diff options
| author | yyny <6576327+yyny@users.noreply.github.com> | 2022-12-19 21:21:51 +0100 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2023-01-03 18:13:11 +0100 |
| commit | 9ca979846ca45871a2b97876d2bdb7cd623f1eb1 (patch) | |
| tree | 5da0ba4aea4f37030030f96e8a6228606213f995 | |
| parent | 456a8436b5732f5d01e0a298c53710c0e6b46e16 (diff) | |
| download | serenity-9ca979846ca45871a2b97876d2bdb7cd623f1eb1.zip | |
Kernel: Add `sid` and `pgid` to `Credentials`
There are places in the kernel that would like to have access
to `pgid` credentials in certain circumstances.
I haven't found any use cases for `sid` yet, but `sid` and `pgid` are
both changed with `sys$setpgid`, so it seemed sensical to add it.
In Linux, `man 7 credentials` also mentions both the session id and
process group id, so this isn't unprecedented.
| -rw-r--r-- | Kernel/Credentials.cpp | 8 | ||||
| -rw-r--r-- | Kernel/Credentials.h | 8 | ||||
| -rw-r--r-- | Kernel/Process.cpp | 2 | ||||
| -rw-r--r-- | Kernel/Syscalls/execve.cpp | 4 | ||||
| -rw-r--r-- | Kernel/Syscalls/setpgid.cpp | 18 | ||||
| -rw-r--r-- | Kernel/Syscalls/setuid.cpp | 40 |
6 files changed, 62 insertions, 18 deletions
diff --git a/Kernel/Credentials.cpp b/Kernel/Credentials.cpp index 935b4b107f..3fb155dbc1 100644 --- a/Kernel/Credentials.cpp +++ b/Kernel/Credentials.cpp @@ -10,13 +10,13 @@ namespace Kernel { -ErrorOr<NonnullRefPtr<Credentials>> Credentials::create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids) +ErrorOr<NonnullRefPtr<Credentials>> Credentials::create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids, SessionID sid, ProcessGroupID pgid) { auto extra_gids_array = TRY(FixedArray<GroupID>::try_create(extra_gids)); - return adopt_nonnull_ref_or_enomem(new (nothrow) Credentials(uid, gid, euid, egid, suid, sgid, move(extra_gids_array))); + return adopt_nonnull_ref_or_enomem(new (nothrow) Credentials(uid, gid, euid, egid, suid, sgid, move(extra_gids_array), sid, pgid)); } -Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids) +Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids, SessionID sid, ProcessGroupID pgid) : m_uid(uid) , m_gid(gid) , m_euid(euid) @@ -24,6 +24,8 @@ Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, Use , m_suid(suid) , m_sgid(sgid) , m_extra_gids(move(extra_gids)) + , m_sid(sid) + , m_pgid(pgid) { } diff --git a/Kernel/Credentials.h b/Kernel/Credentials.h index e951d57c21..25e002a25e 100644 --- a/Kernel/Credentials.h +++ b/Kernel/Credentials.h @@ -14,7 +14,7 @@ namespace Kernel { class Credentials final : public AtomicRefCounted<Credentials> { public: - static ErrorOr<NonnullRefPtr<Credentials>> create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids); + static ErrorOr<NonnullRefPtr<Credentials>> create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids, SessionID sid, ProcessGroupID pgid); ~Credentials(); bool is_superuser() const { return euid() == 0; } @@ -26,11 +26,13 @@ public: UserID suid() const { return m_suid; } GroupID sgid() const { return m_sgid; } Span<GroupID const> extra_gids() const { return m_extra_gids.span(); } + SessionID sid() const { return m_sid; }; + ProcessGroupID pgid() const { return m_pgid; } bool in_group(GroupID) const; private: - Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids); + Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids, SessionID sid, ProcessGroupID pgid); UserID m_uid; GroupID m_gid; @@ -39,6 +41,8 @@ private: UserID m_suid; GroupID m_sgid; FixedArray<GroupID> m_extra_gids; + SessionID m_sid; + ProcessGroupID m_pgid; }; } diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp index d2fbf3f3f3..6f76b0537f 100644 --- a/Kernel/Process.cpp +++ b/Kernel/Process.cpp @@ -311,7 +311,7 @@ ErrorOr<NonnullLockRefPtr<Process>> Process::try_create(LockRefPtr<Thread>& firs } auto unveil_tree = UnveilNode { TRY(KString::try_create("/"sv)), UnveilMetadata(TRY(KString::try_create("/"sv))) }; auto exec_unveil_tree = UnveilNode { TRY(KString::try_create("/"sv)), UnveilMetadata(TRY(KString::try_create("/"sv))) }; - auto credentials = TRY(Credentials::create(uid, gid, uid, gid, uid, gid, {})); + auto credentials = TRY(Credentials::create(uid, gid, uid, gid, uid, gid, {}, fork_parent ? fork_parent->sid() : 0, fork_parent ? fork_parent->pgid() : 0)); auto process = TRY(adopt_nonnull_lock_ref_or_enomem(new (nothrow) Process(move(name), move(credentials), ppid, is_kernel_process, move(current_directory), move(executable), tty, move(unveil_tree), move(exec_unveil_tree)))); TRY(process->attach_resources(new_address_space.release_nonnull(), first_thread, fork_parent)); return process; diff --git a/Kernel/Syscalls/execve.cpp b/Kernel/Syscalls/execve.cpp index 4f1e06d149..43218c1134 100644 --- a/Kernel/Syscalls/execve.cpp +++ b/Kernel/Syscalls/execve.cpp @@ -540,7 +540,9 @@ ErrorOr<void> Process::do_exec(NonnullLockRefPtr<OpenFileDescription> main_progr new_egid, new_suid, new_sgid, - old_credentials->extra_gids())); + old_credentials->extra_gids(), + old_credentials->sid(), + old_credentials->pgid())); } } diff --git a/Kernel/Syscalls/setpgid.cpp b/Kernel/Syscalls/setpgid.cpp index 4a52aaf9b8..fffdecd749 100644 --- a/Kernel/Syscalls/setpgid.cpp +++ b/Kernel/Syscalls/setpgid.cpp @@ -120,7 +120,23 @@ ErrorOr<FlatPtr> Process::sys$setpgid(pid_t specified_pid, pid_t specified_pgid) } // FIXME: There are more EPERM conditions to check for here.. process->m_pg = TRY(ProcessGroup::try_find_or_create(new_pgid)); - return 0; + return with_mutable_protected_data([&](auto& protected_data) -> ErrorOr<FlatPtr> { + auto credentials = this->credentials(); + + auto new_credentials = TRY(Credentials::create( + credentials->uid(), + credentials->gid(), + credentials->euid(), + credentials->egid(), + credentials->suid(), + credentials->sgid(), + credentials->extra_gids(), + new_sid, + new_pgid)); + + protected_data.credentials = move(new_credentials); + return 0; + }); } } diff --git a/Kernel/Syscalls/setuid.cpp b/Kernel/Syscalls/setuid.cpp index 71070bdacf..20d8948eef 100644 --- a/Kernel/Syscalls/setuid.cpp +++ b/Kernel/Syscalls/setuid.cpp @@ -30,7 +30,9 @@ ErrorOr<FlatPtr> Process::sys$seteuid(UserID new_euid) credentials->egid(), credentials->suid(), credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->euid() != new_euid) protected_data.dumpable = false; @@ -61,7 +63,9 @@ ErrorOr<FlatPtr> Process::sys$setegid(GroupID new_egid) new_egid, credentials->suid(), credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->egid() != new_egid) protected_data.dumpable = false; @@ -92,7 +96,9 @@ ErrorOr<FlatPtr> Process::sys$setuid(UserID new_uid) credentials->egid(), new_uid, credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->euid() != new_uid) protected_data.dumpable = false; @@ -123,7 +129,9 @@ ErrorOr<FlatPtr> Process::sys$setgid(GroupID new_gid) new_gid, credentials->suid(), new_gid, - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->egid() != new_gid) protected_data.dumpable = false; @@ -160,7 +168,9 @@ ErrorOr<FlatPtr> Process::sys$setreuid(UserID new_ruid, UserID new_euid) credentials->egid(), credentials->suid(), credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->euid() != new_euid) protected_data.dumpable = false; @@ -196,7 +206,9 @@ ErrorOr<FlatPtr> Process::sys$setresuid(UserID new_ruid, UserID new_euid, UserID credentials->egid(), new_suid, credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->euid() != new_euid) protected_data.dumpable = false; @@ -230,7 +242,9 @@ ErrorOr<FlatPtr> Process::sys$setregid(GroupID new_rgid, GroupID new_egid) new_egid, credentials->suid(), credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->egid() != new_egid) protected_data.dumpable = false; @@ -266,7 +280,9 @@ ErrorOr<FlatPtr> Process::sys$setresgid(GroupID new_rgid, GroupID new_egid, Grou new_egid, credentials->suid(), new_sgid, - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->egid() != new_egid) protected_data.dumpable = false; @@ -298,7 +314,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*> credentials->egid(), credentials->suid(), credentials->sgid(), - {})); + {}, + credentials->sid(), + credentials->pgid())); return 0; } @@ -324,7 +342,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*> credentials->egid(), credentials->suid(), credentials->sgid(), - new_extra_gids.span())); + new_extra_gids.span(), + credentials->sid(), + credentials->pgid())); return 0; }); } |