From 9ca979846ca45871a2b97876d2bdb7cd623f1eb1 Mon Sep 17 00:00:00 2001 From: yyny <6576327+yyny@users.noreply.github.com> Date: Mon, 19 Dec 2022 21:21:51 +0100 Subject: Kernel: Add `sid` and `pgid` to `Credentials` There are places in the kernel that would like to have access to `pgid` credentials in certain circumstances. I haven't found any use cases for `sid` yet, but `sid` and `pgid` are both changed with `sys$setpgid`, so it seemed sensical to add it. In Linux, `man 7 credentials` also mentions both the session id and process group id, so this isn't unprecedented. --- Kernel/Credentials.cpp | 8 +++++--- Kernel/Credentials.h | 8 ++++++-- Kernel/Process.cpp | 2 +- Kernel/Syscalls/execve.cpp | 4 +++- Kernel/Syscalls/setpgid.cpp | 18 +++++++++++++++++- Kernel/Syscalls/setuid.cpp | 40 ++++++++++++++++++++++++++++++---------- 6 files changed, 62 insertions(+), 18 deletions(-) (limited to 'Kernel') diff --git a/Kernel/Credentials.cpp b/Kernel/Credentials.cpp index 935b4b107f..3fb155dbc1 100644 --- a/Kernel/Credentials.cpp +++ b/Kernel/Credentials.cpp @@ -10,13 +10,13 @@ namespace Kernel { -ErrorOr> Credentials::create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span extra_gids) +ErrorOr> Credentials::create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span extra_gids, SessionID sid, ProcessGroupID pgid) { auto extra_gids_array = TRY(FixedArray::try_create(extra_gids)); - return adopt_nonnull_ref_or_enomem(new (nothrow) Credentials(uid, gid, euid, egid, suid, sgid, move(extra_gids_array))); + return adopt_nonnull_ref_or_enomem(new (nothrow) Credentials(uid, gid, euid, egid, suid, sgid, move(extra_gids_array), sid, pgid)); } -Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray extra_gids) +Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray extra_gids, SessionID sid, ProcessGroupID pgid) : m_uid(uid) , m_gid(gid) , m_euid(euid) @@ -24,6 +24,8 @@ Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, Use , m_suid(suid) , m_sgid(sgid) , m_extra_gids(move(extra_gids)) + , m_sid(sid) + , m_pgid(pgid) { } diff --git a/Kernel/Credentials.h b/Kernel/Credentials.h index e951d57c21..25e002a25e 100644 --- a/Kernel/Credentials.h +++ b/Kernel/Credentials.h @@ -14,7 +14,7 @@ namespace Kernel { class Credentials final : public AtomicRefCounted { public: - static ErrorOr> create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span extra_gids); + static ErrorOr> create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span extra_gids, SessionID sid, ProcessGroupID pgid); ~Credentials(); bool is_superuser() const { return euid() == 0; } @@ -26,11 +26,13 @@ public: UserID suid() const { return m_suid; } GroupID sgid() const { return m_sgid; } Span extra_gids() const { return m_extra_gids.span(); } + SessionID sid() const { return m_sid; }; + ProcessGroupID pgid() const { return m_pgid; } bool in_group(GroupID) const; private: - Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray extra_gids); + Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray extra_gids, SessionID sid, ProcessGroupID pgid); UserID m_uid; GroupID m_gid; @@ -39,6 +41,8 @@ private: UserID m_suid; GroupID m_sgid; FixedArray m_extra_gids; + SessionID m_sid; + ProcessGroupID m_pgid; }; } diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp index d2fbf3f3f3..6f76b0537f 100644 --- a/Kernel/Process.cpp +++ b/Kernel/Process.cpp @@ -311,7 +311,7 @@ ErrorOr> Process::try_create(LockRefPtr& firs } auto unveil_tree = UnveilNode { TRY(KString::try_create("/"sv)), UnveilMetadata(TRY(KString::try_create("/"sv))) }; auto exec_unveil_tree = UnveilNode { TRY(KString::try_create("/"sv)), UnveilMetadata(TRY(KString::try_create("/"sv))) }; - auto credentials = TRY(Credentials::create(uid, gid, uid, gid, uid, gid, {})); + auto credentials = TRY(Credentials::create(uid, gid, uid, gid, uid, gid, {}, fork_parent ? fork_parent->sid() : 0, fork_parent ? fork_parent->pgid() : 0)); auto process = TRY(adopt_nonnull_lock_ref_or_enomem(new (nothrow) Process(move(name), move(credentials), ppid, is_kernel_process, move(current_directory), move(executable), tty, move(unveil_tree), move(exec_unveil_tree)))); TRY(process->attach_resources(new_address_space.release_nonnull(), first_thread, fork_parent)); return process; diff --git a/Kernel/Syscalls/execve.cpp b/Kernel/Syscalls/execve.cpp index 4f1e06d149..43218c1134 100644 --- a/Kernel/Syscalls/execve.cpp +++ b/Kernel/Syscalls/execve.cpp @@ -540,7 +540,9 @@ ErrorOr Process::do_exec(NonnullLockRefPtr main_progr new_egid, new_suid, new_sgid, - old_credentials->extra_gids())); + old_credentials->extra_gids(), + old_credentials->sid(), + old_credentials->pgid())); } } diff --git a/Kernel/Syscalls/setpgid.cpp b/Kernel/Syscalls/setpgid.cpp index 4a52aaf9b8..fffdecd749 100644 --- a/Kernel/Syscalls/setpgid.cpp +++ b/Kernel/Syscalls/setpgid.cpp @@ -120,7 +120,23 @@ ErrorOr Process::sys$setpgid(pid_t specified_pid, pid_t specified_pgid) } // FIXME: There are more EPERM conditions to check for here.. process->m_pg = TRY(ProcessGroup::try_find_or_create(new_pgid)); - return 0; + return with_mutable_protected_data([&](auto& protected_data) -> ErrorOr { + auto credentials = this->credentials(); + + auto new_credentials = TRY(Credentials::create( + credentials->uid(), + credentials->gid(), + credentials->euid(), + credentials->egid(), + credentials->suid(), + credentials->sgid(), + credentials->extra_gids(), + new_sid, + new_pgid)); + + protected_data.credentials = move(new_credentials); + return 0; + }); } } diff --git a/Kernel/Syscalls/setuid.cpp b/Kernel/Syscalls/setuid.cpp index 71070bdacf..20d8948eef 100644 --- a/Kernel/Syscalls/setuid.cpp +++ b/Kernel/Syscalls/setuid.cpp @@ -30,7 +30,9 @@ ErrorOr Process::sys$seteuid(UserID new_euid) credentials->egid(), credentials->suid(), credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->euid() != new_euid) protected_data.dumpable = false; @@ -61,7 +63,9 @@ ErrorOr Process::sys$setegid(GroupID new_egid) new_egid, credentials->suid(), credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->egid() != new_egid) protected_data.dumpable = false; @@ -92,7 +96,9 @@ ErrorOr Process::sys$setuid(UserID new_uid) credentials->egid(), new_uid, credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->euid() != new_uid) protected_data.dumpable = false; @@ -123,7 +129,9 @@ ErrorOr Process::sys$setgid(GroupID new_gid) new_gid, credentials->suid(), new_gid, - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->egid() != new_gid) protected_data.dumpable = false; @@ -160,7 +168,9 @@ ErrorOr Process::sys$setreuid(UserID new_ruid, UserID new_euid) credentials->egid(), credentials->suid(), credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->euid() != new_euid) protected_data.dumpable = false; @@ -196,7 +206,9 @@ ErrorOr Process::sys$setresuid(UserID new_ruid, UserID new_euid, UserID credentials->egid(), new_suid, credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->euid() != new_euid) protected_data.dumpable = false; @@ -230,7 +242,9 @@ ErrorOr Process::sys$setregid(GroupID new_rgid, GroupID new_egid) new_egid, credentials->suid(), credentials->sgid(), - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->egid() != new_egid) protected_data.dumpable = false; @@ -266,7 +280,9 @@ ErrorOr Process::sys$setresgid(GroupID new_rgid, GroupID new_egid, Grou new_egid, credentials->suid(), new_sgid, - credentials->extra_gids())); + credentials->extra_gids(), + credentials->sid(), + credentials->pgid())); if (credentials->egid() != new_egid) protected_data.dumpable = false; @@ -298,7 +314,9 @@ ErrorOr Process::sys$setgroups(size_t count, Userspace credentials->egid(), credentials->suid(), credentials->sgid(), - {})); + {}, + credentials->sid(), + credentials->pgid())); return 0; } @@ -324,7 +342,9 @@ ErrorOr Process::sys$setgroups(size_t count, Userspace credentials->egid(), credentials->suid(), credentials->sgid(), - new_extra_gids.span())); + new_extra_gids.span(), + credentials->sid(), + credentials->pgid())); return 0; }); } -- cgit v1.2.3