DragonFly kernel List (threaded) for 2009-08
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: access(2) using effective uid instead of real one?
| From: | Nicolas Thery <nthery@xxxxxxxxx> |
| Date: | Tue, 11 Aug 2009 00:15:26 +0200 |
2009/8/11 Alex <ahornung@gmail.com>:
> As far as I can see it should be trivial to change it touse the real
> uid in vop_helper_access. Just change the references to cr_uid and
> cr_gid to cr_ruid and cr_rgid.
> If this is how it should be or shouldn't... I don't know.
I reckon that's one possibility.
Alternatively, the credentials passed to VOP_ACCESS() can be changed
as shown in the patch below. Doing it this way simplifies the
incoming implementation of faccessat(2) which can check either the
effective or real uid/gid.
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 0c723e4..12d3b53 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -2318,8 +2318,16 @@ int
kern_access(struct nlookupdata *nd, int aflags)
{
struct vnode *vp;
+ struct ucred *cr;
int error, flags;
+ /*
+ * Perform check with real uid/gid
+ */
+ cr = cratom(&nd->nl_cred);
+ cr->cr_uid = cr->cr_ruid;
+ cr->cr_groups[0] = cr->cr_rgid;
+
if ((error = nlookup(nd)) != 0)
return (error);
retry:
- Follow-Ups:
- Re: access(2) using effective uid instead of real one?
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: access(2) using effective uid instead of real one?
- References:
- access(2) using effective uid instead of real one?
- From: Nicolas Thery <nthery@gmail.com>
- Re: access(2) using effective uid instead of real one?
- From: Alex <ahornung@gmail.com>
- access(2) using effective uid instead of real one?
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]