summaryrefslogtreecommitdiff
path: root/Kernel/Syscalls
diff options
context:
space:
mode:
authoryyny <6576327+yyny@users.noreply.github.com>2022-12-19 21:21:51 +0100
committerAndreas Kling <kling@serenityos.org>2023-01-03 18:13:11 +0100
commit9ca979846ca45871a2b97876d2bdb7cd623f1eb1 (patch)
tree5da0ba4aea4f37030030f96e8a6228606213f995 /Kernel/Syscalls
parent456a8436b5732f5d01e0a298c53710c0e6b46e16 (diff)
downloadserenity-9ca979846ca45871a2b97876d2bdb7cd623f1eb1.zip
Kernel: Add `sid` and `pgid` to `Credentials`
There are places in the kernel that would like to have access to `pgid` credentials in certain circumstances. I haven't found any use cases for `sid` yet, but `sid` and `pgid` are both changed with `sys$setpgid`, so it seemed sensical to add it. In Linux, `man 7 credentials` also mentions both the session id and process group id, so this isn't unprecedented.
Diffstat (limited to 'Kernel/Syscalls')
-rw-r--r--Kernel/Syscalls/execve.cpp4
-rw-r--r--Kernel/Syscalls/setpgid.cpp18
-rw-r--r--Kernel/Syscalls/setuid.cpp40
3 files changed, 50 insertions, 12 deletions
diff --git a/Kernel/Syscalls/execve.cpp b/Kernel/Syscalls/execve.cpp
index 4f1e06d149..43218c1134 100644
--- a/Kernel/Syscalls/execve.cpp
+++ b/Kernel/Syscalls/execve.cpp
@@ -540,7 +540,9 @@ ErrorOr<void> Process::do_exec(NonnullLockRefPtr<OpenFileDescription> main_progr
new_egid,
new_suid,
new_sgid,
- old_credentials->extra_gids()));
+ old_credentials->extra_gids(),
+ old_credentials->sid(),
+ old_credentials->pgid()));
}
}
diff --git a/Kernel/Syscalls/setpgid.cpp b/Kernel/Syscalls/setpgid.cpp
index 4a52aaf9b8..fffdecd749 100644
--- a/Kernel/Syscalls/setpgid.cpp
+++ b/Kernel/Syscalls/setpgid.cpp
@@ -120,7 +120,23 @@ ErrorOr<FlatPtr> Process::sys$setpgid(pid_t specified_pid, pid_t specified_pgid)
}
// FIXME: There are more EPERM conditions to check for here..
process->m_pg = TRY(ProcessGroup::try_find_or_create(new_pgid));
- return 0;
+ return with_mutable_protected_data([&](auto& protected_data) -> ErrorOr<FlatPtr> {
+ auto credentials = this->credentials();
+
+ auto new_credentials = TRY(Credentials::create(
+ credentials->uid(),
+ credentials->gid(),
+ credentials->euid(),
+ credentials->egid(),
+ credentials->suid(),
+ credentials->sgid(),
+ credentials->extra_gids(),
+ new_sid,
+ new_pgid));
+
+ protected_data.credentials = move(new_credentials);
+ return 0;
+ });
}
}
diff --git a/Kernel/Syscalls/setuid.cpp b/Kernel/Syscalls/setuid.cpp
index 71070bdacf..20d8948eef 100644
--- a/Kernel/Syscalls/setuid.cpp
+++ b/Kernel/Syscalls/setuid.cpp
@@ -30,7 +30,9 @@ ErrorOr<FlatPtr> Process::sys$seteuid(UserID new_euid)
credentials->egid(),
credentials->suid(),
credentials->sgid(),
- credentials->extra_gids()));
+ credentials->extra_gids(),
+ credentials->sid(),
+ credentials->pgid()));
if (credentials->euid() != new_euid)
protected_data.dumpable = false;
@@ -61,7 +63,9 @@ ErrorOr<FlatPtr> Process::sys$setegid(GroupID new_egid)
new_egid,
credentials->suid(),
credentials->sgid(),
- credentials->extra_gids()));
+ credentials->extra_gids(),
+ credentials->sid(),
+ credentials->pgid()));
if (credentials->egid() != new_egid)
protected_data.dumpable = false;
@@ -92,7 +96,9 @@ ErrorOr<FlatPtr> Process::sys$setuid(UserID new_uid)
credentials->egid(),
new_uid,
credentials->sgid(),
- credentials->extra_gids()));
+ credentials->extra_gids(),
+ credentials->sid(),
+ credentials->pgid()));
if (credentials->euid() != new_uid)
protected_data.dumpable = false;
@@ -123,7 +129,9 @@ ErrorOr<FlatPtr> Process::sys$setgid(GroupID new_gid)
new_gid,
credentials->suid(),
new_gid,
- credentials->extra_gids()));
+ credentials->extra_gids(),
+ credentials->sid(),
+ credentials->pgid()));
if (credentials->egid() != new_gid)
protected_data.dumpable = false;
@@ -160,7 +168,9 @@ ErrorOr<FlatPtr> Process::sys$setreuid(UserID new_ruid, UserID new_euid)
credentials->egid(),
credentials->suid(),
credentials->sgid(),
- credentials->extra_gids()));
+ credentials->extra_gids(),
+ credentials->sid(),
+ credentials->pgid()));
if (credentials->euid() != new_euid)
protected_data.dumpable = false;
@@ -196,7 +206,9 @@ ErrorOr<FlatPtr> Process::sys$setresuid(UserID new_ruid, UserID new_euid, UserID
credentials->egid(),
new_suid,
credentials->sgid(),
- credentials->extra_gids()));
+ credentials->extra_gids(),
+ credentials->sid(),
+ credentials->pgid()));
if (credentials->euid() != new_euid)
protected_data.dumpable = false;
@@ -230,7 +242,9 @@ ErrorOr<FlatPtr> Process::sys$setregid(GroupID new_rgid, GroupID new_egid)
new_egid,
credentials->suid(),
credentials->sgid(),
- credentials->extra_gids()));
+ credentials->extra_gids(),
+ credentials->sid(),
+ credentials->pgid()));
if (credentials->egid() != new_egid)
protected_data.dumpable = false;
@@ -266,7 +280,9 @@ ErrorOr<FlatPtr> Process::sys$setresgid(GroupID new_rgid, GroupID new_egid, Grou
new_egid,
credentials->suid(),
new_sgid,
- credentials->extra_gids()));
+ credentials->extra_gids(),
+ credentials->sid(),
+ credentials->pgid()));
if (credentials->egid() != new_egid)
protected_data.dumpable = false;
@@ -298,7 +314,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*>
credentials->egid(),
credentials->suid(),
credentials->sgid(),
- {}));
+ {},
+ credentials->sid(),
+ credentials->pgid()));
return 0;
}
@@ -324,7 +342,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*>
credentials->egid(),
credentials->suid(),
credentials->sgid(),
- new_extra_gids.span()));
+ new_extra_gids.span(),
+ credentials->sid(),
+ credentials->pgid()));
return 0;
});
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 02:28:56 +0000