diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c index 8c319f7a872c..cd191d50e1cd 100644 --- a/sys/kern/kern_acct.c +++ b/sys/kern/kern_acct.c @@ -123,7 +123,7 @@ acct(td, uap) if (td != curthread) panic("acct"); /* XXXKSE DIAGNOSTIC */ /* Make sure that the caller is root. */ - error = suser(td->td_proc); + error = suser_xxx(td->td_proc->p_ucred, NULL, 0); if (error) goto done2; diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 2dd432c219c6..fc692c85992d 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -83,7 +83,7 @@ jail(td, uap) pr->pr_ip = j.ip_number; PROC_LOCK(p); /* Implicitly fail if already in jail. */ - error = suser(p); + error = suser_xxx(p->p_ucred, NULL, 0); if (error) goto badcred; oldcred = p->p_ucred; diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c index 7c2b59d4b669..fd12eaa8ea45 100644 --- a/sys/kern/kern_linker.c +++ b/sys/kern/kern_linker.c @@ -697,7 +697,7 @@ kldload(struct thread* td, struct kldload_args* uap) mtx_lock(&Giant); - if ((error = suser_td(td)) != 0) + if ((error = suser_xxx(td->td_proc->p_ucred, NULL, 0)) != 0) goto out; pathname = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); @@ -743,7 +743,7 @@ kldunload(struct thread* td, struct kldunload_args* uap) mtx_lock(&Giant); - if ((error = suser_td(td)) != 0) + if ((error = suser_xxx(td->td_proc->p_ucred, NULL, 0)) != 0) goto out; lf = linker_find_file_by_id(SCARG(uap, fileid)); diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index cf630ac17e62..5de232544bf1 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -235,7 +235,8 @@ donice(curp, chgp, n) n = PRIO_MAX; if (n < PRIO_MIN) n = PRIO_MIN; - if (n < chgp->p_ksegrp.kg_nice /* XXXKSE */ && suser(curp)) + if (n < chgp->p_ksegrp.kg_nice /* XXXKSE */ && + suser_xxx(curp->p_ucred, NULL, 0)) return (EACCES); chgp->p_ksegrp.kg_nice /* XXXKSE */ = n; (void)resetpriority(&chgp->p_ksegrp); /* XXXKSE */ @@ -297,7 +298,7 @@ rtprio(td, uap) (error = copyin(uap->rtp, &rtp, sizeof(struct rtprio)))) break; /* disallow setting rtprio in most cases if not superuser */ - if (suser(curp) != 0) { + if (suser_xxx(curp->p_ucred, NULL, 0) != 0) { /* can't set someone else's */ if (uap->pid) { error = EPERM; diff --git a/sys/kern/sysv_ipc.c b/sys/kern/sysv_ipc.c index 70e2f4b2eced..89ab7d2c085d 100644 --- a/sys/kern/sysv_ipc.c +++ b/sys/kern/sysv_ipc.c @@ -94,7 +94,8 @@ ipcperm(td, perm, mode) /* Check for user match. */ if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) { if (mode & IPC_M) - return (suser(p) == 0 ? 0 : EPERM); + return (suser_xxx(p->p_ucred, NULL, 0) == 0 ? 0 : + EPERM); /* Check for group match. */ mode >>= 3; if (!groupmember(perm->gid, cred) && @@ -105,5 +106,6 @@ ipcperm(td, perm, mode) if (mode & IPC_M) return (0); - return ((mode & perm->mode) == mode || suser(p) == 0 ? 0 : EACCES); + return ((mode & perm->mode) == mode || + suser_xxx(p->p_ucred, NULL, 0) == 0 ? 0 : EACCES); } diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 13ab4f75942b..efc76b8d5936 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -822,7 +822,7 @@ ttioctl(tp, cmd, data, flag) ISSET(constty->t_state, TS_CONNECTED)) return (EBUSY); #ifndef UCONSOLE - if ((error = suser(p)) != 0) + if ((error = suser_xxx(p->p_ucred, NULL, 0)) != 0) return (error); #endif constty = tp; @@ -994,9 +994,9 @@ ttioctl(tp, cmd, data, flag) splx(s); break; case TIOCSTI: /* simulate terminal input */ - if ((flag & FREAD) == 0 && suser(p)) + if ((flag & FREAD) == 0 && suser_xxx(p->p_ucred, NULL, 0)) return (EPERM); - if (!isctty(p, tp) && suser(p)) + if (!isctty(p, tp) && suser_xxx(p->p_ucred, NULL, 0)) return (EACCES); s = spltty(); (*linesw[tp->t_line].l_rint)(*(u_char *)data, tp); @@ -1044,7 +1044,7 @@ ttioctl(tp, cmd, data, flag) } break; case TIOCSDRAINWAIT: - error = suser(p); + error = suser_xxx(p->p_ucred, NULL, 0); if (error) return (error); tp->t_timeout = *(int *)data * hz; diff --git a/sys/kern/tty_pty.c b/sys/kern/tty_pty.c index a01d04e26cf7..7e00ec4dda83 100644 --- a/sys/kern/tty_pty.c +++ b/sys/kern/tty_pty.c @@ -185,7 +185,7 @@ ptsopen(dev, flag, devtype, td) tp->t_lflag = TTYDEF_LFLAG; tp->t_cflag = TTYDEF_CFLAG; tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; - } else if (tp->t_state & TS_XCLUDE && suser(p)) { + } else if (tp->t_state & TS_XCLUDE && suser_xxx(p->p_ucred, NULL, 0)) { return (EBUSY); } else if (pti->pt_prison != p->p_ucred->cr_prison) { return (EBUSY);