diff options
| author | Andreas Kling <kling@serenityos.org> | 2022-08-21 16:22:34 +0200 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2022-08-21 16:22:34 +0200 |
| commit | 8d0bd3f225786c0ee36e0ec4297b8115290b709a (patch) | |
| tree | 3011faefc0e8654202ed83486fc044c74beabb72 /Kernel/Net/LocalSocket.cpp | |
| parent | dbe182f1c6de98918ed5c5851d2e6c4312435e3e (diff) | |
| download | serenity-8d0bd3f225786c0ee36e0ec4297b8115290b709a.zip | |
Kernel: Make LocalSocket do chown/chmod through VFS
This ensures that all the permissions checks are made against the
provided credentials. Previously we were just calling through directly
to the inode setters, which did no security checks!
Diffstat (limited to 'Kernel/Net/LocalSocket.cpp')
| -rw-r--r-- | Kernel/Net/LocalSocket.cpp | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/Kernel/Net/LocalSocket.cpp b/Kernel/Net/LocalSocket.cpp index d532dbad25..a31c16e242 100644 --- a/Kernel/Net/LocalSocket.cpp +++ b/Kernel/Net/LocalSocket.cpp @@ -445,25 +445,25 @@ ErrorOr<void> LocalSocket::ioctl(OpenFileDescription& description, unsigned requ return EINVAL; } -ErrorOr<void> LocalSocket::chmod(Credentials const&, OpenFileDescription&, mode_t mode) +ErrorOr<void> LocalSocket::chmod(Credentials const& credentials, OpenFileDescription& description, mode_t mode) { - // FIXME: Use the credentials. - - auto inode = m_inode.strong_ref(); - if (inode) - return inode->chmod(mode); + if (m_inode) { + if (auto custody = description.custody()) + return VirtualFileSystem::the().chmod(credentials, *custody, mode); + VERIFY_NOT_REACHED(); + } m_prebind_mode = mode & 0777; return {}; } -ErrorOr<void> LocalSocket::chown(Credentials const& credentials, OpenFileDescription&, UserID uid, GroupID gid) +ErrorOr<void> LocalSocket::chown(Credentials const& credentials, OpenFileDescription& description, UserID uid, GroupID gid) { - // FIXME: Use the credentials. - - auto inode = m_inode.strong_ref(); - if (inode) - return inode->chown(uid, gid); + if (m_inode) { + if (auto custody = description.custody()) + return VirtualFileSystem::the().chown(credentials, *custody, uid, gid); + VERIFY_NOT_REACHED(); + } if (!credentials.is_superuser() && (credentials.euid() != uid || !credentials.in_group(gid))) return set_so_error(EPERM); |