kern_prot.c (185983) | kern_prot.c (189529) |
---|---|
1/*- 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. 4 * (c) UNIX System Laboratories, Inc. 5 * Copyright (c) 2000-2001 Robert N. M. Watson. 6 * All rights reserved. 7 * 8 * All or some portions of this file are derived from material licensed --- 28 unchanged lines hidden (view full) --- 37 * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94 38 */ 39 40/* 41 * System calls related to processes and protection 42 */ 43 44#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. 4 * (c) UNIX System Laboratories, Inc. 5 * Copyright (c) 2000-2001 Robert N. M. Watson. 6 * All rights reserved. 7 * 8 * All or some portions of this file are derived from material licensed --- 28 unchanged lines hidden (view full) --- 37 * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94 38 */ 39 40/* 41 * System calls related to processes and protection 42 */ 43 44#include <sys/cdefs.h> |
45__FBSDID("$FreeBSD: head/sys/kern/kern_prot.c 185983 2008-12-12 12:06:28Z kib $"); | 45__FBSDID("$FreeBSD: head/sys/kern/kern_prot.c 189529 2009-03-08 10:58:37Z rwatson $"); |
46 47#include "opt_compat.h" 48#include "opt_inet.h" 49#include "opt_inet6.h" 50#include "opt_mac.h" 51 52#include <sys/param.h> 53#include <sys/systm.h> --- 430 unchanged lines hidden (view full) --- 484 uid = uap->uid; 485 AUDIT_ARG(uid, uid); 486 newcred = crget(); 487 uip = uifind(uid); 488 PROC_LOCK(p); 489 oldcred = p->p_ucred; 490 491#ifdef MAC | 46 47#include "opt_compat.h" 48#include "opt_inet.h" 49#include "opt_inet6.h" 50#include "opt_mac.h" 51 52#include <sys/param.h> 53#include <sys/systm.h> --- 430 unchanged lines hidden (view full) --- 484 uid = uap->uid; 485 AUDIT_ARG(uid, uid); 486 newcred = crget(); 487 uip = uifind(uid); 488 PROC_LOCK(p); 489 oldcred = p->p_ucred; 490 491#ifdef MAC |
492 error = mac_proc_check_setuid(p, oldcred, uid); | 492 error = mac_cred_check_setuid(oldcred, uid); |
493 if (error) 494 goto fail; 495#endif 496 497 /* 498 * See if we have "permission" by POSIX 1003.1 rules. 499 * 500 * Note that setuid(geteuid()) is a special case of --- 95 unchanged lines hidden (view full) --- 596 euid = uap->euid; 597 AUDIT_ARG(euid, euid); 598 newcred = crget(); 599 euip = uifind(euid); 600 PROC_LOCK(p); 601 oldcred = p->p_ucred; 602 603#ifdef MAC | 493 if (error) 494 goto fail; 495#endif 496 497 /* 498 * See if we have "permission" by POSIX 1003.1 rules. 499 * 500 * Note that setuid(geteuid()) is a special case of --- 95 unchanged lines hidden (view full) --- 596 euid = uap->euid; 597 AUDIT_ARG(euid, euid); 598 newcred = crget(); 599 euip = uifind(euid); 600 PROC_LOCK(p); 601 oldcred = p->p_ucred; 602 603#ifdef MAC |
604 error = mac_proc_check_seteuid(p, oldcred, euid); | 604 error = mac_cred_check_seteuid(oldcred, euid); |
605 if (error) 606 goto fail; 607#endif 608 609 if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ 610 euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ 611 (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0) 612 goto fail; --- 36 unchanged lines hidden (view full) --- 649 650 gid = uap->gid; 651 AUDIT_ARG(gid, gid); 652 newcred = crget(); 653 PROC_LOCK(p); 654 oldcred = p->p_ucred; 655 656#ifdef MAC | 605 if (error) 606 goto fail; 607#endif 608 609 if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ 610 euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ 611 (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0) 612 goto fail; --- 36 unchanged lines hidden (view full) --- 649 650 gid = uap->gid; 651 AUDIT_ARG(gid, gid); 652 newcred = crget(); 653 PROC_LOCK(p); 654 oldcred = p->p_ucred; 655 656#ifdef MAC |
657 error = mac_proc_check_setgid(p, oldcred, gid); | 657 error = mac_cred_check_setgid(oldcred, gid); |
658 if (error) 659 goto fail; 660#endif 661 662 /* 663 * See if we have "permission" by POSIX 1003.1 rules. 664 * 665 * Note that setgid(getegid()) is a special case of --- 82 unchanged lines hidden (view full) --- 748 749 egid = uap->egid; 750 AUDIT_ARG(egid, egid); 751 newcred = crget(); 752 PROC_LOCK(p); 753 oldcred = p->p_ucred; 754 755#ifdef MAC | 658 if (error) 659 goto fail; 660#endif 661 662 /* 663 * See if we have "permission" by POSIX 1003.1 rules. 664 * 665 * Note that setgid(getegid()) is a special case of --- 82 unchanged lines hidden (view full) --- 748 749 egid = uap->egid; 750 AUDIT_ARG(egid, egid); 751 newcred = crget(); 752 PROC_LOCK(p); 753 oldcred = p->p_ucred; 754 755#ifdef MAC |
756 error = mac_proc_check_setegid(p, oldcred, egid); | 756 error = mac_cred_check_setegid(oldcred, egid); |
757 if (error) 758 goto fail; 759#endif 760 761 if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ 762 egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ 763 (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0) 764 goto fail; --- 45 unchanged lines hidden (view full) --- 810 if (ngrp > NGROUPS) 811 return (EINVAL); 812 AUDIT_ARG(groupset, groups, ngrp); 813 newcred = crget(); 814 PROC_LOCK(p); 815 oldcred = p->p_ucred; 816 817#ifdef MAC | 757 if (error) 758 goto fail; 759#endif 760 761 if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ 762 egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ 763 (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0) 764 goto fail; --- 45 unchanged lines hidden (view full) --- 810 if (ngrp > NGROUPS) 811 return (EINVAL); 812 AUDIT_ARG(groupset, groups, ngrp); 813 newcred = crget(); 814 PROC_LOCK(p); 815 oldcred = p->p_ucred; 816 817#ifdef MAC |
818 error = mac_proc_check_setgroups(p, oldcred, ngrp, groups); | 818 error = mac_cred_check_setgroups(oldcred, ngrp, groups); |
819 if (error) 820 goto fail; 821#endif 822 823 error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0); 824 if (error) 825 goto fail; 826 --- 48 unchanged lines hidden (view full) --- 875 AUDIT_ARG(ruid, ruid); 876 newcred = crget(); 877 euip = uifind(euid); 878 ruip = uifind(ruid); 879 PROC_LOCK(p); 880 oldcred = p->p_ucred; 881 882#ifdef MAC | 819 if (error) 820 goto fail; 821#endif 822 823 error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0); 824 if (error) 825 goto fail; 826 --- 48 unchanged lines hidden (view full) --- 875 AUDIT_ARG(ruid, ruid); 876 newcred = crget(); 877 euip = uifind(euid); 878 ruip = uifind(ruid); 879 PROC_LOCK(p); 880 oldcred = p->p_ucred; 881 882#ifdef MAC |
883 error = mac_proc_check_setreuid(p, oldcred, ruid, euid); | 883 error = mac_cred_check_setreuid(oldcred, ruid, euid); |
884 if (error) 885 goto fail; 886#endif 887 888 if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && 889 ruid != oldcred->cr_svuid) || 890 (euid != (uid_t)-1 && euid != oldcred->cr_uid && 891 euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && --- 48 unchanged lines hidden (view full) --- 940 rgid = uap->rgid; 941 AUDIT_ARG(egid, egid); 942 AUDIT_ARG(rgid, rgid); 943 newcred = crget(); 944 PROC_LOCK(p); 945 oldcred = p->p_ucred; 946 947#ifdef MAC | 884 if (error) 885 goto fail; 886#endif 887 888 if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && 889 ruid != oldcred->cr_svuid) || 890 (euid != (uid_t)-1 && euid != oldcred->cr_uid && 891 euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && --- 48 unchanged lines hidden (view full) --- 940 rgid = uap->rgid; 941 AUDIT_ARG(egid, egid); 942 AUDIT_ARG(rgid, rgid); 943 newcred = crget(); 944 PROC_LOCK(p); 945 oldcred = p->p_ucred; 946 947#ifdef MAC |
948 error = mac_proc_check_setregid(p, oldcred, rgid, egid); | 948 error = mac_cred_check_setregid(oldcred, rgid, egid); |
949 if (error) 950 goto fail; 951#endif 952 953 if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && 954 rgid != oldcred->cr_svgid) || 955 (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && 956 egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && --- 54 unchanged lines hidden (view full) --- 1011 AUDIT_ARG(suid, suid); 1012 newcred = crget(); 1013 euip = uifind(euid); 1014 ruip = uifind(ruid); 1015 PROC_LOCK(p); 1016 oldcred = p->p_ucred; 1017 1018#ifdef MAC | 949 if (error) 950 goto fail; 951#endif 952 953 if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && 954 rgid != oldcred->cr_svgid) || 955 (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && 956 egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && --- 54 unchanged lines hidden (view full) --- 1011 AUDIT_ARG(suid, suid); 1012 newcred = crget(); 1013 euip = uifind(euid); 1014 ruip = uifind(ruid); 1015 PROC_LOCK(p); 1016 oldcred = p->p_ucred; 1017 1018#ifdef MAC |
1019 error = mac_proc_check_setresuid(p, oldcred, ruid, euid, suid); | 1019 error = mac_cred_check_setresuid(oldcred, ruid, euid, suid); |
1020 if (error) 1021 goto fail; 1022#endif 1023 1024 if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && 1025 ruid != oldcred->cr_svuid && 1026 ruid != oldcred->cr_uid) || 1027 (euid != (uid_t)-1 && euid != oldcred->cr_ruid && --- 60 unchanged lines hidden (view full) --- 1088 AUDIT_ARG(egid, egid); 1089 AUDIT_ARG(rgid, rgid); 1090 AUDIT_ARG(sgid, sgid); 1091 newcred = crget(); 1092 PROC_LOCK(p); 1093 oldcred = p->p_ucred; 1094 1095#ifdef MAC | 1020 if (error) 1021 goto fail; 1022#endif 1023 1024 if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && 1025 ruid != oldcred->cr_svuid && 1026 ruid != oldcred->cr_uid) || 1027 (euid != (uid_t)-1 && euid != oldcred->cr_ruid && --- 60 unchanged lines hidden (view full) --- 1088 AUDIT_ARG(egid, egid); 1089 AUDIT_ARG(rgid, rgid); 1090 AUDIT_ARG(sgid, sgid); 1091 newcred = crget(); 1092 PROC_LOCK(p); 1093 oldcred = p->p_ucred; 1094 1095#ifdef MAC |
1096 error = mac_proc_check_setresgid(p, oldcred, rgid, egid, sgid); | 1096 error = mac_cred_check_setresgid(oldcred, rgid, egid, sgid); |
1097 if (error) 1098 goto fail; 1099#endif 1100 1101 if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && 1102 rgid != oldcred->cr_svgid && 1103 rgid != oldcred->cr_groups[0]) || 1104 (egid != (gid_t)-1 && egid != oldcred->cr_rgid && --- 969 unchanged lines hidden --- | 1097 if (error) 1098 goto fail; 1099#endif 1100 1101 if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && 1102 rgid != oldcred->cr_svgid && 1103 rgid != oldcred->cr_groups[0]) || 1104 (egid != (gid_t)-1 && egid != oldcred->cr_rgid && --- 969 unchanged lines hidden --- |