* nscd/connections.c (handle_request): Check selinux permissions

for all non-admin commands.
2024-12-22 19:00:07 +00:00 · 2007-01-13 04:41:19 +00:00 · 2007-01-13 04:41:19 +00:00 · 43397eaf04
commit 43397eaf04
parent 038a1a9fc3
2 changed files with 7 additions and 3 deletions
--- a/3
+++ b/3
@ -1,5 +1,8 @@
 2007-01-12  Ulrich Drepper  <drepper@redhat.com>
 	* nscd/connections.c (handle_request): Check selinux permissions
 	for all non-admin commands.
 	* sysdeps/i386/i486/bits/atomic.h: Define
 	atomic_compare_and_exchange_val_acq,
 	atomic_compare_and_exchange_bool_acq, and atomic_exchange_and_add
--- a/nscd/connections.c
+++ b/nscd/connections.c
@ -1,5 +1,5 @@
 /* Inner loops of cache daemon.
-   Copyright (C) 1998-2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+   Copyright (C) 1998-2003, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
@ -911,8 +911,9 @@ cannot handle old request version %d; current version is %d"),
     need to verify that the request type is valid, since it has not
     yet been checked at this point.  */
  if (selinux_enabled
-      && __builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME
+      && __builtin_expect (req->type >= GETPWBYNAME, 1)
-      && __builtin_expect (req->type, LASTREQ) < LASTREQ
+      && __builtin_expect (req->type < LASTREQ, 1)
      && __builtin_expect (req->type < SHUTDOWN || req->type > INVALIDATE, 1)
      && nscd_request_avc_has_perm (fd, req->type) != 0)
    return;