diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | nscd/connections.c | 7 |
2 files changed, 7 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog index c3703cb1ed..013dc58738 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2007-01-12 Ulrich Drepper <drepper@redhat.com> + * nscd/connections.c (handle_request): Check selinux permissions + for all non-admin commands. + * sysdeps/i386/i486/bits/atomic.h: Define atomic_compare_and_exchange_val_acq, atomic_compare_and_exchange_bool_acq, and atomic_exchange_and_add diff --git a/nscd/connections.c b/nscd/connections.c index 39d491a5e0..f012b69ed8 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -1,5 +1,5 @@ /* Inner loops of cache daemon. - Copyright (C) 1998-2003, 2004, 2005, 2006 Free Software Foundation, Inc. + Copyright (C) 1998-2003, 2004, 2005, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -911,8 +911,9 @@ cannot handle old request version %d; current version is %d"), need to verify that the request type is valid, since it has not yet been checked at this point. */ if (selinux_enabled - && __builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME - && __builtin_expect (req->type, LASTREQ) < LASTREQ + && __builtin_expect (req->type >= GETPWBYNAME, 1) + && __builtin_expect (req->type < LASTREQ, 1) + && __builtin_expect (req->type < SHUTDOWN || req->type > INVALIDATE, 1) && nscd_request_avc_has_perm (fd, req->type) != 0) return; |