Changeset 936 for server/common


Ignore:
Timestamp:
Jan 5, 2009, 4:39:56 AM (13 years ago)
Author:
andersk
Message:
Prevent users other than afsagent and root from retrieving the global
PAG's tokens into userspace (ouch!).
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/common/patches/openafs-scripts.patch

    r873 r936  
    127127     if (!afs_resourceinit_flag) {
    128128        return EIO;
     129@@ -1804,6 +1804,10 @@
     130     afs_int32 iterator;
     131     int newStyle;
     132 
     133+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID &&
     134+       areq->realuid != 0)
     135+       return 0;
     136+
     137     AFS_STATCNT(PGetTokens);
     138     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
     139        return EIO;             /* Inappropriate ioctl for device */
    129140@@ -1870,6 +1878,10 @@
    130141     register afs_int32 i;
Note: See TracChangeset for help on using the changeset viewer.