apfs/linux-apfs
0
0
Fork 0
mirror of https://github.com/linux-apfs/linux-apfs.git synced 2026-05-01 15:00:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

CRED: Separate task security context from task_struct

Browse Source 
Separate the task security context from task_struct.  At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.

Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.

With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells
2008-11-14 10:39:16 +11:00
committed by James Morris
parent 15a2460ed0
commit b6dff3ec5e
63 changed files with 830 additions and 675 deletions
Download Patch File Download Diff File Expand all files Collapse all files
arch/alpha/kernel/asm-offsets.c
+7 -4
View File
@@ -19,15 +19,18 @@ void foo(void)
BLANK(); BLANK();
DEFINE(TASK_BLOCKED, offsetof(struct task_struct, blocked)); DEFINE(TASK_BLOCKED, offsetof(struct task_struct, blocked));
DEFINE(TASK_UID, offsetof(struct task_struct, uid)); DEFINE(TASK_CRED, offsetof(struct task_struct, cred));
DEFINE(TASK_EUID, offsetof(struct task_struct, euid));
DEFINE(TASK_GID, offsetof(struct task_struct, gid));
DEFINE(TASK_EGID, offsetof(struct task_struct, egid));
DEFINE(TASK_REAL_PARENT, offsetof(struct task_struct, real_parent)); DEFINE(TASK_REAL_PARENT, offsetof(struct task_struct, real_parent));
DEFINE(TASK_GROUP_LEADER, offsetof(struct task_struct, group_leader)); DEFINE(TASK_GROUP_LEADER, offsetof(struct task_struct, group_leader));
DEFINE(TASK_TGID, offsetof(struct task_struct, tgid)); DEFINE(TASK_TGID, offsetof(struct task_struct, tgid));
BLANK(); BLANK();
DEFINE(CRED_UID, offsetof(struct cred, uid));
DEFINE(CRED_EUID, offsetof(struct cred, euid));
DEFINE(CRED_GID, offsetof(struct cred, gid));
DEFINE(CRED_EGID, offsetof(struct cred, egid));
BLANK();
DEFINE(SIZEOF_PT_REGS, sizeof(struct pt_regs)); DEFINE(SIZEOF_PT_REGS, sizeof(struct pt_regs));
DEFINE(PT_PTRACED, PT_PTRACED); DEFINE(PT_PTRACED, PT_PTRACED);
DEFINE(CLONE_VM, CLONE_VM); DEFINE(CLONE_VM, CLONE_VM);
arch/alpha/kernel/entry.S
+6 -4
View File
@@ -850,8 +850,9 @@ osf_getpriority:
sys_getxuid: sys_getxuid:
.prologue 0 .prologue 0
ldq $2, TI_TASK($8) ldq $2, TI_TASK($8)
ldl $0, TASK_UID($2) ldq $3, TASK_CRED($2)
ldl $1, TASK_EUID($2) ldl $0, CRED_UID($3)
ldl $1, CRED_EUID($3)
stq $1, 80($sp) stq $1, 80($sp)
ret ret
.end sys_getxuid .end sys_getxuid
@@ -862,8 +863,9 @@ sys_getxuid:
sys_getxgid: sys_getxgid:
.prologue 0 .prologue 0
ldq $2, TI_TASK($8) ldq $2, TI_TASK($8)
ldl $0, TASK_GID($2) ldq $3, TASK_CRED($2)
ldl $1, TASK_EGID($2) ldl $0, CRED_GID($3)
ldl $1, CRED_EGID($3)
stq $1, 80($sp) stq $1, 80($sp)
ret ret
.end sys_getxgid .end sys_getxgid
arch/ia64/ia32/sys_ia32.c
+4 -4
View File
@@ -1772,20 +1772,20 @@ sys32_getgroups16 (int gidsetsize, short __user *grouplist)
if (gidsetsize < 0) if (gidsetsize < 0)
return -EINVAL; return -EINVAL;
get_group_info(current->group_info); get_group_info(current->cred->group_info);
i = current->group_info->ngroups; i = current->cred->group_info->ngroups;
if (gidsetsize) { if (gidsetsize) {
if (i > gidsetsize) { if (i > gidsetsize) {
i = -EINVAL; i = -EINVAL;
goto out; goto out;
} }
if (groups16_to_user(grouplist, current->group_info)) { if (groups16_to_user(grouplist, current->cred->group_info)) {
i = -EFAULT; i = -EFAULT;
goto out; goto out;
} }
} }
out: out:
put_group_info(current->group_info); put_group_info(current->cred->group_info);
return i; return i;
} }
arch/mips/kernel/kspd.c
+2 -2
View File
@@ -174,8 +174,8 @@ static unsigned int translate_open_flags(int flags)
static void sp_setfsuidgid( uid_t uid, gid_t gid) static void sp_setfsuidgid( uid_t uid, gid_t gid)
{ {
current->fsuid = uid; current->cred->fsuid = uid;
current->fsgid = gid; current->cred->fsgid = gid;
key_fsuid_changed(current); key_fsuid_changed(current);
key_fsgid_changed(current); key_fsgid_changed(current);
arch/s390/kernel/compat_linux.c
+14 -14
View File
@@ -148,9 +148,9 @@ asmlinkage long sys32_getresuid16(u16 __user *ruid, u16 __user *euid, u16 __user
{ {
int retval; int retval;
if (!(retval = put_user(high2lowuid(current->uid), ruid)) && if (!(retval = put_user(high2lowuid(current->cred->uid), ruid)) &&
!(retval = put_user(high2lowuid(current->euid), euid))) !(retval = put_user(high2lowuid(current->cred->euid), euid)))
retval = put_user(high2lowuid(current->suid), suid); retval = put_user(high2lowuid(current->cred->suid), suid);
return retval; return retval;
} }
@@ -165,9 +165,9 @@ asmlinkage long sys32_getresgid16(u16 __user *rgid, u16 __user *egid, u16 __user
{ {
int retval; int retval;
if (!(retval = put_user(high2lowgid(current->gid), rgid)) && if (!(retval = put_user(high2lowgid(current->cred->gid), rgid)) &&
!(retval = put_user(high2lowgid(current->egid), egid))) !(retval = put_user(high2lowgid(current->cred->egid), egid)))
retval = put_user(high2lowgid(current->sgid), sgid); retval = put_user(high2lowgid(current->cred->sgid), sgid);
return retval; return retval;
} }
@@ -217,20 +217,20 @@ asmlinkage long sys32_getgroups16(int gidsetsize, u16 __user *grouplist)
if (gidsetsize < 0) if (gidsetsize < 0)
return -EINVAL; return -EINVAL;
get_group_info(current->group_info); get_group_info(current->cred->group_info);
i = current->group_info->ngroups; i = current->cred->group_info->ngroups;
if (gidsetsize) { if (gidsetsize) {
if (i > gidsetsize) { if (i > gidsetsize) {
i = -EINVAL; i = -EINVAL;
goto out; goto out;
} }
if (groups16_to_user(grouplist, current->group_info)) { if (groups16_to_user(grouplist, current->cred->group_info)) {
i = -EFAULT; i = -EFAULT;
goto out; goto out;
} }
} }
out: out:
put_group_info(current->group_info); put_group_info(current->cred->group_info);
return i; return i;
} }
@@ -261,22 +261,22 @@ asmlinkage long sys32_setgroups16(int gidsetsize, u16 __user *grouplist)
asmlinkage long sys32_getuid16(void) asmlinkage long sys32_getuid16(void)
{ {
return high2lowuid(current->uid); return high2lowuid(current->cred->uid);
} }
asmlinkage long sys32_geteuid16(void) asmlinkage long sys32_geteuid16(void)
{ {
return high2lowuid(current->euid); return high2lowuid(current->cred->euid);
} }
asmlinkage long sys32_getgid16(void) asmlinkage long sys32_getgid16(void)
{ {
return high2lowgid(current->gid); return high2lowgid(current->cred->gid);
} }
asmlinkage long sys32_getegid16(void) asmlinkage long sys32_getegid16(void)
{ {
return high2lowgid(current->egid); return high2lowgid(current->cred->egid);
} }
/* /*
drivers/connector/cn_proc.c
+4 -4
View File
@@ -116,11 +116,11 @@ void proc_id_connector(struct task_struct *task, int which_id)
ev->event_data.id.process_pid = task->pid; ev->event_data.id.process_pid = task->pid;
ev->event_data.id.process_tgid = task->tgid; ev->event_data.id.process_tgid = task->tgid;
if (which_id == PROC_EVENT_UID) { if (which_id == PROC_EVENT_UID) {
ev->event_data.id.r.ruid = task->uid; ev->event_data.id.r.ruid = task->cred->uid;
ev->event_data.id.e.euid = task->euid; ev->event_data.id.e.euid = task->cred->euid;
} else if (which_id == PROC_EVENT_GID) { } else if (which_id == PROC_EVENT_GID) {
ev->event_data.id.r.rgid = task->gid; ev->event_data.id.r.rgid = task->cred->gid;
ev->event_data.id.e.egid = task->egid; ev->event_data.id.e.egid = task->cred->egid;
} else } else
return; return;
get_seq(&msg->seq, &ev->cpu); get_seq(&msg->seq, &ev->cpu);
fs/binfmt_elf.c
+6 -6
View File
@@ -223,10 +223,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
NEW_AUX_ENT(AT_BASE, interp_load_addr); NEW_AUX_ENT(AT_BASE, interp_load_addr);
NEW_AUX_ENT(AT_FLAGS, 0); NEW_AUX_ENT(AT_FLAGS, 0);
NEW_AUX_ENT(AT_ENTRY, exec->e_entry); NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
NEW_AUX_ENT(AT_UID, tsk->uid); NEW_AUX_ENT(AT_UID, tsk->cred->uid);
NEW_AUX_ENT(AT_EUID, tsk->euid); NEW_AUX_ENT(AT_EUID, tsk->cred->euid);
NEW_AUX_ENT(AT_GID, tsk->gid); NEW_AUX_ENT(AT_GID, tsk->cred->gid);
NEW_AUX_ENT(AT_EGID, tsk->egid); NEW_AUX_ENT(AT_EGID, tsk->cred->egid);
NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
NEW_AUX_ENT(AT_EXECFN, bprm->exec); NEW_AUX_ENT(AT_EXECFN, bprm->exec);
if (k_platform) { if (k_platform) {
@@ -1388,8 +1388,8 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
psinfo->pr_zomb = psinfo->pr_sname == 'Z'; psinfo->pr_zomb = psinfo->pr_sname == 'Z';
psinfo->pr_nice = task_nice(p); psinfo->pr_nice = task_nice(p);
psinfo->pr_flag = p->flags; psinfo->pr_flag = p->flags;
SET_UID(psinfo->pr_uid, p->uid); SET_UID(psinfo->pr_uid, p->cred->uid);
SET_GID(psinfo->pr_gid, p->gid); SET_GID(psinfo->pr_gid, p->cred->gid);
strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
return 0; return 0;
fs/binfmt_elf_fdpic.c
+6 -6
View File
@@ -623,10 +623,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm,
NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
NEW_AUX_ENT(AT_FLAGS, 0); NEW_AUX_ENT(AT_FLAGS, 0);
NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
NEW_AUX_ENT(AT_UID, (elf_addr_t) current_uid()); NEW_AUX_ENT(AT_UID, (elf_addr_t) current->cred->uid);
NEW_AUX_ENT(AT_EUID, (elf_addr_t) current_euid()); NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->cred->euid);
NEW_AUX_ENT(AT_GID, (elf_addr_t) current_gid()); NEW_AUX_ENT(AT_GID, (elf_addr_t) current->cred->gid);
NEW_AUX_ENT(AT_EGID, (elf_addr_t) current_egid()); NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->cred->egid);
NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
NEW_AUX_ENT(AT_EXECFN, bprm->exec); NEW_AUX_ENT(AT_EXECFN, bprm->exec);
@@ -1440,8 +1440,8 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
psinfo->pr_zomb = psinfo->pr_sname == 'Z'; psinfo->pr_zomb = psinfo->pr_sname == 'Z';
psinfo->pr_nice = task_nice(p); psinfo->pr_nice = task_nice(p);
psinfo->pr_flag = p->flags; psinfo->pr_flag = p->flags;
SET_UID(psinfo->pr_uid, p->uid); SET_UID(psinfo->pr_uid, p->cred->uid);
SET_GID(psinfo->pr_gid, p->gid); SET_GID(psinfo->pr_gid, p->cred->gid);
strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
return 0; return 0;
fs/exec.c
+2 -2
View File
@@ -1738,7 +1738,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
*/ */
if (get_dumpable(mm) == 2) { /* Setuid core dump mode */ if (get_dumpable(mm) == 2) { /* Setuid core dump mode */
flag = O_EXCL; /* Stop rewrite attacks */ flag = O_EXCL; /* Stop rewrite attacks */
current->fsuid = 0; /* Dump root private */ current->cred->fsuid = 0; /* Dump root private */
} }
retval = coredump_wait(exit_code, &core_state); retval = coredump_wait(exit_code, &core_state);
@@ -1834,7 +1834,7 @@ fail_unlock:
if (helper_argv) if (helper_argv)
argv_free(helper_argv); argv_free(helper_argv);
current->fsuid = fsuid; current->cred->fsuid = fsuid;
coredump_finish(mm); coredump_finish(mm);
fail: fail:
return retval; return retval;
fs/fcntl.c
+2 -2
View File
@@ -401,8 +401,8 @@ static inline int sigio_perm(struct task_struct *p,
struct fown_struct *fown, int sig) struct fown_struct *fown, int sig)
{ {
return (((fown->euid == 0) || return (((fown->euid == 0) ||
(fown->euid == p->suid) || (fown->euid == p->uid) || (fown->euid == p->cred->suid) || (fown->euid == p->cred->uid) ||
(fown->uid == p->suid) || (fown->uid == p->uid)) && (fown->uid == p->cred->suid) || (fown->uid == p->cred->uid)) &&
!security_file_send_sigiotask(p, fown, sig)); !security_file_send_sigiotask(p, fown, sig));
} }
fs/file_table.c
+2 -2
View File
@@ -122,8 +122,8 @@ struct file *get_empty_filp(void)
INIT_LIST_HEAD(&f->f_u.fu_list); INIT_LIST_HEAD(&f->f_u.fu_list);
atomic_long_set(&f->f_count, 1); atomic_long_set(&f->f_count, 1);
rwlock_init(&f->f_owner.lock); rwlock_init(&f->f_owner.lock);
f->f_uid = tsk->fsuid; f->f_uid = tsk->cred->fsuid;
f->f_gid = tsk->fsgid; f->f_gid = tsk->cred->fsgid;
eventpoll_init_file(f); eventpoll_init_file(f);
/* f->f_version: 0 */ /* f->f_version: 0 */
return f; return f;
fs/fuse/dir.c
+6 -6
View File
@@ -872,12 +872,12 @@ int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task)
if (fc->flags & FUSE_ALLOW_OTHER) if (fc->flags & FUSE_ALLOW_OTHER)
return 1; return 1;
if (task->euid == fc->user_id && if (task->cred->euid == fc->user_id &&
task->suid == fc->user_id && task->cred->suid == fc->user_id &&
task->uid == fc->user_id && task->cred->uid == fc->user_id &&
task->egid == fc->group_id && task->cred->egid == fc->group_id &&
task->sgid == fc->group_id && task->cred->sgid == fc->group_id &&
task->gid == fc->group_id) task->cred->gid == fc->group_id)
return 1; return 1;
return 0; return 0;
fs/hugetlbfs/inode.c
+2 -2
View File
@@ -958,7 +958,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size)
if (!can_do_hugetlb_shm()) if (!can_do_hugetlb_shm())
return ERR_PTR(-EPERM); return ERR_PTR(-EPERM);
if (!user_shm_lock(size, current->user)) if (!user_shm_lock(size, current->cred->user))
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
root = hugetlbfs_vfsmount->mnt_root; root = hugetlbfs_vfsmount->mnt_root;
@@ -998,7 +998,7 @@ out_inode:
out_dentry: out_dentry:
dput(dentry); dput(dentry);
out_shm_unlock: out_shm_unlock:
user_shm_unlock(size, current->user); user_shm_unlock(size, current->cred->user);
return ERR_PTR(error); return ERR_PTR(error);
} }
fs/ioprio.c
+6 -6
View File
@@ -32,8 +32,8 @@ static int set_task_ioprio(struct task_struct *task, int ioprio)
int err; int err;
struct io_context *ioc; struct io_context *ioc;
if (task->uid != current_euid() && if (task->cred->uid != current_euid() &&
task->uid != current_uid() && !capable(CAP_SYS_NICE)) task->cred->uid != current_uid() && !capable(CAP_SYS_NICE))
return -EPERM; return -EPERM;
err = security_task_setioprio(task, ioprio); err = security_task_setioprio(task, ioprio);
@@ -123,7 +123,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio)
break; break;
case IOPRIO_WHO_USER: case IOPRIO_WHO_USER:
if (!who) if (!who)
user = current->user; user = current->cred->user;
else else
user = find_user(who); user = find_user(who);
@@ -131,7 +131,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio)
break; break;
do_each_thread(g, p) { do_each_thread(g, p) {
if (p->uid != who) if (p->cred->uid != who)
continue; continue;
ret = set_task_ioprio(p, ioprio); ret = set_task_ioprio(p, ioprio);
if (ret) if (ret)
@@ -216,7 +216,7 @@ asmlinkage long sys_ioprio_get(int which, int who)
break; break;
case IOPRIO_WHO_USER: case IOPRIO_WHO_USER:
if (!who) if (!who)
user = current->user; user = current->cred->user;
else else
user = find_user(who); user = find_user(who);
@@ -224,7 +224,7 @@ asmlinkage long sys_ioprio_get(int which, int who)
break; break;
do_each_thread(g, p) { do_each_thread(g, p) {
if (p->uid != user->uid) if (p->cred->uid != user->uid)
continue; continue;
tmpio = get_task_ioprio(p); tmpio = get_task_ioprio(p);
if (tmpio < 0) if (tmpio < 0)
fs/nfsd/auth.c
+12 -10
View File
@@ -27,6 +27,7 @@ int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
{ {
struct cred *act_as = current->cred ;
struct svc_cred cred = rqstp->rq_cred; struct svc_cred cred = rqstp->rq_cred;
int i; int i;
int flags = nfsexp_flags(rqstp, exp); int flags = nfsexp_flags(rqstp, exp);
@@ -55,25 +56,26 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
get_group_info(cred.cr_group_info); get_group_info(cred.cr_group_info);
if (cred.cr_uid != (uid_t) -1) if (cred.cr_uid != (uid_t) -1)
current->fsuid = cred.cr_uid; act_as->fsuid = cred.cr_uid;
else else
current->fsuid = exp->ex_anon_uid; act_as->fsuid = exp->ex_anon_uid;
if (cred.cr_gid != (gid_t) -1) if (cred.cr_gid != (gid_t) -1)
current->fsgid = cred.cr_gid; act_as->fsgid = cred.cr_gid;
else else
current->fsgid = exp->ex_anon_gid; act_as->fsgid = exp->ex_anon_gid;
if (!cred.cr_group_info) if (!cred.cr_group_info)
return -ENOMEM; return -ENOMEM;
ret = set_current_groups(cred.cr_group_info); ret = set_groups(act_as, cred.cr_group_info);
put_group_info(cred.cr_group_info); put_group_info(cred.cr_group_info);
if ((cred.cr_uid)) { if ((cred.cr_uid)) {
current->cap_effective = act_as->cap_effective =
cap_drop_nfsd_set(current->cap_effective); cap_drop_nfsd_set(act_as->cap_effective);
} else { } else {
current->cap_effective = act_as->cap_effective =
cap_raise_nfsd_set(current->cap_effective, cap_raise_nfsd_set(act_as->cap_effective,
current->cap_permitted); act_as->cap_permitted);
} }
return ret; return ret;
} }
fs/nfsd/nfs4recover.c
+6 -6
View File
@@ -57,17 +57,17 @@ static int rec_dir_init = 0;
static void static void
nfs4_save_user(uid_t *saveuid, gid_t *savegid) nfs4_save_user(uid_t *saveuid, gid_t *savegid)
{ {
*saveuid = current->fsuid; *saveuid = current->cred->fsuid;
*savegid = current->fsgid; *savegid = current->cred->fsgid;
current->fsuid = 0; current->cred->fsuid = 0;
current->fsgid = 0; current->cred->fsgid = 0;
} }
static void static void
nfs4_reset_user(uid_t saveuid, gid_t savegid) nfs4_reset_user(uid_t saveuid, gid_t savegid)
{ {
current->fsuid = saveuid; current->cred->fsuid = saveuid;
current->fsgid = savegid; current->cred->fsgid = savegid;
} }
static void static void
fs/nfsd/nfsfh.c
+3 -3
View File
@@ -186,9 +186,9 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp)
* access control settings being in effect, we cannot * access control settings being in effect, we cannot
* fix that case easily. * fix that case easily.
*/ */
current->cap_effective = current->cred->cap_effective =
cap_raise_nfsd_set(current->cap_effective, cap_raise_nfsd_set(current->cred->cap_effective,
current->cap_permitted); current->cred->cap_permitted);
} else { } else {
error = nfsd_setuser_and_check_port(rqstp, exp); error = nfsd_setuser_and_check_port(rqstp, exp);
if (error) if (error)
fs/open.c
+9 -8
View File
@@ -425,6 +425,7 @@ out:
*/ */
asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
{ {
struct cred *cred = current->cred;
struct path path; struct path path;
struct inode *inode; struct inode *inode;
int old_fsuid, old_fsgid; int old_fsuid, old_fsgid;
@@ -434,18 +435,18 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
return -EINVAL; return -EINVAL;
old_fsuid = current->fsuid; old_fsuid = cred->fsuid;
old_fsgid = current->fsgid; old_fsgid = cred->fsgid;
current->fsuid = current->uid; cred->fsuid = cred->uid;
current->fsgid = current->gid; cred->fsgid = cred->gid;
if (!issecure(SECURE_NO_SETUID_FIXUP)) { if (!issecure(SECURE_NO_SETUID_FIXUP)) {
/* Clear the capabilities if we switch to a non-root user */ /* Clear the capabilities if we switch to a non-root user */
if (current->uid) if (current->cred->uid)
old_cap = cap_set_effective(__cap_empty_set); old_cap = cap_set_effective(__cap_empty_set);
else else
old_cap = cap_set_effective(current->cap_permitted); old_cap = cap_set_effective(cred->cap_permitted);
} }
res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
@@ -484,8 +485,8 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
out_path_release: out_path_release:
path_put(&path); path_put(&path);
out: out:
current->fsuid = old_fsuid; cred->fsuid = old_fsuid;
current->fsgid = old_fsgid; cred->fsgid = old_fsgid;
if (!issecure(SECURE_NO_SETUID_FIXUP)) if (!issecure(SECURE_NO_SETUID_FIXUP))
cap_set_effective(old_cap); cap_set_effective(old_cap);
fs/proc/array.c
+10 -8
View File
@@ -182,8 +182,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
task_tgid_nr_ns(p, ns), task_tgid_nr_ns(p, ns),
pid_nr_ns(pid, ns), pid_nr_ns(pid, ns),
ppid, tpid, ppid, tpid,
p->uid, p->euid, p->suid, p->fsuid, p->cred->uid, p->cred->euid, p->cred->suid, p->cred->fsuid,
p->gid, p->egid, p->sgid, p->fsgid); p->cred->gid, p->cred->egid, p->cred->sgid, p->cred->fsgid);
task_lock(p); task_lock(p);
if (p->files) if (p->files)
@@ -194,7 +194,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
fdt ? fdt->max_fds : 0); fdt ? fdt->max_fds : 0);
rcu_read_unlock(); rcu_read_unlock();
group_info = p->group_info; group_info = p->cred->group_info;
get_group_info(group_info); get_group_info(group_info);
task_unlock(p); task_unlock(p);
@@ -262,7 +262,7 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p)
blocked = p->blocked; blocked = p->blocked;
collect_sigign_sigcatch(p, &ignored, &caught); collect_sigign_sigcatch(p, &ignored, &caught);
num_threads = atomic_read(&p->signal->count); num_threads = atomic_read(&p->signal->count);
qsize = atomic_read(&p->user->sigpending); qsize = atomic_read(&p->cred->user->sigpending);
qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur;
unlock_task_sighand(p, &flags); unlock_task_sighand(p, &flags);
} }
@@ -293,10 +293,12 @@ static void render_cap_t(struct seq_file *m, const char *header,
static inline void task_cap(struct seq_file *m, struct task_struct *p) static inline void task_cap(struct seq_file *m, struct task_struct *p)
{ {
render_cap_t(m, "CapInh:\t", &p->cap_inheritable); struct cred *cred = p->cred;
render_cap_t(m, "CapPrm:\t", &p->cap_permitted);
render_cap_t(m, "CapEff:\t", &p->cap_effective); render_cap_t(m, "CapInh:\t", &cred->cap_inheritable);
render_cap_t(m, "CapBnd:\t", &p->cap_bset); render_cap_t(m, "CapPrm:\t", &cred->cap_permitted);
render_cap_t(m, "CapEff:\t", &cred->cap_effective);
render_cap_t(m, "CapBnd:\t", &cred->cap_bset);
} }
static inline void task_context_switch_counts(struct seq_file *m, static inline void task_context_switch_counts(struct seq_file *m,
fs/proc/base.c
+8 -8
View File
@@ -1428,8 +1428,8 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st
inode->i_uid = 0; inode->i_uid = 0;
inode->i_gid = 0; inode->i_gid = 0;
if (task_dumpable(task)) { if (task_dumpable(task)) {
inode->i_uid = task->euid; inode->i_uid = task->cred->euid;
inode->i_gid = task->egid; inode->i_gid = task->cred->egid;
} }
security_task_to_inode(task, inode); security_task_to_inode(task, inode);
@@ -1454,8 +1454,8 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat
if (task) { if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
task_dumpable(task)) { task_dumpable(task)) {
stat->uid = task->euid; stat->uid = task->cred->euid;
stat->gid = task->egid; stat->gid = task->cred->egid;
} }
} }
rcu_read_unlock(); rcu_read_unlock();
@@ -1486,8 +1486,8 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
if (task) { if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
task_dumpable(task)) { task_dumpable(task)) {
inode->i_uid = task->euid; inode->i_uid = task->cred->euid;
inode->i_gid = task->egid; inode->i_gid = task->cred->egid;
} else { } else {
inode->i_uid = 0; inode->i_uid = 0;
inode->i_gid = 0; inode->i_gid = 0;
@@ -1658,8 +1658,8 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd)
rcu_read_unlock(); rcu_read_unlock();
put_files_struct(files); put_files_struct(files);
if (task_dumpable(task)) { if (task_dumpable(task)) {
inode->i_uid = task->euid; inode->i_uid = task->cred->euid;
inode->i_gid = task->egid; inode->i_gid = task->cred->egid;
} else { } else {
inode->i_uid = 0; inode->i_uid = 0;
inode->i_gid = 0; inode->i_gid = 0;

Some files were not shown because too many files have changed in this diff Show More