diff options
author | cperciva <cperciva@FreeBSD.org> | 2004-07-16 15:57:16 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2004-07-16 15:57:16 +0000 |
commit | 8651a1567e64ee76aaffc579456f6224e4148a57 (patch) | |
tree | be5c9d4fa2915c4274a74c8594b80322b8efd891 /sys/kern | |
parent | 0dd47798742374a4b63f444cf19ffd56ca2f713d (diff) | |
download | FreeBSD-src-8651a1567e64ee76aaffc579456f6224e4148a57.zip FreeBSD-src-8651a1567e64ee76aaffc579456f6224e4148a57.tar.gz |
Add a SUSER_RUID flag to suser_cred. This flag indicates that we want to
check if the *real* user is the superuser (vs. the normal behaviour, which
checks the effective user).
Reviewed by: rwatson
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_prot.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index a964592..e352496 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1222,8 +1222,7 @@ TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled); /* * Test whether the specified credentials imply "super-user" privilege. - * Return 0 or EPERM. The flag argument is currently used only to - * specify jail interaction. + * Return 0 or EPERM. */ int suser_cred(struct ucred *cred, int flag) @@ -1231,7 +1230,7 @@ suser_cred(struct ucred *cred, int flag) if (!suser_enabled) return (EPERM); - if (cred->cr_uid != 0) + if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0) return (EPERM); if (jailed(cred) && !(flag & PRISON_ROOT)) return (EPERM); |