We use cookies to ensure you get the best experience on our website
Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
0ct0pu5
/
ladybird
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 90c0f9664e
Branche Tagy
ladybird
/
Kernel
/
Syscalls
/
setuid.cpp

setuid.cpp 5.0 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 
  1. /*
    2. 

  2.  * Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
    3. 

  3.  * All rights reserved.
    4. 

  4.  *
    5. 

  5.  * Redistribution and use in source and binary forms, with or without
    6. 

  6.  * modification, are permitted provided that the following conditions are met:
    7. 

  7.  *
    8. 

  8.  * 1. Redistributions of source code must retain the above copyright notice, this
    9. 

  9.  *    list of conditions and the following disclaimer.
    10. 

  10.  *
    11. 

  11.  * 2. Redistributions in binary form must reproduce the above copyright notice,
    12. 

  12.  *    this list of conditions and the following disclaimer in the documentation
    13. 

  13.  *    and/or other materials provided with the distribution.
    14. 

  14.  *
    15. 

  15.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
    16. 

  16.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    17. 

  17.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
    18. 

  18.  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
    19. 

  19.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
    20. 

  20.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
    21. 

  21.  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
    22. 

  22.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
    23. 

  23.  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    24. 

  24.  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    25. 

  25.  */
    26. 

  26. 

  27. #include <Kernel/Process.h>
    28. 

  28. 

  29. namespace Kernel {
    30. 

  30. 

  31. KResultOr<int> Process::sys$seteuid(uid_t new_euid)
    32. 

  32. {
    33. 

  33.     REQUIRE_PROMISE(id);
    34. 

  34. 

  35.     if (new_euid != uid() && new_euid != suid() && !is_superuser())
    36. 

  36.         return EPERM;
    37. 

  37. 

  38.     if (euid() != new_euid)
    39. 

  39.         set_dumpable(false);
    40. 

  40. 

  41.     ProtectedDataMutationScope scope { *this };
    42. 

  42. 

  43.     m_euid = new_euid;
    44. 

  44.     return 0;
    45. 

  45. }
    46. 

  46. 

  47. KResultOr<int> Process::sys$setegid(gid_t new_egid)
    48. 

  48. {
    49. 

  49.     REQUIRE_PROMISE(id);
    50. 

  50. 

  51.     if (new_egid != gid() && new_egid != sgid() && !is_superuser())
    52. 

  52.         return EPERM;
    53. 

  53. 

  54.     if (egid() != new_egid)
    55. 

  55.         set_dumpable(false);
    56. 

  56. 

  57.     ProtectedDataMutationScope scope { *this };
    58. 

  58.     m_egid = new_egid;
    59. 

  59.     return 0;
    60. 

  60. }
    61. 

  61. 

  62. KResultOr<int> Process::sys$setuid(uid_t new_uid)
    63. 

  63. {
    64. 

  64.     REQUIRE_PROMISE(id);
    65. 

  65. 

  66.     if (new_uid != uid() && new_uid != euid() && !is_superuser())
    67. 

  67.         return EPERM;
    68. 

  68. 

  69.     if (euid() != new_uid)
    70. 

  70.         set_dumpable(false);
    71. 

  71. 

  72.     ProtectedDataMutationScope scope { *this };
    73. 

  73.     m_uid = new_uid;
    74. 

  74.     m_euid = new_uid;
    75. 

  75.     m_suid = new_uid;
    76. 

  76.     return 0;
    77. 

  77. }
    78. 

  78. 

  79. KResultOr<int> Process::sys$setgid(gid_t new_gid)
    80. 

  80. {
    81. 

  81.     REQUIRE_PROMISE(id);
    82. 

  82. 

  83.     if (new_gid != gid() && new_gid != egid() && !is_superuser())
    84. 

  84.         return EPERM;
    85. 

  85. 

  86.     if (egid() != new_gid)
    87. 

  87.         set_dumpable(false);
    88. 

  88. 

  89.     ProtectedDataMutationScope scope { *this };
    90. 

  90.     m_gid = new_gid;
    91. 

  91.     m_egid = new_gid;
    92. 

  92.     m_sgid = new_gid;
    93. 

  93.     return 0;
    94. 

  94. }
    95. 

  95. 

  96. KResultOr<int> Process::sys$setresuid(uid_t new_ruid, uid_t new_euid, uid_t new_suid)
    97. 

  97. {
    98. 

  98.     REQUIRE_PROMISE(id);
    99. 

  99. 

  100.     if (new_ruid == (uid_t)-1)
    101. 

  101.         new_ruid = uid();
    102. 

  102.     if (new_euid == (uid_t)-1)
    103. 

  103.         new_euid = euid();
    104. 

  104.     if (new_suid == (uid_t)-1)
    105. 

  105.         new_suid = suid();
    106. 

  106. 

  107.     auto ok = [this](uid_t id) { return id == uid() || id == euid() || id == suid(); };
    108. 

  108.     if ((!ok(new_ruid) || !ok(new_euid) || !ok(new_suid)) && !is_superuser())
    109. 

  109.         return EPERM;
    110. 

  110. 

  111.     if (euid() != new_euid)
    112. 

  112.         set_dumpable(false);
    113. 

  113. 

  114.     ProtectedDataMutationScope scope { *this };
    115. 

  115.     m_uid = new_ruid;
    116. 

  116.     m_euid = new_euid;
    117. 

  117.     m_suid = new_suid;
    118. 

  118.     return 0;
    119. 

  119. }
    120. 

  120. 

  121. KResultOr<int> Process::sys$setresgid(gid_t new_rgid, gid_t new_egid, gid_t new_sgid)
    122. 

  122. {
    123. 

  123.     REQUIRE_PROMISE(id);
    124. 

  124. 

  125.     if (new_rgid == (gid_t)-1)
    126. 

  126.         new_rgid = gid();
    127. 

  127.     if (new_egid == (gid_t)-1)
    128. 

  128.         new_egid = egid();
    129. 

  129.     if (new_sgid == (gid_t)-1)
    130. 

  130.         new_sgid = sgid();
    131. 

  131. 

  132.     auto ok = [this](gid_t id) { return id == gid() || id == egid() || id == sgid(); };
    133. 

  133.     if ((!ok(new_rgid) || !ok(new_egid) || !ok(new_sgid)) && !is_superuser())
    134. 

  134.         return EPERM;
    135. 

  135. 

  136.     if (egid() != new_egid)
    137. 

  137.         set_dumpable(false);
    138. 

  138. 

  139.     ProtectedDataMutationScope scope { *this };
    140. 

  140.     m_gid = new_rgid;
    141. 

  141.     m_egid = new_egid;
    142. 

  142.     m_sgid = new_sgid;
    143. 

  143.     return 0;
    144. 

  144. }
    145. 

  145. 

  146. KResultOr<int> Process::sys$setgroups(ssize_t count, Userspace<const gid_t*> user_gids)
    147. 

  147. {
    148. 

  148.     REQUIRE_PROMISE(id);
    149. 

  149.     if (count < 0)
    150. 

  150.         return EINVAL;
    151. 

  151.     if (!is_superuser())
    152. 

  152.         return EPERM;
    153. 

  153. 

  154.     if (!count) {
    155. 

  155.         ProtectedDataMutationScope scope { *this };
    156. 

  156.         m_extra_gids.clear();
    157. 

  157.         return 0;
    158. 

  158.     }
    159. 

  159. 

  160.     Vector<gid_t> new_extra_gids;
    161. 

  161.     new_extra_gids.resize(count);
    162. 

  162.     if (!copy_n_from_user(new_extra_gids.data(), user_gids, count))
    163. 

  163.         return EFAULT;
    164. 

  164. 

  165.     HashTable<gid_t> unique_extra_gids;
    166. 

  166.     for (auto& extra_gid : new_extra_gids) {
    167. 

  167.         if (extra_gid != gid())
    168. 

  168.             unique_extra_gids.set(extra_gid);
    169. 

  169.     }
    170. 

  170. 

  171.     ProtectedDataMutationScope scope { *this };
    172. 

  172.     m_extra_gids.resize(unique_extra_gids.size());
    173. 

  173.     size_t i = 0;
    174. 

  174.     for (auto& extra_gid : unique_extra_gids) {
    175. 

  175.         if (extra_gid == gid())
    176. 

  176.             continue;
    177. 

  177.         m_extra_gids[i++] = extra_gid;
    178. 

  178.     }
    179. 

  179.     return 0;
    180. 

  180. }
    181. 

  181. 

  182. }
    183.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5