d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a SUSER_RUID flag to suser_cred. This flag indicates that we want to

Browse Source 
check if the *real* user is the superuser (vs. the normal behaviour, which
checks the effective user).

Reviewed by:	rwatson
This commit is contained in:
cperciva 2004-07-16 15:57:16 +00:00
parent 0dd4779874
commit 8651a1567e
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/kern/kern_prot.c
View File

@ -1222,8 +1222,7 @@ TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled);
/* /*
* Test whether the specified credentials imply "super-user" privilege. * Test whether the specified credentials imply "super-user" privilege.
* Return 0 or EPERM. The flag argument is currently used only to * Return 0 or EPERM.
* specify jail interaction.
*/ */
int int
suser_cred(struct ucred *cred, int flag) suser_cred(struct ucred *cred, int flag)
@ -1231,7 +1230,7 @@ suser_cred(struct ucred *cred, int flag)
if (!suser_enabled) if (!suser_enabled)
return (EPERM); return (EPERM);
if (cred->cr_uid != 0) if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0)
return (EPERM); return (EPERM);
if (jailed(cred) && !(flag & PRISON_ROOT)) if (jailed(cred) && !(flag & PRISON_ROOT))
return (EPERM); return (EPERM);

1
sys/sys/systm.h
View File

@ -217,6 +217,7 @@ void cpu_stopprofclock(void);
/* flags for suser() and suser_cred() */ /* flags for suser() and suser_cred() */
#define PRISON_ROOT 1 #define PRISON_ROOT 1
#define SUSER_RUID 2
int suser(struct thread *td); int suser(struct thread *td);
int suser_cred(struct ucred *cred, int flag); int suser_cred(struct ucred *cred, int flag);