From 8651a1567e64ee76aaffc579456f6224e4148a57 Mon Sep 17 00:00:00 2001
From: cperciva <cperciva@FreeBSD.org>
Date: Fri, 16 Jul 2004 15:57:16 +0000
Subject: Add a SUSER_RUID flag to suser_cred.  This flag indicates that we
 want to check if the *real* user is the superuser (vs. the normal behaviour,
 which checks the effective user).

Reviewed by:	rwatson
---
 sys/kern/kern_prot.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'sys/kern/kern_prot.c')

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index a964592..e352496 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1222,8 +1222,7 @@ TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled);
 
 /*
  * Test whether the specified credentials imply "super-user" privilege.
- * Return 0 or EPERM.  The flag argument is currently used only to
- * specify jail interaction.
+ * Return 0 or EPERM.
  */
 int
 suser_cred(struct ucred *cred, int flag)
@@ -1231,7 +1230,7 @@ suser_cred(struct ucred *cred, int flag)
 
 	if (!suser_enabled)
 		return (EPERM);
-	if (cred->cr_uid != 0)
+	if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0)
 		return (EPERM);
 	if (jailed(cred) && !(flag & PRISON_ROOT))
 		return (EPERM);
-- 
cgit v1.1