|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Fix for unassigned errno in xenstored_core.c
Dear all, In certain cases, when a client doesn't have enough permissions, the errno variable is not set in xenstored_core.c before its value is reported back. As a result, the client can learn about the errno of the last failed request to xenstored (which could have come from another client). (An unintended information channel! :-) Attached is a patch that I believe fixes the problem. Also included are a couple of test cases that demonstrate the problem. Cheers, Magnus *** xenstore/xenstored_core.c Sun Apr 9 15:05:54 2006
--- xs/xenstored_core.c Fri Nov 3 15:57:13 2006
***************
*** 555,562 ****
/* If we don't have permission, we don't have node. */
if (node) {
if ((perm_for_conn(conn, node->perms, node->num_perms) & perm)
! != perm)
node = NULL;
}
/* Clean up errno if they weren't supposed to know. */
if (!node)
--- 555,564 ----
/* If we don't have permission, we don't have node. */
if (node) {
if ((perm_for_conn(conn, node->perms, node->num_perms) & perm)
! != perm) {
! errno = EACCES;
node = NULL;
+ }
}
/* Clean up errno if they weren't supposed to know. */
if (!node)
write /a/b v setperm /a 1 READ setperm /a/b 1 NONE expect read failed: No such file or directory read /nonexistent setid 2 # this should presumably fail with EACCES, but fails with previous error instead expect read failed: Permission denied read /a/b write /a/b v setperm /a 1 READ setperm /a/b 1 NONE expect read failed: Invalid argument read // setid 2 # this should presumably fail with EACCES, but fails with previous error instead expect read failed: Permission denied read /a/b _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |