From 5956b5bc21c96b25c05bcdb8b76e1fd590072f14 Mon Sep 17 00:00:00 2001 From: rwatson Date: Sat, 16 Jun 2007 23:41:43 +0000 Subject: Rather than passing SUSER_RUID into priv_check_cred() to specify when a privilege is checked against the real uid rather than the effective uid, instead decide which uid to use in priv_check_cred() based on the privilege passed in. We use the real uid for PRIV_MAXFILES, PRIV_MAXPROC, and PRIV_PROC_LIMIT. Remove the definition of SUSER_RUID; there are now no flags defined for priv_check_cred(). Obtained from: TrustedBSD Project --- sys/kern/kern_priv.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) (limited to 'sys/kern/kern_priv.c') diff --git a/sys/kern/kern_priv.c b/sys/kern/kern_priv.c index ebf01ba..307d134 100644 --- a/sys/kern/kern_priv.c +++ b/sys/kern/kern_priv.c @@ -68,6 +68,10 @@ priv_check_cred(struct ucred *cred, int priv, int flags) KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege %d", priv)); + /* + * We first evaluate policies that may deny the granting of + * privilege unilaterally. + */ #ifdef MAC error = mac_priv_check(cred, priv); if (error) @@ -84,21 +88,28 @@ priv_check_cred(struct ucred *cred, int priv, int flags) /* * Having determined if privilege is restricted by various policies, - * now determine if privilege is granted. For now, we allow - * short-circuit boolean evaluation, so may not call all policies. - * Perhaps we should. + * now determine if privilege is granted. At this point, any policy + * may grant privilege. For now, we allow short-circuit boolean + * evaluation, so may not call all policies. Perhaps we should. * * Superuser policy grants privilege based on the effective (or in - * certain edge cases, real) uid being 0. We allow the policy to be - * globally disabled, although this is currently of limited utility. + * the case of specific privileges, real) uid being 0. We allow the + * superuser policy to be globally disabled, although this is + * currenty of limited utility. */ if (suser_enabled) { - if (flags & SUSER_RUID) { + switch (priv) { + case PRIV_MAXFILES: + case PRIV_MAXPROC: + case PRIV_PROC_LIMIT: if (cred->cr_ruid == 0) return (0); - } else { + break; + + default: if (cred->cr_uid == 0) return (0); + break; } } -- cgit v1.1