207975 – mac_bsdextended allows renaming and moving, when it should not (after commit 272130)

Bug 207975 - mac_bsdextended allows renaming and moving, when it should not (after commit 272130)

Summary: mac_bsdextended allows renaming and moving, when it should not (after commit ...

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	11.0-STABLE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Konstantin Belousov

URL:
Keywords:	regression

Depends on:
Blocks:

Reported:	2016-03-14 14:34 UTC by Rudolf Čejka
Modified:	2018-08-29 20:09 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rudolf Čejka 2016-03-14 14:34:04 UTC

After commit 272130 (https://lists.freebsd.org/pipermail/svn-src-head/2014-September/062990.html), mac_bsdextended allows renaming and moving, when it should not. Unfortunately, the change is rather old, so the same problem is in 10-STABLE already too.

Quick test (change "user" to your favorite login in you system):

# kldload mac_bsdextended
# ugidfw add subject uid user object type l mode rs
# su - user
$ ln -s src dst
$ rm -v dst
rm: dst: Permission denied         # correct
$ mv -v dst dst2
dst -> dst2                        # incorrect, it should be permission denied
$ exit
#

You can look into sys/security/mac_bsdextended/ugidfw_vnode.c, functions ugidfw_vnode_check_rename_from() and ugidfw_vnode_check_unlink() - the codes are the same, but behavior is different. Before 272130, it really worked and mv was not possible, so probably change 272130 changed behavior, so that ugidfw_vnode_check_rename_from() is not called for rename operation anymore?

Comment 1 Mark Linimon freebsd_committer

2016-04-18 00:56:15 UTC

Over to committer of 272130.