| kern_prot.c (46112) | kern_prot.c (46116) |
|---|---|
| 1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. --- 22 unchanged lines hidden (view full) --- 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94 | 1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. --- 22 unchanged lines hidden (view full) --- 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94 |
| 39 * $Id: kern_prot.c,v 1.44 1999/01/28 00:57:47 dillon Exp $ | 39 * $Id: kern_prot.c,v 1.45 1999/04/27 11:16:01 phk Exp $ |
| 40 */ 41 42/* 43 * System calls related to processes and protection 44 */ 45 46#include "opt_compat.h" 47 --- 342 unchanged lines hidden (view full) --- 390 uid = uap->uid; 391 if (uid != pc->p_ruid && /* allow setuid(getuid()) */ 392#ifdef _POSIX_SAVED_IDS 393 uid != pc->p_svuid && /* allow setuid(saved gid) */ 394#endif 395#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ 396 uid != pc->pc_ucred->cr_uid && /* allow setuid(geteuid()) */ 397#endif | 40 */ 41 42/* 43 * System calls related to processes and protection 44 */ 45 46#include "opt_compat.h" 47 --- 342 unchanged lines hidden (view full) --- 390 uid = uap->uid; 391 if (uid != pc->p_ruid && /* allow setuid(getuid()) */ 392#ifdef _POSIX_SAVED_IDS 393 uid != pc->p_svuid && /* allow setuid(saved gid) */ 394#endif 395#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ 396 uid != pc->pc_ucred->cr_uid && /* allow setuid(geteuid()) */ 397#endif |
| 398 (error = suser_xxx(pc->pc_ucred, &p->p_acflag))) | 398 (error = suser(p))) |
| 399 return (error); 400 401#ifdef _POSIX_SAVED_IDS 402 /* 403 * Do we have "appropriate privileges" (are we root or uid == euid) 404 * If so, we are changing the real uid and/or saved uid. 405 */ 406 if ( 407#ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */ 408 uid == pc->pc_ucred->cr_uid || 409#endif | 399 return (error); 400 401#ifdef _POSIX_SAVED_IDS 402 /* 403 * Do we have "appropriate privileges" (are we root or uid == euid) 404 * If so, we are changing the real uid and/or saved uid. 405 */ 406 if ( 407#ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */ 408 uid == pc->pc_ucred->cr_uid || 409#endif |
| 410 suser_xxx(pc->pc_ucred, &p->p_acflag) == 0) /* we are using privs */ | 410 suser(p) == 0) /* we are using privs */ |
| 411#endif 412 { 413 /* 414 * Transfer proc count to new user. 415 */ 416 if (uid != pc->p_ruid) { 417 (void)chgproccnt(pc->p_ruid, -1); 418 (void)chgproccnt(uid, 1); --- 43 unchanged lines hidden (view full) --- 462{ 463 register struct pcred *pc = p->p_cred; 464 register uid_t euid; 465 int error; 466 467 euid = uap->euid; 468 if (euid != pc->p_ruid && /* allow seteuid(getuid()) */ 469 euid != pc->p_svuid && /* allow seteuid(saved uid) */ | 411#endif 412 { 413 /* 414 * Transfer proc count to new user. 415 */ 416 if (uid != pc->p_ruid) { 417 (void)chgproccnt(pc->p_ruid, -1); 418 (void)chgproccnt(uid, 1); --- 43 unchanged lines hidden (view full) --- 462{ 463 register struct pcred *pc = p->p_cred; 464 register uid_t euid; 465 int error; 466 467 euid = uap->euid; 468 if (euid != pc->p_ruid && /* allow seteuid(getuid()) */ 469 euid != pc->p_svuid && /* allow seteuid(saved uid) */ |
| 470 (error = suser_xxx(pc->pc_ucred, &p->p_acflag))) | 470 (error = suser(p))) |
| 471 return (error); 472 /* 473 * Everything's okay, do it. Copy credentials so other references do 474 * not see our changes. 475 */ 476 if (pc->pc_ucred->cr_uid != euid) { 477 pc->pc_ucred = crcopy(pc->pc_ucred); 478 pc->pc_ucred->cr_uid = euid; --- 31 unchanged lines hidden (view full) --- 510 gid = uap->gid; 511 if (gid != pc->p_rgid && /* allow setgid(getgid()) */ 512#ifdef _POSIX_SAVED_IDS 513 gid != pc->p_svgid && /* allow setgid(saved gid) */ 514#endif 515#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ 516 gid != pc->pc_ucred->cr_groups[0] && /* allow setgid(getegid()) */ 517#endif | 471 return (error); 472 /* 473 * Everything's okay, do it. Copy credentials so other references do 474 * not see our changes. 475 */ 476 if (pc->pc_ucred->cr_uid != euid) { 477 pc->pc_ucred = crcopy(pc->pc_ucred); 478 pc->pc_ucred->cr_uid = euid; --- 31 unchanged lines hidden (view full) --- 510 gid = uap->gid; 511 if (gid != pc->p_rgid && /* allow setgid(getgid()) */ 512#ifdef _POSIX_SAVED_IDS 513 gid != pc->p_svgid && /* allow setgid(saved gid) */ 514#endif 515#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ 516 gid != pc->pc_ucred->cr_groups[0] && /* allow setgid(getegid()) */ 517#endif |
| 518 (error = suser_xxx(pc->pc_ucred, &p->p_acflag))) | 518 (error = suser(p))) |
| 519 return (error); 520 521#ifdef _POSIX_SAVED_IDS 522 /* 523 * Do we have "appropriate privileges" (are we root or gid == egid) 524 * If so, we are changing the real uid and saved gid. 525 */ 526 if ( 527#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ 528 gid == pc->pc_ucred->cr_groups[0] || 529#endif | 519 return (error); 520 521#ifdef _POSIX_SAVED_IDS 522 /* 523 * Do we have "appropriate privileges" (are we root or gid == egid) 524 * If so, we are changing the real uid and saved gid. 525 */ 526 if ( 527#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ 528 gid == pc->pc_ucred->cr_groups[0] || 529#endif |
| 530 suser_xxx(pc->pc_ucred, &p->p_acflag) == 0) /* we are using privs */ | 530 suser(p) == 0) /* we are using privs */ |
| 531#endif 532 { 533 /* 534 * Set real gid 535 */ 536 if (pc->p_rgid != gid) { 537 pc->p_rgid = gid; 538 setsugid(p); --- 35 unchanged lines hidden (view full) --- 574{ 575 register struct pcred *pc = p->p_cred; 576 register gid_t egid; 577 int error; 578 579 egid = uap->egid; 580 if (egid != pc->p_rgid && /* allow setegid(getgid()) */ 581 egid != pc->p_svgid && /* allow setegid(saved gid) */ | 531#endif 532 { 533 /* 534 * Set real gid 535 */ 536 if (pc->p_rgid != gid) { 537 pc->p_rgid = gid; 538 setsugid(p); --- 35 unchanged lines hidden (view full) --- 574{ 575 register struct pcred *pc = p->p_cred; 576 register gid_t egid; 577 int error; 578 579 egid = uap->egid; 580 if (egid != pc->p_rgid && /* allow setegid(getgid()) */ 581 egid != pc->p_svgid && /* allow setegid(saved gid) */ |
| 582 (error = suser_xxx(pc->pc_ucred, &p->p_acflag))) | 582 (error = suser(p))) |
| 583 return (error); 584 if (pc->pc_ucred->cr_groups[0] != egid) { 585 pc->pc_ucred = crcopy(pc->pc_ucred); 586 pc->pc_ucred->cr_groups[0] = egid; 587 setsugid(p); 588 } 589 return (0); 590} --- 9 unchanged lines hidden (view full) --- 600setgroups(p, uap) 601 struct proc *p; 602 struct setgroups_args *uap; 603{ 604 register struct pcred *pc = p->p_cred; 605 register u_int ngrp; 606 int error; 607 | 583 return (error); 584 if (pc->pc_ucred->cr_groups[0] != egid) { 585 pc->pc_ucred = crcopy(pc->pc_ucred); 586 pc->pc_ucred->cr_groups[0] = egid; 587 setsugid(p); 588 } 589 return (0); 590} --- 9 unchanged lines hidden (view full) --- 600setgroups(p, uap) 601 struct proc *p; 602 struct setgroups_args *uap; 603{ 604 register struct pcred *pc = p->p_cred; 605 register u_int ngrp; 606 int error; 607 |
| 608 if ((error = suser_xxx(pc->pc_ucred, &p->p_acflag))) | 608 if ((error = suser(p))) |
| 609 return (error); 610 ngrp = uap->gidsetsize; 611 if (ngrp > NGROUPS) 612 return (EINVAL); 613 /* 614 * XXX A little bit lazy here. We could test if anything has 615 * changed before crcopy() and setting P_SUGID. 616 */ --- 32 unchanged lines hidden (view full) --- 649 register uid_t ruid, euid; 650 int error; 651 652 ruid = uap->ruid; 653 euid = uap->euid; 654 if (((ruid != (uid_t)-1 && ruid != pc->p_ruid && ruid != pc->p_svuid) || 655 (euid != (uid_t)-1 && euid != pc->pc_ucred->cr_uid && 656 euid != pc->p_ruid && euid != pc->p_svuid)) && | 609 return (error); 610 ngrp = uap->gidsetsize; 611 if (ngrp > NGROUPS) 612 return (EINVAL); 613 /* 614 * XXX A little bit lazy here. We could test if anything has 615 * changed before crcopy() and setting P_SUGID. 616 */ --- 32 unchanged lines hidden (view full) --- 649 register uid_t ruid, euid; 650 int error; 651 652 ruid = uap->ruid; 653 euid = uap->euid; 654 if (((ruid != (uid_t)-1 && ruid != pc->p_ruid && ruid != pc->p_svuid) || 655 (euid != (uid_t)-1 && euid != pc->pc_ucred->cr_uid && 656 euid != pc->p_ruid && euid != pc->p_svuid)) && |
| 657 (error = suser_xxx(pc->pc_ucred, &p->p_acflag)) != 0) | 657 (error = suser(p)) != 0) |
| 658 return (error); 659 660 if (euid != (uid_t)-1 && pc->pc_ucred->cr_uid != euid) { 661 pc->pc_ucred = crcopy(pc->pc_ucred); 662 pc->pc_ucred->cr_uid = euid; 663 setsugid(p); 664 } 665 if (ruid != (uid_t)-1 && pc->p_ruid != ruid) { --- 26 unchanged lines hidden (view full) --- 692 register gid_t rgid, egid; 693 int error; 694 695 rgid = uap->rgid; 696 egid = uap->egid; 697 if (((rgid != (gid_t)-1 && rgid != pc->p_rgid && rgid != pc->p_svgid) || 698 (egid != (gid_t)-1 && egid != pc->pc_ucred->cr_groups[0] && 699 egid != pc->p_rgid && egid != pc->p_svgid)) && | 658 return (error); 659 660 if (euid != (uid_t)-1 && pc->pc_ucred->cr_uid != euid) { 661 pc->pc_ucred = crcopy(pc->pc_ucred); 662 pc->pc_ucred->cr_uid = euid; 663 setsugid(p); 664 } 665 if (ruid != (uid_t)-1 && pc->p_ruid != ruid) { --- 26 unchanged lines hidden (view full) --- 692 register gid_t rgid, egid; 693 int error; 694 695 rgid = uap->rgid; 696 egid = uap->egid; 697 if (((rgid != (gid_t)-1 && rgid != pc->p_rgid && rgid != pc->p_svgid) || 698 (egid != (gid_t)-1 && egid != pc->pc_ucred->cr_groups[0] && 699 egid != pc->p_rgid && egid != pc->p_svgid)) && |
| 700 (error = suser_xxx(pc->pc_ucred, &p->p_acflag)) != 0) | 700 (error = suser(p)) != 0) |
| 701 return (error); 702 703 if (egid != (gid_t)-1 && pc->pc_ucred->cr_groups[0] != egid) { 704 pc->pc_ucred = crcopy(pc->pc_ucred); 705 pc->pc_ucred->cr_groups[0] = egid; 706 setsugid(p); 707 } 708 if (rgid != (gid_t)-1 && pc->p_rgid != rgid) { --- 197 unchanged lines hidden --- | 701 return (error); 702 703 if (egid != (gid_t)-1 && pc->pc_ucred->cr_groups[0] != egid) { 704 pc->pc_ucred = crcopy(pc->pc_ucred); 705 pc->pc_ucred->cr_groups[0] = egid; 706 setsugid(p); 707 } 708 if (rgid != (gid_t)-1 && pc->p_rgid != rgid) { --- 197 unchanged lines hidden --- |