mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-10-27 07:17:35 +03:00
Kernel: Add Credentials to hold a set of user and group IDs
This patch adds a new object to hold a Process's user credentials: - UID, EUID, SUID - GID, EGID, SGID, extra GIDs Credentials are immutable and child processes initially inherit the Credentials object from their parent. Whenever a process changes one or more of its user/group IDs, a new Credentials object is constructed. Any code that wants to inspect and act on a set of credentials can now do so without worrying about data races.
This commit is contained in:
parent
bec314611d
commit
122d7d9533
Notes:
sideshowbarker
2024-07-17 08:07:09 +09:00
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/122d7d9533
@ -43,6 +43,7 @@ set(KERNEL_SOURCES
|
||||
CMOS.cpp
|
||||
CommandLine.cpp
|
||||
Coredump.cpp
|
||||
Credentials.cpp
|
||||
Devices/AsyncDeviceRequest.cpp
|
||||
Devices/Audio/AC97.cpp
|
||||
Devices/Audio/Channel.cpp
|
||||
|
32
Kernel/Credentials.cpp
Normal file
32
Kernel/Credentials.cpp
Normal file
@ -0,0 +1,32 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Andreas Kling <kling@serenityos.org>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
#include <AK/NonnullRefPtr.h>
|
||||
#include <AK/RefPtr.h>
|
||||
#include <Kernel/Credentials.h>
|
||||
|
||||
namespace Kernel {
|
||||
|
||||
ErrorOr<NonnullRefPtr<Credentials>> Credentials::create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids)
|
||||
{
|
||||
auto extra_gids_array = TRY(FixedArray<GroupID>::try_create(extra_gids));
|
||||
return adopt_nonnull_ref_or_enomem(new (nothrow) Credentials(uid, gid, euid, egid, suid, sgid, move(extra_gids_array)));
|
||||
}
|
||||
|
||||
Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids)
|
||||
: m_uid(uid)
|
||||
, m_gid(gid)
|
||||
, m_euid(euid)
|
||||
, m_egid(egid)
|
||||
, m_suid(suid)
|
||||
, m_sgid(sgid)
|
||||
, m_extra_gids(move(extra_gids))
|
||||
{
|
||||
}
|
||||
|
||||
Credentials::~Credentials() = default;
|
||||
|
||||
}
|
42
Kernel/Credentials.h
Normal file
42
Kernel/Credentials.h
Normal file
@ -0,0 +1,42 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Andreas Kling <kling@serenityos.org>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <AK/AtomicRefCounted.h>
|
||||
#include <AK/FixedArray.h>
|
||||
#include <Kernel/Forward.h>
|
||||
|
||||
namespace Kernel {
|
||||
|
||||
class Credentials final : public AtomicRefCounted<Credentials> {
|
||||
public:
|
||||
static ErrorOr<NonnullRefPtr<Credentials>> create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids);
|
||||
~Credentials();
|
||||
|
||||
bool is_superuser() const { return euid() == 0; }
|
||||
|
||||
UserID euid() const { return m_euid; }
|
||||
GroupID egid() const { return m_egid; }
|
||||
UserID uid() const { return m_uid; }
|
||||
GroupID gid() const { return m_gid; }
|
||||
UserID suid() const { return m_suid; }
|
||||
GroupID sgid() const { return m_sgid; }
|
||||
Span<GroupID const> extra_gids() const { return m_extra_gids.span(); }
|
||||
|
||||
private:
|
||||
Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids);
|
||||
|
||||
UserID m_uid;
|
||||
GroupID m_gid;
|
||||
UserID m_euid;
|
||||
GroupID m_egid;
|
||||
UserID m_suid;
|
||||
GroupID m_sgid;
|
||||
FixedArray<GroupID> m_extra_gids;
|
||||
};
|
||||
|
||||
}
|
@ -11,17 +11,20 @@ namespace Kernel {
|
||||
|
||||
bool InodeMetadata::may_read(Process const& process) const
|
||||
{
|
||||
return may_read(process.euid(), process.egid(), process.extra_gids());
|
||||
auto credentials = process.credentials();
|
||||
return may_read(credentials->euid(), credentials->egid(), credentials->extra_gids());
|
||||
}
|
||||
|
||||
bool InodeMetadata::may_write(Process const& process) const
|
||||
{
|
||||
return may_write(process.euid(), process.egid(), process.extra_gids());
|
||||
auto credentials = process.credentials();
|
||||
return may_write(credentials->euid(), credentials->egid(), credentials->extra_gids());
|
||||
}
|
||||
|
||||
bool InodeMetadata::may_execute(Process const& process) const
|
||||
{
|
||||
return may_execute(process.euid(), process.egid(), process.extra_gids());
|
||||
auto credentials = process.credentials();
|
||||
return may_execute(credentials->euid(), credentials->egid(), credentials->extra_gids());
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -14,6 +14,7 @@ namespace Kernel {
|
||||
class BlockDevice;
|
||||
class CharacterDevice;
|
||||
class Coredump;
|
||||
class Credentials;
|
||||
class Custody;
|
||||
class DevTmpFSDeviceInode;
|
||||
class DevTmpFSDirectoryInode;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018-2021, Andreas Kling <kling@serenityos.org>
|
||||
* Copyright (c) 2018-2022, Andreas Kling <kling@serenityos.org>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
@ -11,6 +11,7 @@
|
||||
#include <Kernel/API/Syscall.h>
|
||||
#include <Kernel/Arch/InterruptDisabler.h>
|
||||
#include <Kernel/Coredump.h>
|
||||
#include <Kernel/Credentials.h>
|
||||
#include <Kernel/Debug.h>
|
||||
#include <Kernel/Devices/DeviceManagement.h>
|
||||
#ifdef ENABLE_KERNEL_COVERAGE_COLLECTION
|
||||
@ -85,7 +86,8 @@ UNMAP_AFTER_INIT void Process::initialize()
|
||||
|
||||
bool Process::in_group(GroupID gid) const
|
||||
{
|
||||
return this->gid() == gid || extra_gids().contains_slow(gid);
|
||||
auto credentials = this->credentials();
|
||||
return credentials->gid() == gid || credentials->extra_gids().contains_slow(gid);
|
||||
}
|
||||
|
||||
void Process::kill_threads_except_self()
|
||||
@ -224,12 +226,13 @@ ErrorOr<NonnullLockRefPtr<Process>> Process::try_create(LockRefPtr<Thread>& firs
|
||||
{
|
||||
auto space = TRY(Memory::AddressSpace::try_create(fork_parent ? &fork_parent->address_space() : nullptr));
|
||||
auto unveil_tree = UnveilNode { TRY(KString::try_create("/"sv)), UnveilMetadata(TRY(KString::try_create("/"sv))) };
|
||||
auto process = TRY(adopt_nonnull_lock_ref_or_enomem(new (nothrow) Process(move(name), uid, gid, ppid, is_kernel_process, move(current_directory), move(executable), tty, move(unveil_tree))));
|
||||
auto credentials = TRY(Credentials::create(uid, gid, uid, gid, uid, gid, {}));
|
||||
auto process = TRY(adopt_nonnull_lock_ref_or_enomem(new (nothrow) Process(move(name), move(credentials), ppid, is_kernel_process, move(current_directory), move(executable), tty, move(unveil_tree))));
|
||||
TRY(process->attach_resources(move(space), first_thread, fork_parent));
|
||||
return process;
|
||||
}
|
||||
|
||||
Process::Process(NonnullOwnPtr<KString> name, UserID uid, GroupID gid, ProcessID ppid, bool is_kernel_process, LockRefPtr<Custody> current_directory, LockRefPtr<Custody> executable, TTY* tty, UnveilNode unveil_tree)
|
||||
Process::Process(NonnullOwnPtr<KString> name, NonnullRefPtr<Credentials> credentials, ProcessID ppid, bool is_kernel_process, LockRefPtr<Custody> current_directory, LockRefPtr<Custody> executable, TTY* tty, UnveilNode unveil_tree)
|
||||
: m_name(move(name))
|
||||
, m_is_kernel_process(is_kernel_process)
|
||||
, m_executable(move(executable))
|
||||
@ -243,12 +246,7 @@ Process::Process(NonnullOwnPtr<KString> name, UserID uid, GroupID gid, ProcessID
|
||||
|
||||
m_protected_values.pid = allocate_pid();
|
||||
m_protected_values.ppid = ppid;
|
||||
m_protected_values.uid = uid;
|
||||
m_protected_values.gid = gid;
|
||||
m_protected_values.euid = uid;
|
||||
m_protected_values.egid = gid;
|
||||
m_protected_values.suid = uid;
|
||||
m_protected_values.sgid = gid;
|
||||
m_protected_values.credentials = move(credentials);
|
||||
|
||||
dbgln_if(PROCESS_DEBUG, "Created new process {}({})", m_name, this->pid().value());
|
||||
}
|
||||
@ -938,4 +936,39 @@ ErrorOr<void> Process::require_promise(Pledge promise)
|
||||
return EPROMISEVIOLATION;
|
||||
}
|
||||
|
||||
UserID Process::uid() const
|
||||
{
|
||||
return credentials()->uid();
|
||||
}
|
||||
|
||||
GroupID Process::gid() const
|
||||
{
|
||||
return credentials()->gid();
|
||||
}
|
||||
|
||||
UserID Process::euid() const
|
||||
{
|
||||
return credentials()->euid();
|
||||
}
|
||||
|
||||
GroupID Process::egid() const
|
||||
{
|
||||
return credentials()->egid();
|
||||
}
|
||||
|
||||
UserID Process::suid() const
|
||||
{
|
||||
return credentials()->suid();
|
||||
}
|
||||
|
||||
GroupID Process::sgid() const
|
||||
{
|
||||
return credentials()->sgid();
|
||||
}
|
||||
|
||||
NonnullRefPtr<Credentials> Process::credentials() const
|
||||
{
|
||||
return *m_protected_values.credentials;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018-2021, Andreas Kling <kling@serenityos.org>
|
||||
* Copyright (c) 2018-2022, Andreas Kling <kling@serenityos.org>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
@ -11,12 +11,14 @@
|
||||
#include <AK/IntrusiveList.h>
|
||||
#include <AK/IntrusiveListRelaxedConst.h>
|
||||
#include <AK/OwnPtr.h>
|
||||
#include <AK/RefPtr.h>
|
||||
#include <AK/Userspace.h>
|
||||
#include <AK/Variant.h>
|
||||
#include <Kernel/API/POSIX/sys/resource.h>
|
||||
#include <Kernel/API/Syscall.h>
|
||||
#include <Kernel/Assertions.h>
|
||||
#include <Kernel/AtomicEdgeAction.h>
|
||||
#include <Kernel/Credentials.h>
|
||||
#include <Kernel/FileSystem/InodeMetadata.h>
|
||||
#include <Kernel/FileSystem/OpenFileDescription.h>
|
||||
#include <Kernel/FileSystem/UnveilNode.h>
|
||||
@ -110,13 +112,8 @@ class Process final
|
||||
ProcessID pid { 0 };
|
||||
ProcessID ppid { 0 };
|
||||
SessionID sid { 0 };
|
||||
UserID euid { 0 };
|
||||
GroupID egid { 0 };
|
||||
UserID uid { 0 };
|
||||
GroupID gid { 0 };
|
||||
UserID suid { 0 };
|
||||
GroupID sgid { 0 };
|
||||
Vector<GroupID> extra_gids;
|
||||
// FIXME: This should be a NonnullRefPtr
|
||||
RefPtr<Credentials> credentials;
|
||||
bool dumpable { false };
|
||||
Atomic<bool> has_promises { false };
|
||||
Atomic<u32> promises { 0 };
|
||||
@ -226,15 +223,17 @@ public:
|
||||
bool is_session_leader() const { return sid().value() == pid().value(); }
|
||||
ProcessGroupID pgid() const { return m_pg ? m_pg->pgid() : 0; }
|
||||
bool is_group_leader() const { return pgid().value() == pid().value(); }
|
||||
Vector<GroupID> const& extra_gids() const { return m_protected_values.extra_gids; }
|
||||
UserID euid() const { return m_protected_values.euid; }
|
||||
GroupID egid() const { return m_protected_values.egid; }
|
||||
UserID uid() const { return m_protected_values.uid; }
|
||||
GroupID gid() const { return m_protected_values.gid; }
|
||||
UserID suid() const { return m_protected_values.suid; }
|
||||
GroupID sgid() const { return m_protected_values.sgid; }
|
||||
ProcessID ppid() const { return m_protected_values.ppid; }
|
||||
|
||||
NonnullRefPtr<Credentials> credentials() const;
|
||||
|
||||
UserID euid() const;
|
||||
GroupID egid() const;
|
||||
UserID uid() const;
|
||||
GroupID gid() const;
|
||||
UserID suid() const;
|
||||
GroupID sgid() const;
|
||||
|
||||
bool is_dumpable() const { return m_protected_values.dumpable; }
|
||||
void set_dumpable(bool);
|
||||
|
||||
@ -353,8 +352,8 @@ public:
|
||||
ErrorOr<FlatPtr> sys$sigpending(Userspace<sigset_t*>);
|
||||
ErrorOr<FlatPtr> sys$sigsuspend(Userspace<sigset_t const*>);
|
||||
ErrorOr<FlatPtr> sys$sigtimedwait(Userspace<sigset_t const*>, Userspace<siginfo_t*>, Userspace<timespec const*>);
|
||||
ErrorOr<FlatPtr> sys$getgroups(size_t, Userspace<gid_t*>);
|
||||
ErrorOr<FlatPtr> sys$setgroups(size_t, Userspace<gid_t const*>);
|
||||
ErrorOr<FlatPtr> sys$getgroups(size_t, Userspace<GroupID*>);
|
||||
ErrorOr<FlatPtr> sys$setgroups(size_t, Userspace<GroupID const*>);
|
||||
ErrorOr<FlatPtr> sys$pipe(Userspace<int*>, int flags);
|
||||
ErrorOr<FlatPtr> sys$killpg(pid_t pgrp, int sig);
|
||||
ErrorOr<FlatPtr> sys$seteuid(UserID);
|
||||
@ -557,7 +556,7 @@ private:
|
||||
bool add_thread(Thread&);
|
||||
bool remove_thread(Thread&);
|
||||
|
||||
Process(NonnullOwnPtr<KString> name, UserID, GroupID, ProcessID ppid, bool is_kernel_process, LockRefPtr<Custody> current_directory, LockRefPtr<Custody> executable, TTY* tty, UnveilNode unveil_tree);
|
||||
Process(NonnullOwnPtr<KString> name, NonnullRefPtr<Credentials>, ProcessID ppid, bool is_kernel_process, LockRefPtr<Custody> current_directory, LockRefPtr<Custody> executable, TTY* tty, UnveilNode unveil_tree);
|
||||
static ErrorOr<NonnullLockRefPtr<Process>> try_create(LockRefPtr<Thread>& first_thread, NonnullOwnPtr<KString> name, UserID, GroupID, ProcessID ppid, bool is_kernel_process, LockRefPtr<Custody> current_directory = nullptr, LockRefPtr<Custody> executable = nullptr, TTY* = nullptr, Process* fork_parent = nullptr);
|
||||
ErrorOr<void> attach_resources(NonnullOwnPtr<Memory::AddressSpace>&&, LockRefPtr<Thread>& first_thread, Process* fork_parent);
|
||||
static ProcessID allocate_pid();
|
||||
|
@ -495,6 +495,42 @@ ErrorOr<void> Process::do_exec(NonnullLockRefPtr<OpenFileDescription> main_progr
|
||||
if (has_interpreter)
|
||||
main_program_fd_allocation = TRY(allocate_fd());
|
||||
|
||||
auto old_credentials = this->credentials();
|
||||
auto new_credentials = old_credentials;
|
||||
|
||||
bool executable_is_setid = false;
|
||||
|
||||
if (!(main_program_description->custody()->mount_flags() & MS_NOSUID)) {
|
||||
auto main_program_metadata = main_program_description->metadata();
|
||||
|
||||
auto new_euid = old_credentials->euid();
|
||||
auto new_egid = old_credentials->egid();
|
||||
auto new_suid = old_credentials->suid();
|
||||
auto new_sgid = old_credentials->sgid();
|
||||
|
||||
if (main_program_metadata.is_setuid()) {
|
||||
executable_is_setid = true;
|
||||
new_euid = main_program_metadata.uid;
|
||||
new_suid = main_program_metadata.uid;
|
||||
}
|
||||
if (main_program_metadata.is_setgid()) {
|
||||
executable_is_setid = true;
|
||||
new_egid = main_program_metadata.gid;
|
||||
new_sgid = main_program_metadata.gid;
|
||||
}
|
||||
|
||||
if (executable_is_setid) {
|
||||
new_credentials = TRY(Credentials::create(
|
||||
old_credentials->uid(),
|
||||
old_credentials->gid(),
|
||||
new_euid,
|
||||
new_egid,
|
||||
new_suid,
|
||||
new_sgid,
|
||||
old_credentials->extra_gids()));
|
||||
}
|
||||
}
|
||||
|
||||
// We commit to the new executable at this point. There is no turning back!
|
||||
|
||||
// Prevent other processes from attaching to us with ptrace while we're doing this.
|
||||
@ -506,24 +542,10 @@ ErrorOr<void> Process::do_exec(NonnullLockRefPtr<OpenFileDescription> main_progr
|
||||
|
||||
kill_threads_except_self();
|
||||
|
||||
bool executable_is_setid = false;
|
||||
|
||||
if (!(main_program_description->custody()->mount_flags() & MS_NOSUID)) {
|
||||
auto main_program_metadata = main_program_description->metadata();
|
||||
if (main_program_metadata.is_setuid()) {
|
||||
executable_is_setid = true;
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.euid = main_program_metadata.uid;
|
||||
m_protected_values.suid = main_program_metadata.uid;
|
||||
}
|
||||
if (main_program_metadata.is_setgid()) {
|
||||
executable_is_setid = true;
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.egid = main_program_metadata.gid;
|
||||
m_protected_values.sgid = main_program_metadata.gid;
|
||||
}
|
||||
{
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.credentials = move(new_credentials);
|
||||
}
|
||||
|
||||
set_dumpable(!executable_is_setid);
|
||||
|
||||
// We make sure to enter the new address space before destroying the old one.
|
||||
|
@ -56,7 +56,7 @@ ErrorOr<FlatPtr> Process::sys$fork(RegisterState& regs)
|
||||
child->m_protected_values.has_promises = m_protected_values.has_promises.load();
|
||||
child->m_protected_values.has_execpromises = m_protected_values.has_execpromises.load();
|
||||
child->m_protected_values.sid = m_protected_values.sid;
|
||||
child->m_protected_values.extra_gids = m_protected_values.extra_gids;
|
||||
child->m_protected_values.credentials = m_protected_values.credentials;
|
||||
child->m_protected_values.umask = m_protected_values.umask;
|
||||
child->m_protected_values.signal_trampoline = m_protected_values.signal_trampoline;
|
||||
child->m_protected_values.dumpable = m_protected_values.dumpable;
|
||||
|
@ -36,35 +36,50 @@ ErrorOr<FlatPtr> Process::sys$getegid()
|
||||
return egid().value();
|
||||
}
|
||||
|
||||
ErrorOr<FlatPtr> Process::sys$getresuid(Userspace<UserID*> ruid, Userspace<UserID*> euid, Userspace<UserID*> suid)
|
||||
ErrorOr<FlatPtr> Process::sys$getresuid(Userspace<UserID*> user_ruid, Userspace<UserID*> user_euid, Userspace<UserID*> user_suid)
|
||||
{
|
||||
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
|
||||
TRY(require_promise(Pledge::stdio));
|
||||
TRY(copy_to_user(ruid, &m_protected_values.uid));
|
||||
TRY(copy_to_user(euid, &m_protected_values.euid));
|
||||
TRY(copy_to_user(suid, &m_protected_values.suid));
|
||||
|
||||
auto credentials = this->credentials();
|
||||
auto uid = credentials->uid();
|
||||
auto euid = credentials->euid();
|
||||
auto suid = credentials->suid();
|
||||
|
||||
TRY(copy_to_user(user_ruid, &uid));
|
||||
TRY(copy_to_user(user_euid, &euid));
|
||||
TRY(copy_to_user(user_suid, &suid));
|
||||
return 0;
|
||||
}
|
||||
|
||||
ErrorOr<FlatPtr> Process::sys$getresgid(Userspace<GroupID*> rgid, Userspace<GroupID*> egid, Userspace<GroupID*> sgid)
|
||||
ErrorOr<FlatPtr> Process::sys$getresgid(Userspace<GroupID*> user_rgid, Userspace<GroupID*> user_egid, Userspace<GroupID*> user_sgid)
|
||||
{
|
||||
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
|
||||
TRY(require_promise(Pledge::stdio));
|
||||
TRY(copy_to_user(rgid, &m_protected_values.gid));
|
||||
TRY(copy_to_user(egid, &m_protected_values.egid));
|
||||
TRY(copy_to_user(sgid, &m_protected_values.sgid));
|
||||
|
||||
auto credentials = this->credentials();
|
||||
auto gid = credentials->gid();
|
||||
auto egid = credentials->egid();
|
||||
auto sgid = credentials->sgid();
|
||||
|
||||
TRY(copy_to_user(user_rgid, &gid));
|
||||
TRY(copy_to_user(user_egid, &egid));
|
||||
TRY(copy_to_user(user_sgid, &sgid));
|
||||
return 0;
|
||||
}
|
||||
|
||||
ErrorOr<FlatPtr> Process::sys$getgroups(size_t count, Userspace<gid_t*> user_gids)
|
||||
ErrorOr<FlatPtr> Process::sys$getgroups(size_t count, Userspace<GroupID*> user_gids)
|
||||
{
|
||||
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
|
||||
TRY(require_promise(Pledge::stdio));
|
||||
|
||||
auto credentials = this->credentials();
|
||||
|
||||
if (!count)
|
||||
return extra_gids().size();
|
||||
if (count != extra_gids().size())
|
||||
return credentials->extra_gids().size();
|
||||
if (count != credentials->extra_gids().size())
|
||||
return EINVAL;
|
||||
TRY(copy_to_user(user_gids, extra_gids().data(), sizeof(gid_t) * count));
|
||||
TRY(copy_to_user(user_gids, credentials->extra_gids().data(), sizeof(GroupID) * count));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -16,15 +16,26 @@ ErrorOr<FlatPtr> Process::sys$seteuid(UserID new_euid)
|
||||
if (new_euid == (uid_t)-1)
|
||||
return EINVAL;
|
||||
|
||||
if (new_euid != uid() && new_euid != suid() && !is_superuser())
|
||||
auto credentials = this->credentials();
|
||||
|
||||
if (new_euid != credentials->uid() && new_euid != credentials->suid() && !credentials->is_superuser())
|
||||
return EPERM;
|
||||
|
||||
if (euid() != new_euid)
|
||||
set_dumpable(false);
|
||||
auto new_credentials = TRY(Credentials::create(
|
||||
credentials->uid(),
|
||||
credentials->gid(),
|
||||
new_euid,
|
||||
credentials->egid(),
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
|
||||
m_protected_values.euid = new_euid;
|
||||
if (credentials->euid() != new_euid)
|
||||
set_dumpable(false);
|
||||
|
||||
m_protected_values.credentials = move(new_credentials);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -36,14 +47,26 @@ ErrorOr<FlatPtr> Process::sys$setegid(GroupID new_egid)
|
||||
if (new_egid == (uid_t)-1)
|
||||
return EINVAL;
|
||||
|
||||
if (new_egid != gid() && new_egid != sgid() && !is_superuser())
|
||||
auto credentials = this->credentials();
|
||||
|
||||
if (new_egid != credentials->gid() && new_egid != credentials->sgid() && !credentials->is_superuser())
|
||||
return EPERM;
|
||||
|
||||
if (egid() != new_egid)
|
||||
set_dumpable(false);
|
||||
auto new_credentials = TRY(Credentials::create(
|
||||
credentials->uid(),
|
||||
credentials->gid(),
|
||||
credentials->euid(),
|
||||
new_egid,
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.egid = new_egid;
|
||||
|
||||
if (credentials->egid() != new_egid)
|
||||
set_dumpable(false);
|
||||
|
||||
m_protected_values.credentials = move(new_credentials);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -55,16 +78,26 @@ ErrorOr<FlatPtr> Process::sys$setuid(UserID new_uid)
|
||||
if (new_uid == (uid_t)-1)
|
||||
return EINVAL;
|
||||
|
||||
if (new_uid != uid() && new_uid != euid() && !is_superuser())
|
||||
auto credentials = this->credentials();
|
||||
|
||||
if (new_uid != credentials->uid() && new_uid != credentials->euid() && !credentials->is_superuser())
|
||||
return EPERM;
|
||||
|
||||
if (euid() != new_uid)
|
||||
set_dumpable(false);
|
||||
auto new_credentials = TRY(Credentials::create(
|
||||
new_uid,
|
||||
credentials->gid(),
|
||||
new_uid,
|
||||
credentials->egid(),
|
||||
new_uid,
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.uid = new_uid;
|
||||
m_protected_values.euid = new_uid;
|
||||
m_protected_values.suid = new_uid;
|
||||
|
||||
if (credentials->euid() != new_uid)
|
||||
set_dumpable(false);
|
||||
|
||||
m_protected_values.credentials = move(new_credentials);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -76,16 +109,26 @@ ErrorOr<FlatPtr> Process::sys$setgid(GroupID new_gid)
|
||||
if (new_gid == (uid_t)-1)
|
||||
return EINVAL;
|
||||
|
||||
if (new_gid != gid() && new_gid != egid() && !is_superuser())
|
||||
auto credentials = this->credentials();
|
||||
|
||||
if (new_gid != credentials->gid() && new_gid != credentials->egid() && !credentials->is_superuser())
|
||||
return EPERM;
|
||||
|
||||
if (egid() != new_gid)
|
||||
set_dumpable(false);
|
||||
auto new_credentials = TRY(Credentials::create(
|
||||
credentials->uid(),
|
||||
new_gid,
|
||||
credentials->euid(),
|
||||
new_gid,
|
||||
credentials->suid(),
|
||||
new_gid,
|
||||
credentials->extra_gids()));
|
||||
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.gid = new_gid;
|
||||
m_protected_values.egid = new_gid;
|
||||
m_protected_values.sgid = new_gid;
|
||||
|
||||
if (credentials->egid() != new_gid)
|
||||
set_dumpable(false);
|
||||
|
||||
m_protected_values.credentials = move(new_credentials);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -94,24 +137,35 @@ ErrorOr<FlatPtr> Process::sys$setreuid(UserID new_ruid, UserID new_euid)
|
||||
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
|
||||
TRY(require_promise(Pledge::id));
|
||||
|
||||
if (new_ruid == (uid_t)-1)
|
||||
new_ruid = uid();
|
||||
if (new_euid == (uid_t)-1)
|
||||
new_euid = euid();
|
||||
auto credentials = this->credentials();
|
||||
|
||||
auto ok = [this](UserID id) { return id == uid() || id == euid() || id == suid(); };
|
||||
if (new_ruid == (uid_t)-1)
|
||||
new_ruid = credentials->uid();
|
||||
if (new_euid == (uid_t)-1)
|
||||
new_euid = credentials->euid();
|
||||
|
||||
auto ok = [&credentials](UserID id) { return id == credentials->uid() || id == credentials->euid() || id == credentials->suid(); };
|
||||
if (!ok(new_ruid) || !ok(new_euid))
|
||||
return EPERM;
|
||||
|
||||
if (new_ruid < (uid_t)-1 || new_euid < (uid_t)-1)
|
||||
return EINVAL;
|
||||
|
||||
if (euid() != new_euid)
|
||||
set_dumpable(false);
|
||||
auto new_credentials = TRY(Credentials::create(
|
||||
new_ruid,
|
||||
credentials->gid(),
|
||||
new_euid,
|
||||
credentials->egid(),
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.uid = new_ruid;
|
||||
m_protected_values.euid = new_euid;
|
||||
|
||||
if (credentials->euid() != new_euid)
|
||||
set_dumpable(false);
|
||||
|
||||
m_protected_values.credentials = move(new_credentials);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -120,24 +174,34 @@ ErrorOr<FlatPtr> Process::sys$setresuid(UserID new_ruid, UserID new_euid, UserID
|
||||
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
|
||||
TRY(require_promise(Pledge::id));
|
||||
|
||||
if (new_ruid == (uid_t)-1)
|
||||
new_ruid = uid();
|
||||
if (new_euid == (uid_t)-1)
|
||||
new_euid = euid();
|
||||
if (new_suid == (uid_t)-1)
|
||||
new_suid = suid();
|
||||
auto credentials = this->credentials();
|
||||
|
||||
auto ok = [this](UserID id) { return id == uid() || id == euid() || id == suid(); };
|
||||
if ((!ok(new_ruid) || !ok(new_euid) || !ok(new_suid)) && !is_superuser())
|
||||
if (new_ruid == (uid_t)-1)
|
||||
new_ruid = credentials->uid();
|
||||
if (new_euid == (uid_t)-1)
|
||||
new_euid = credentials->euid();
|
||||
if (new_suid == (uid_t)-1)
|
||||
new_suid = credentials->suid();
|
||||
|
||||
auto ok = [&credentials](UserID id) { return id == credentials->uid() || id == credentials->euid() || id == credentials->suid(); };
|
||||
if ((!ok(new_ruid) || !ok(new_euid) || !ok(new_suid)) && !credentials->is_superuser())
|
||||
return EPERM;
|
||||
|
||||
if (euid() != new_euid)
|
||||
set_dumpable(false);
|
||||
auto new_credentials = TRY(Credentials::create(
|
||||
new_ruid,
|
||||
credentials->gid(),
|
||||
new_euid,
|
||||
credentials->egid(),
|
||||
new_suid,
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.uid = new_ruid;
|
||||
m_protected_values.euid = new_euid;
|
||||
m_protected_values.suid = new_suid;
|
||||
|
||||
if (credentials->euid() != new_euid)
|
||||
set_dumpable(false);
|
||||
|
||||
m_protected_values.credentials = move(new_credentials);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -146,58 +210,84 @@ ErrorOr<FlatPtr> Process::sys$setresgid(GroupID new_rgid, GroupID new_egid, Grou
|
||||
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
|
||||
TRY(require_promise(Pledge::id));
|
||||
|
||||
if (new_rgid == (gid_t)-1)
|
||||
new_rgid = gid();
|
||||
if (new_egid == (gid_t)-1)
|
||||
new_egid = egid();
|
||||
if (new_sgid == (gid_t)-1)
|
||||
new_sgid = sgid();
|
||||
auto credentials = this->credentials();
|
||||
|
||||
auto ok = [this](GroupID id) { return id == gid() || id == egid() || id == sgid(); };
|
||||
if ((!ok(new_rgid) || !ok(new_egid) || !ok(new_sgid)) && !is_superuser())
|
||||
if (new_rgid == (gid_t)-1)
|
||||
new_rgid = credentials->gid();
|
||||
if (new_egid == (gid_t)-1)
|
||||
new_egid = credentials->egid();
|
||||
if (new_sgid == (gid_t)-1)
|
||||
new_sgid = credentials->sgid();
|
||||
|
||||
auto ok = [&credentials](GroupID id) { return id == credentials->gid() || id == credentials->egid() || id == credentials->sgid(); };
|
||||
if ((!ok(new_rgid) || !ok(new_egid) || !ok(new_sgid)) && !credentials->is_superuser())
|
||||
return EPERM;
|
||||
|
||||
if (egid() != new_egid)
|
||||
set_dumpable(false);
|
||||
auto new_credentials = TRY(Credentials::create(
|
||||
credentials->uid(),
|
||||
new_rgid,
|
||||
credentials->euid(),
|
||||
new_egid,
|
||||
credentials->suid(),
|
||||
new_sgid,
|
||||
credentials->extra_gids()));
|
||||
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.gid = new_rgid;
|
||||
m_protected_values.egid = new_egid;
|
||||
m_protected_values.sgid = new_sgid;
|
||||
|
||||
if (credentials->egid() != new_egid)
|
||||
set_dumpable(false);
|
||||
|
||||
m_protected_values.credentials = move(new_credentials);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<gid_t const*> user_gids)
|
||||
ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*> user_gids)
|
||||
{
|
||||
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
|
||||
TRY(require_promise(Pledge::id));
|
||||
if (!is_superuser())
|
||||
|
||||
auto credentials = this->credentials();
|
||||
|
||||
if (!credentials->is_superuser())
|
||||
return EPERM;
|
||||
|
||||
if (!count) {
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.extra_gids.clear();
|
||||
m_protected_values.credentials = TRY(Credentials::create(
|
||||
credentials->uid(),
|
||||
credentials->gid(),
|
||||
credentials->euid(),
|
||||
credentials->egid(),
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
{}));
|
||||
return 0;
|
||||
}
|
||||
|
||||
Vector<gid_t> new_extra_gids;
|
||||
Vector<GroupID> new_extra_gids;
|
||||
TRY(new_extra_gids.try_resize(count));
|
||||
TRY(copy_n_from_user(new_extra_gids.data(), user_gids, count));
|
||||
|
||||
HashTable<gid_t> unique_extra_gids;
|
||||
HashTable<GroupID> unique_extra_gids;
|
||||
for (auto& extra_gid : new_extra_gids) {
|
||||
if (extra_gid != gid())
|
||||
TRY(unique_extra_gids.try_set(extra_gid));
|
||||
}
|
||||
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
TRY(m_protected_values.extra_gids.try_resize(unique_extra_gids.size()));
|
||||
size_t i = 0;
|
||||
for (auto& extra_gid : unique_extra_gids) {
|
||||
if (extra_gid == gid())
|
||||
continue;
|
||||
m_protected_values.extra_gids[i++] = extra_gid;
|
||||
new_extra_gids.clear_with_capacity();
|
||||
for (auto extra_gid : unique_extra_gids) {
|
||||
TRY(new_extra_gids.try_append(extra_gid));
|
||||
}
|
||||
|
||||
ProtectedDataMutationScope scope { *this };
|
||||
m_protected_values.credentials = TRY(Credentials::create(
|
||||
credentials->uid(),
|
||||
credentials->gid(),
|
||||
credentials->euid(),
|
||||
credentials->egid(),
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
new_extra_gids.span()));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user