X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/3e170ce000f1506b7b5d2c5c7faec85ceabb573d..490019cf9519204c5fb36b2fba54ceb983bb6b72:/bsd/vfs/vfs_subr.c

diff --git a/bsd/vfs/vfs_subr.c b/bsd/vfs/vfs_subr.c
index 9fec68cd4..4f31d45e7 100644
--- a/bsd/vfs/vfs_subr.c
+++ b/bsd/vfs/vfs_subr.c
@@ -7425,6 +7425,9 @@ vnode_authorize_callback_int(__unused kauth_cred_t unused_cred, __unused void *i
 			goto out;
 		}
 		
+		/* Assume that there were DENYs so we don't wrongly cache KAUTH_VNODE_SEARCHBYANYONE */
+		found_deny = TRUE;
+		
 		KAUTH_DEBUG("%p    ALLOWED - caller is superuser", vp);
 	}
 out:
@@ -7447,6 +7450,10 @@ out:
 		 * deny execute, we can synthesize a global right that allows anyone to 
 		 * traverse this directory during a pathname lookup without having to
 		 * match the credential associated with this cache of rights.
+		 *
+		 * Note that we can correctly cache KAUTH_VNODE_SEARCHBYANYONE
+		 * only if we actually check ACLs which we don't for root. As
+		 * a workaround, the lookup fast path checks for root.
 		 */
 	        if (!VATTR_IS_SUPPORTED(&va, va_mode) ||
 		    ((va.va_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) ==
@@ -7807,10 +7814,10 @@ vnode_authattr(vnode_t vp, struct vnode_attr *vap, kauth_action_t *actionp, vfs_
 	 * If the size is being set, make sure it's not a directory.
 	 */
 	if (VATTR_IS_ACTIVE(vap, va_data_size)) {
-		/* size is meaningless on a directory, don't permit this */
-		if (vnode_isdir(vp)) {
-			KAUTH_DEBUG("ATTR - ERROR: size change requested on a directory");
-			error = EISDIR;
+		/* size is only meaningful on regular files, don't permit otherwise */
+		if (!vnode_isreg(vp)) {
+			KAUTH_DEBUG("ATTR - ERROR: size change requested on non-file");
+			error = vnode_isdir(vp) ? EISDIR : EINVAL;
 			goto out;
 		}
 	}