
LEASE_CHECK(vp, p, p->p_ucred, LEASE_WRITE);
VOP_LOCK(vp);
if (vp->v_type != VDIR ||
(error = suser(p->p_ucred, &p->p_acflag)) == 0) {
if (vp->v_type == VDIR)
error = EPERM; /* POSIX */
else {
/*
* The root of a mounted filesystem cannot be deleted.
*
* XXX: can this only be a VDIR case?
*/
if (vp->v_flag & VROOT)
error = EBUSY;

16
sys/kern/vfs_syscalls.c
View File

@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
* $Id: vfs_syscalls.c,v 1.46 1996/01/16 13:07:14 davidg Exp $
* $Id: vfs_syscalls.c,v 1.47 1996/05/11 04:39:53 bde Exp $
*/
/*
@ -886,11 +886,10 @@ link(p, uap, retval)
if (error)
return (error);
vp = nd.ni_vp;
if (vp->v_type != VDIR ||
(error = suser(p->p_ucred, &p->p_acflag)) == 0) {
if (vp->v_type == VDIR)
error = EPERM; /* POSIX */
else {
NDINIT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, uap->link, p);
if (vp->v_type == VDIR)
nd.ni_cnd.cn_flags |= WILLBEDIR;
error = namei(&nd);
if (!error) {
if (nd.ni_vp != NULL) {
@ -990,10 +989,13 @@ unlink(p, uap, retval)
LEASE_CHECK(vp, p, p->p_ucred, LEASE_WRITE);
VOP_LOCK(vp);
if (vp->v_type != VDIR ||
(error = suser(p->p_ucred, &p->p_acflag)) == 0) {
if (vp->v_type == VDIR)
error = EPERM; /* POSIX */
else {
/*
* The root of a mounted filesystem cannot be deleted.
*
* XXX: can this only be a VDIR case?
*/
if (vp->v_flag & VROOT)
error = EBUSY;