Add a SUSER_RUID flag to suser_cred. This flag indicates that we want to

check if the *real* user is the superuser (vs. the normal behaviour, which checks the effective user). Reviewed by: rwatson
2004-07-16 15:57:16 +00:00 · 2004-07-16 15:57:16 +00:00 · 8651a1567e
commit 8651a1567e
parent 0dd4779874
2 changed files with 3 additions and 3 deletions
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@ -1222,8 +1222,7 @@ TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled);

 /*
 * Test whether the specified credentials imply "super-user" privilege.
- * Return 0 or EPERM.  The flag argument is currently used only to
- * specify jail interaction.
+ * Return 0 or EPERM.
 */
 int
 suser_cred(struct ucred *cred, int flag)
@ -1231,7 +1230,7 @@ suser_cred(struct ucred *cred, int flag)

 	if (!suser_enabled)
 		return (EPERM);
-	if (cred->cr_uid != 0)
+	if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0)
 		return (EPERM);
 	if (jailed(cred) && !(flag & PRISON_ROOT))
 		return (EPERM);
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@ -217,6 +217,7 @@ void	cpu_stopprofclock(void);

 /* flags for suser() and suser_cred() */
 #define PRISON_ROOT	1
+#define SUSER_RUID	2

 int	suser(struct thread *td);
 int	suser_cred(struct ucred *cred, int flag);