Add a SUSER_RUID flag to suser_cred. This flag indicates that we want to

check if the *real* user is the superuser (vs. the normal behaviour, which
checks the effective user).

Reviewed by:	rwatson
This commit is contained in:
cperciva 2004-07-16 15:57:16 +00:00
parent 0dd4779874
commit 8651a1567e
2 changed files with 3 additions and 3 deletions

View File

@ -1222,8 +1222,7 @@ TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled);
/*
* Test whether the specified credentials imply "super-user" privilege.
* Return 0 or EPERM. The flag argument is currently used only to
* specify jail interaction.
* Return 0 or EPERM.
*/
int
suser_cred(struct ucred *cred, int flag)
@ -1231,7 +1230,7 @@ suser_cred(struct ucred *cred, int flag)
if (!suser_enabled)
return (EPERM);
if (cred->cr_uid != 0)
if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0)
return (EPERM);
if (jailed(cred) && !(flag & PRISON_ROOT))
return (EPERM);

View File

@ -217,6 +217,7 @@ void cpu_stopprofclock(void);
/* flags for suser() and suser_cred() */
#define PRISON_ROOT 1
#define SUSER_RUID 2
int suser(struct thread *td);
int suser_cred(struct ucred *cred, int flag);