diff options
author | green <green@FreeBSD.org> | 2000-08-16 23:28:54 +0000 |
---|---|---|
committer | green <green@FreeBSD.org> | 2000-08-16 23:28:54 +0000 |
commit | d5af96afa040e66ed2df0eeeb0dc4ec7349132cc (patch) | |
tree | 35eacfe20d3cbe5a38b9b707cd19d1cbaa7419fc /sys/kern | |
parent | ea3449bbd2dc641e47517b8b72f55963e3c4dadf (diff) | |
download | FreeBSD-src-d5af96afa040e66ed2df0eeeb0dc4ec7349132cc.zip FreeBSD-src-d5af96afa040e66ed2df0eeeb0dc4ec7349132cc.tar.gz |
Fix a couple cases where p_trespass wasn't transitioned into place.
Make RTP_SET (rtprio) only accessible to real root, not root in jails.
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_resource.c | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index ed91c27..ce09cad 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -197,11 +197,8 @@ donice(curp, chgp, n) register struct proc *curp, *chgp; register int n; { - register struct pcred *pcred = curp->p_cred; - if (pcred->pc_ucred->cr_uid && pcred->p_ruid && - pcred->pc_ucred->cr_uid != chgp->p_ucred->cr_uid && - pcred->p_ruid != chgp->p_ucred->cr_uid) + if (p_trespass(curp, chgp) != 0) return (EPERM); if (n > PRIO_MAX) n = PRIO_MAX; @@ -234,7 +231,6 @@ rtprio(curp, uap) register struct rtprio_args *uap; { register struct proc *p; - register struct pcred *pcred = curp->p_cred; struct rtprio rtp; int error; @@ -254,12 +250,10 @@ rtprio(curp, uap) case RTP_LOOKUP: return (copyout(&p->p_rtprio, uap->rtp, sizeof(struct rtprio))); case RTP_SET: - if (pcred->pc_ucred->cr_uid && pcred->p_ruid && - pcred->pc_ucred->cr_uid != p->p_ucred->cr_uid && - pcred->p_ruid != p->p_ucred->cr_uid) + if (p_trespass(curp, p) != 0) return (EPERM); /* disallow setting rtprio in most cases if not superuser */ - if (suser(curp)) { + if (suser_xxx(NULL, curp, PRISON_ROOT) != 0) { /* can't set someone else's */ if (uap->pid) return (EPERM); |