diff options
Diffstat (limited to 'sys/kern/kern_prot.c')
-rw-r--r-- | sys/kern/kern_prot.c | 63 |
1 files changed, 12 insertions, 51 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index ceb8f5a..1c6ce77 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -151,7 +151,7 @@ getpgid(p, uap) else { if ((pt = pfind(uap->pid)) == NULL) return ESRCH; - if ((error = p_can(p, pt, P_CAN_SEE, NULL))) { + if ((error = p_cansee(p, pt))) { PROC_UNLOCK(pt); return (error); } @@ -183,7 +183,7 @@ getsid(p, uap) else { if ((pt = pfind(uap->pid)) == NULL) return ESRCH; - if ((error = p_can(p, pt, P_CAN_SEE, NULL))) { + if ((error = p_cansee(p, pt))) { PROC_UNLOCK(pt); return (error); } @@ -370,7 +370,7 @@ setpgid(curp, uap) PROC_UNLOCK(targp); return (ESRCH); } - if ((error = p_can(curproc, targp, P_CAN_SEE, NULL))) { + if ((error = p_cansee(curproc, targp))) { PROC_UNLOCK(targp); return (error); } @@ -1086,13 +1086,10 @@ u_cansee(struct ucred *u1, struct ucred *u2) return (0); } -static int -p_cansee(struct proc *p1, struct proc *p2, int *privused) +int +p_cansee(struct proc *p1, struct proc *p2) { - /* XXX: privused is going away, so don't do that here. */ - if (privused != NULL) - *privused = 0; /* Wrap u_cansee() for all functionality. */ return (u_cansee(p1->p_ucred, p2->p_ucred)); } @@ -1167,14 +1164,11 @@ p_cansignal(struct proc *p1, struct proc *p2, int signum) return (0); } -static int -p_cansched(struct proc *p1, struct proc *p2, int *privused) +int +p_cansched(struct proc *p1, struct proc *p2) { int error; - if (privused != NULL) - *privused = 0; - if (p1 == p2) return (0); @@ -1186,31 +1180,22 @@ p_cansched(struct proc *p1, struct proc *p2, int *privused) if (p1->p_ucred->cr_uid == p2->p_ucred->cr_ruid) return (0); - if (!suser_xxx(0, p1, PRISON_ROOT)) { - if (privused != NULL) - *privused = 1; + if (!suser_xxx(0, p1, PRISON_ROOT)) return (0); - } #ifdef CAPABILITIES - if (!cap_check_xxx(0, p1, CAP_SYS_NICE, PRISON_ROOT)) { - if (privused != NULL) - *privused = 1; + if (!cap_check_xxx(0, p1, CAP_SYS_NICE, PRISON_ROOT)) return (0); - } #endif return (EPERM); } -static int -p_candebug(struct proc *p1, struct proc *p2, int *privused) +int +p_candebug(struct proc *p1, struct proc *p2) { int error; - if (privused != NULL) - *privused = 0; - if (p1 == p2) return (0); @@ -1222,12 +1207,9 @@ p_candebug(struct proc *p1, struct proc *p2, int *privused) if (p1->p_ucred->cr_uid != p2->p_ucred->cr_uid || p1->p_ucred->cr_uid != p2->p_ucred->cr_svuid || p1->p_ucred->cr_uid != p2->p_ucred->cr_ruid || - p2->p_flag & P_SUGID) { + p2->p_flag & P_SUGID) if ((error = suser_xxx(0, p1, PRISON_ROOT))) return (error); - if (privused != NULL) - *privused = 1; - } /* can't trace init when securelevel > 0 */ if (securelevel > 0 && p2->p_pid == 1) @@ -1236,27 +1218,6 @@ p_candebug(struct proc *p1, struct proc *p2, int *privused) return (0); } -int -p_can(struct proc *p1, struct proc *p2, int operation, - int *privused) -{ - - switch(operation) { - case P_CAN_SEE: - return (p_cansee(p1, p2, privused)); - - case P_CAN_SCHED: - return (p_cansched(p1, p2, privused)); - - case P_CAN_DEBUG: - return (p_candebug(p1, p2, privused)); - - default: - panic("p_can: invalid operation"); - } -} - - /* * Allocate a zeroed cred structure. */ |