Add a SUSER_RUID flag to suser_cred. This flag indicates that we want to

check if the *real* user is the superuser (vs. the normal behaviour, which checks the effective user). Reviewed by: rwatson
author: cperciva <cperciva@FreeBSD.org> 2004-07-16 15:57:16 +0000
committer: cperciva <cperciva@FreeBSD.org> 2004-07-16 15:57:16 +0000
commit: 8651a1567e64ee76aaffc579456f6224e4148a57 (patch)
tree: be5c9d4fa2915c4274a74c8594b80322b8efd891 /sys/kern/kern_prot.c
parent: 0dd47798742374a4b63f444cf19ffd56ca2f713d (diff)
download: FreeBSD-src-8651a1567e64ee76aaffc579456f6224e4148a57.zip
FreeBSD-src-8651a1567e64ee76aaffc579456f6224e4148a57.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index a964592..e352496 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1222,8 +1222,7 @@ TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled);
 
 /*
  * Test whether the specified credentials imply "super-user" privilege.
- * Return 0 or EPERM.  The flag argument is currently used only to
- * specify jail interaction.
+ * Return 0 or EPERM.
  */
 int
 suser_cred(struct ucred *cred, int flag)
@@ -1231,7 +1230,7 @@ suser_cred(struct ucred *cred, int flag)
 
 	if (!suser_enabled)
 		return (EPERM);
-	if (cred->cr_uid != 0)
+	if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0)
 		return (EPERM);
 	if (jailed(cred) && !(flag & PRISON_ROOT))
 		return (EPERM);
author	cperciva <cperciva@FreeBSD.org>	2004-07-16 15:57:16 +0000
committer	cperciva <cperciva@FreeBSD.org>	2004-07-16 15:57:16 +0000
commit	8651a1567e64ee76aaffc579456f6224e4148a57 (patch)
tree	be5c9d4fa2915c4274a74c8594b80322b8efd891 /sys/kern/kern_prot.c
parent	0dd47798742374a4b63f444cf19ffd56ca2f713d (diff)
download	FreeBSD-src-8651a1567e64ee76aaffc579456f6224e4148a57.zip FreeBSD-src-8651a1567e64ee76aaffc579456f6224e4148a57.tar.gz