adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2024-12-27 11:16:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

CRED: Wrap task credential accesses in the filesystem subsystem

Browse source 
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells 2008-11-14 10:39:05 +11:00 committed by James Morris
parent 82ab8deda7
commit da9592edeb
15 changed files with 38 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
fs/anon_inodes.c
View file

@ -154,8 +154,8 @@ static struct inode *anon_inode_mkinode(void)
*/ */
inode->i_state = I_DIRTY; inode->i_state = I_DIRTY;
inode->i_mode = S_IRUSR | S_IWUSR; inode->i_mode = S_IRUSR | S_IWUSR;
inode->i_uid = current->fsuid; inode->i_uid = current_fsuid();
inode->i_gid = current->fsgid; inode->i_gid = current_fsgid();
inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
return inode; return inode;
} }

4
fs/attr.c
View file

@ -29,13 +29,13 @@ int inode_change_ok(struct inode *inode, struct iattr *attr)
/* Make sure a caller can chown. */ /* Make sure a caller can chown. */
if ((ia_valid & ATTR_UID) && if ((ia_valid & ATTR_UID) &&
(current->fsuid != inode->i_uid || (current_fsuid() != inode->i_uid ||
attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN))
goto error; goto error;
/* Make sure caller can chgrp. */ /* Make sure caller can chgrp. */
if ((ia_valid & ATTR_GID) && if ((ia_valid & ATTR_GID) &&
(current->fsuid != inode->i_uid || (current_fsuid() != inode->i_uid ||
(!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
!capable(CAP_CHOWN)) !capable(CAP_CHOWN))
goto error; goto error;

8
fs/binfmt_elf_fdpic.c
View file

@ -623,10 +623,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm,
NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
NEW_AUX_ENT(AT_FLAGS, 0); NEW_AUX_ENT(AT_FLAGS, 0);
NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
NEW_AUX_ENT(AT_UID, (elf_addr_t) current->uid); NEW_AUX_ENT(AT_UID, (elf_addr_t) current_uid());
NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->euid); NEW_AUX_ENT(AT_EUID, (elf_addr_t) current_euid());
NEW_AUX_ENT(AT_GID, (elf_addr_t) current->gid); NEW_AUX_ENT(AT_GID, (elf_addr_t) current_gid());
NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->egid); NEW_AUX_ENT(AT_EGID, (elf_addr_t) current_egid());
NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
NEW_AUX_ENT(AT_EXECFN, bprm->exec); NEW_AUX_ENT(AT_EXECFN, bprm->exec);

4
fs/dquot.c
View file

@ -874,7 +874,7 @@ static inline int need_print_warning(struct dquot *dquot)
switch (dquot->dq_type) { switch (dquot->dq_type) {
case USRQUOTA: case USRQUOTA:
return current->fsuid == dquot->dq_id; return current_fsuid() == dquot->dq_id;
case GRPQUOTA: case GRPQUOTA:
return in_group_p(dquot->dq_id); return in_group_p(dquot->dq_id);
} }
@ -981,7 +981,7 @@ static void send_warning(const struct dquot *dquot, const char warntype)
MINOR(dquot->dq_sb->s_dev)); MINOR(dquot->dq_sb->s_dev));
if (ret) if (ret)
goto attr_err_out; goto attr_err_out;
ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current->user->uid); ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current_uid());
if (ret) if (ret)
goto attr_err_out; goto attr_err_out;
genlmsg_end(skb, msg_head); genlmsg_end(skb, msg_head);

18
fs/exec.c
View file

@ -980,7 +980,7 @@ int flush_old_exec(struct linux_binprm * bprm)
/* This is the point of no return */ /* This is the point of no return */
current->sas_ss_sp = current->sas_ss_size = 0; current->sas_ss_sp = current->sas_ss_size = 0;
if (current->euid == current->uid && current->egid == current->gid) if (current_euid() == current_uid() && current_egid() == current_gid())
set_dumpable(current->mm, 1); set_dumpable(current->mm, 1);
else else
set_dumpable(current->mm, suid_dumpable); set_dumpable(current->mm, suid_dumpable);
@ -1007,7 +1007,7 @@ int flush_old_exec(struct linux_binprm * bprm)
*/ */
current->mm->task_size = TASK_SIZE; current->mm->task_size = TASK_SIZE;
if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) { if (bprm->e_uid != current_euid() || bprm->e_gid != current_egid()) {
suid_keys(current); suid_keys(current);
set_dumpable(current->mm, suid_dumpable); set_dumpable(current->mm, suid_dumpable);
current->pdeath_signal = 0; current->pdeath_signal = 0;
@ -1047,8 +1047,8 @@ int prepare_binprm(struct linux_binprm *bprm)
if (bprm->file->f_op == NULL) if (bprm->file->f_op == NULL)
return -EACCES; return -EACCES;
bprm->e_uid = current->euid; bprm->e_uid = current_euid();
bprm->e_gid = current->egid; bprm->e_gid = current_egid();
if(!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { if(!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) {
/* Set-uid? */ /* Set-uid? */
@ -1096,7 +1096,7 @@ void compute_creds(struct linux_binprm *bprm)
{ {
int unsafe; int unsafe;
if (bprm->e_uid != current->uid) { if (bprm->e_uid != current_uid()) {
suid_keys(current); suid_keys(current);
current->pdeath_signal = 0; current->pdeath_signal = 0;
} }
@ -1424,7 +1424,7 @@ static int format_corename(char *corename, long signr)
/* uid */ /* uid */
case 'u': case 'u':
rc = snprintf(out_ptr, out_end - out_ptr, rc = snprintf(out_ptr, out_end - out_ptr,
"%d", current->uid); "%d", current_uid());
if (rc > out_end - out_ptr) if (rc > out_end - out_ptr)
goto out; goto out;
out_ptr += rc; out_ptr += rc;
@ -1432,7 +1432,7 @@ static int format_corename(char *corename, long signr)
/* gid */ /* gid */
case 'g': case 'g':
rc = snprintf(out_ptr, out_end - out_ptr, rc = snprintf(out_ptr, out_end - out_ptr,
"%d", current->gid); "%d", current_gid());
if (rc > out_end - out_ptr) if (rc > out_end - out_ptr)
goto out; goto out;
out_ptr += rc; out_ptr += rc;
@ -1709,7 +1709,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
struct inode * inode; struct inode * inode;
struct file * file; struct file * file;
int retval = 0; int retval = 0;
int fsuid = current->fsuid; int fsuid = current_fsuid();
int flag = 0; int flag = 0;
int ispipe = 0; int ispipe = 0;
unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur;
@ -1815,7 +1815,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
* Dont allow local users get cute and trick others to coredump * Dont allow local users get cute and trick others to coredump
* into their pre-created files: * into their pre-created files:
*/ */
if (inode->i_uid != current->fsuid) if (inode->i_uid != current_fsuid())
goto close_fail; goto close_fail;
if (!file->f_op) if (!file->f_op)
goto close_fail; goto close_fail;

2
fs/fcntl.c
View file

@ -211,7 +211,7 @@ int __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
if (err) if (err)
return err; return err;
f_modown(filp, pid, type, current->uid, current->euid, force); f_modown(filp, pid, type, current_uid(), current_euid(), force);
return 0; return 0;
} }
EXPORT_SYMBOL(__f_setown); EXPORT_SYMBOL(__f_setown);

2
fs/inotify_user.c
View file

@ -601,7 +601,7 @@ asmlinkage long sys_inotify_init1(int flags)
goto out_put_fd; goto out_put_fd;
} }
user = get_uid(current->user); user = get_current_user();
if (unlikely(atomic_read(&user->inotify_devs) >= if (unlikely(atomic_read(&user->inotify_devs) >=
inotify_max_user_instances)) { inotify_max_user_instances)) {
ret = -EMFILE; ret = -EMFILE;

4
fs/ioprio.c
View file

@ -32,8 +32,8 @@ static int set_task_ioprio(struct task_struct *task, int ioprio)
int err; int err;
struct io_context *ioc; struct io_context *ioc;
if (task->uid != current->euid && if (task->uid != current_euid() &&
task->uid != current->uid && !capable(CAP_SYS_NICE)) task->uid != current_uid() && !capable(CAP_SYS_NICE))
return -EPERM; return -EPERM;
err = security_task_setioprio(task, ioprio); err = security_task_setioprio(task, ioprio);

2
fs/locks.c
View file

@ -1349,7 +1349,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
struct inode *inode = dentry->d_inode; struct inode *inode = dentry->d_inode;
int error, rdlease_count = 0, wrlease_count = 0; int error, rdlease_count = 0, wrlease_count = 0;
if ((current->fsuid != inode->i_uid) && !capable(CAP_LEASE)) if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE))
return -EACCES; return -EACCES;
if (!S_ISREG(inode->i_mode)) if (!S_ISREG(inode->i_mode))
return -EINVAL; return -EINVAL;

10
fs/namei.c
View file

@ -186,7 +186,7 @@ int generic_permission(struct inode *inode, int mask,
mask &= MAY_READ | MAY_WRITE | MAY_EXEC; mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
if (current->fsuid == inode->i_uid) if (current_fsuid() == inode->i_uid)
mode >>= 6; mode >>= 6;
else { else {
if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
@ -441,7 +441,7 @@ static int exec_permission_lite(struct inode *inode)
if (inode->i_op && inode->i_op->permission) if (inode->i_op && inode->i_op->permission)
return -EAGAIN; return -EAGAIN;
if (current->fsuid == inode->i_uid) if (current_fsuid() == inode->i_uid)
mode >>= 6; mode >>= 6;
else if (in_group_p(inode->i_gid)) else if (in_group_p(inode->i_gid))
mode >>= 3; mode >>= 3;
@ -1334,11 +1334,13 @@ static int user_path_parent(int dfd, const char __user *path,
*/ */
static inline int check_sticky(struct inode *dir, struct inode *inode) static inline int check_sticky(struct inode *dir, struct inode *inode)
{ {
uid_t fsuid = current_fsuid();
if (!(dir->i_mode & S_ISVTX)) if (!(dir->i_mode & S_ISVTX))
return 0; return 0;
if (inode->i_uid == current->fsuid) if (inode->i_uid == fsuid)
return 0; return 0;
if (dir->i_uid == current->fsuid) if (dir->i_uid == fsuid)
return 0; return 0;
return !capable(CAP_FOWNER); return !capable(CAP_FOWNER);
} }

2
fs/namespace.c
View file

@ -1176,7 +1176,7 @@ static int mount_is_safe(struct path *path)
if (S_ISLNK(path->dentry->d_inode->i_mode)) if (S_ISLNK(path->dentry->d_inode->i_mode))
return -EPERM; return -EPERM;
if (path->dentry->d_inode->i_mode & S_ISVTX) { if (path->dentry->d_inode->i_mode & S_ISVTX) {
if (current->uid != path->dentry->d_inode->i_uid) if (current_uid() != path->dentry->d_inode->i_uid)
return -EPERM; return -EPERM;
} }
if (inode_permission(path->dentry->d_inode, MAY_WRITE)) if (inode_permission(path->dentry->d_inode, MAY_WRITE))

4
fs/pipe.c
View file

@ -899,8 +899,8 @@ static struct inode * get_pipe_inode(void)
*/ */
inode->i_state = I_DIRTY; inode->i_state = I_DIRTY;
inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR; inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR;
inode->i_uid = current->fsuid; inode->i_uid = current_fsuid();
inode->i_gid = current->fsgid; inode->i_gid = current_fsgid();
inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
return inode; return inode;

4
fs/posix_acl.c
View file

@ -217,11 +217,11 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want)
switch(pa->e_tag) { switch(pa->e_tag) {
case ACL_USER_OBJ: case ACL_USER_OBJ:
/* (May have been checked already) */ /* (May have been checked already) */
if (inode->i_uid == current->fsuid) if (inode->i_uid == current_fsuid())
goto check_perm; goto check_perm;
break; break;
case ACL_USER: case ACL_USER:
if (pa->e_id == current->fsuid) if (pa->e_id == current_fsuid())
goto mask; goto mask;
break; break;
case ACL_GROUP_OBJ: case ACL_GROUP_OBJ:

4
fs/quota.c
View file

@ -79,7 +79,7 @@ static int generic_quotactl_valid(struct super_block *sb, int type, int cmd, qid
/* Check privileges */ /* Check privileges */
if (cmd == Q_GETQUOTA) { if (cmd == Q_GETQUOTA) {
if (((type == USRQUOTA && current->euid != id) || if (((type == USRQUOTA && current_euid() != id) ||
(type == GRPQUOTA && !in_egroup_p(id))) && (type == GRPQUOTA && !in_egroup_p(id))) &&
!capable(CAP_SYS_ADMIN)) !capable(CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
@ -130,7 +130,7 @@ static int xqm_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t i
/* Check privileges */ /* Check privileges */
if (cmd == Q_XGETQUOTA) { if (cmd == Q_XGETQUOTA) {
if (((type == XQM_USRQUOTA && current->euid != id) || if (((type == XQM_USRQUOTA && current_euid() != id) ||
(type == XQM_GRPQUOTA && !in_egroup_p(id))) && (type == XQM_GRPQUOTA && !in_egroup_p(id))) &&
!capable(CAP_SYS_ADMIN)) !capable(CAP_SYS_ADMIN))
return -EPERM; return -EPERM;

2
include/linux/fs.h
View file

@ -1193,7 +1193,7 @@ enum {
#define has_fs_excl() atomic_read(&current->fs_excl) #define has_fs_excl() atomic_read(&current->fs_excl)
#define is_owner_or_cap(inode) \ #define is_owner_or_cap(inode) \
((current->fsuid == (inode)->i_uid) || capable(CAP_FOWNER)) ((current_fsuid() == (inode)->i_uid) || capable(CAP_FOWNER))
/* not quite ready to be deprecated, but... */ /* not quite ready to be deprecated, but... */
extern void lock_super(struct super_block *); extern void lock_super(struct super_block *);