* nscd/connections.c (handle_request): Check selinux permissions

for all non-admin commands.
author: Ulrich Drepper <drepper@redhat.com> 2007-01-13 04:41:19 +0000
committer: Ulrich Drepper <drepper@redhat.com> 2007-01-13 04:41:19 +0000
commit: 43397eaf04907a9aac3d502689bc3bb234461cf1 (patch)
tree: 6b0a89b19d0d8fc8fdf5a827e2123ae64ec7a4ca /nscd
parent: 038a1a9fc33e56a7396733bfdaa9fd411afae0d4 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/nscd/connections.c b/nscd/connections.c
index 39d491a5e0..f012b69ed8 100644
--- a/nscd/connections.c
+++ b/nscd/connections.c
@@ -1,5 +1,5 @@
 /* Inner loops of cache daemon.
-   Copyright (C) 1998-2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+   Copyright (C) 1998-2003, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
 
@@ -911,8 +911,9 @@ cannot handle old request version %d; current version is %d"),
      need to verify that the request type is valid, since it has not
      yet been checked at this point.  */
   if (selinux_enabled
-      && __builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME
-      && __builtin_expect (req->type, LASTREQ) < LASTREQ
+      && __builtin_expect (req->type >= GETPWBYNAME, 1)
+      && __builtin_expect (req->type < LASTREQ, 1)
+      && __builtin_expect (req->type < SHUTDOWN || req->type > INVALIDATE, 1)
       && nscd_request_avc_has_perm (fd, req->type) != 0)
     return;
author	Ulrich Drepper <drepper@redhat.com>	2007-01-13 04:41:19 +0000
committer	Ulrich Drepper <drepper@redhat.com>	2007-01-13 04:41:19 +0000
commit	43397eaf04907a9aac3d502689bc3bb234461cf1 (patch)
tree	6b0a89b19d0d8fc8fdf5a827e2123ae64ec7a4ca /nscd
parent	038a1a9fc33e56a7396733bfdaa9fd411afae0d4 (diff)