diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:05 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:05 -0500 |
| commit | da9592edebceeba1b9301beafe80ec8b9c2db0ce (patch) | |
| tree | 00c110cd8ff6d211d76ab4868b6175096a38aad5 /fs/exec.c | |
| parent | 82ab8deda7fef36f067ccdeacc3b3caefc970f89 (diff) | |
CRED: Wrap task credential accesses in the filesystem subsystem
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.
Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().
Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/exec.c')
| -rw-r--r-- | fs/exec.c | 18 |
1 files changed, 9 insertions, 9 deletions
| @@ -980,7 +980,7 @@ int flush_old_exec(struct linux_binprm * bprm) | |||
| 980 | /* This is the point of no return */ | 980 | /* This is the point of no return */ |
| 981 | current->sas_ss_sp = current->sas_ss_size = 0; | 981 | current->sas_ss_sp = current->sas_ss_size = 0; |
| 982 | 982 | ||
| 983 | if (current->euid == current->uid && current->egid == current->gid) | 983 | if (current_euid() == current_uid() && current_egid() == current_gid()) |
| 984 | set_dumpable(current->mm, 1); | 984 | set_dumpable(current->mm, 1); |
| 985 | else | 985 | else |
| 986 | set_dumpable(current->mm, suid_dumpable); | 986 | set_dumpable(current->mm, suid_dumpable); |
| @@ -1007,7 +1007,7 @@ int flush_old_exec(struct linux_binprm * bprm) | |||
| 1007 | */ | 1007 | */ |
| 1008 | current->mm->task_size = TASK_SIZE; | 1008 | current->mm->task_size = TASK_SIZE; |
| 1009 | 1009 | ||
| 1010 | if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) { | 1010 | if (bprm->e_uid != current_euid() || bprm->e_gid != current_egid()) { |
| 1011 | suid_keys(current); | 1011 | suid_keys(current); |
| 1012 | set_dumpable(current->mm, suid_dumpable); | 1012 | set_dumpable(current->mm, suid_dumpable); |
| 1013 | current->pdeath_signal = 0; | 1013 | current->pdeath_signal = 0; |
| @@ -1047,8 +1047,8 @@ int prepare_binprm(struct linux_binprm *bprm) | |||
| 1047 | if (bprm->file->f_op == NULL) | 1047 | if (bprm->file->f_op == NULL) |
| 1048 | return -EACCES; | 1048 | return -EACCES; |
| 1049 | 1049 | ||
| 1050 | bprm->e_uid = current->euid; | 1050 | bprm->e_uid = current_euid(); |
| 1051 | bprm->e_gid = current->egid; | 1051 | bprm->e_gid = current_egid(); |
| 1052 | 1052 | ||
| 1053 | if(!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { | 1053 | if(!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { |
| 1054 | /* Set-uid? */ | 1054 | /* Set-uid? */ |
| @@ -1096,7 +1096,7 @@ void compute_creds(struct linux_binprm *bprm) | |||
| 1096 | { | 1096 | { |
| 1097 | int unsafe; | 1097 | int unsafe; |
| 1098 | 1098 | ||
| 1099 | if (bprm->e_uid != current->uid) { | 1099 | if (bprm->e_uid != current_uid()) { |
| 1100 | suid_keys(current); | 1100 | suid_keys(current); |
| 1101 | current->pdeath_signal = 0; | 1101 | current->pdeath_signal = 0; |
| 1102 | } | 1102 | } |
| @@ -1424,7 +1424,7 @@ static int format_corename(char *corename, long signr) | |||
| 1424 | /* uid */ | 1424 | /* uid */ |
| 1425 | case 'u': | 1425 | case 'u': |
| 1426 | rc = snprintf(out_ptr, out_end - out_ptr, | 1426 | rc = snprintf(out_ptr, out_end - out_ptr, |
| 1427 | "%d", current->uid); | 1427 | "%d", current_uid()); |
| 1428 | if (rc > out_end - out_ptr) | 1428 | if (rc > out_end - out_ptr) |
| 1429 | goto out; | 1429 | goto out; |
| 1430 | out_ptr += rc; | 1430 | out_ptr += rc; |
| @@ -1432,7 +1432,7 @@ static int format_corename(char *corename, long signr) | |||
| 1432 | /* gid */ | 1432 | /* gid */ |
| 1433 | case 'g': | 1433 | case 'g': |
| 1434 | rc = snprintf(out_ptr, out_end - out_ptr, | 1434 | rc = snprintf(out_ptr, out_end - out_ptr, |
| 1435 | "%d", current->gid); | 1435 | "%d", current_gid()); |
| 1436 | if (rc > out_end - out_ptr) | 1436 | if (rc > out_end - out_ptr) |
| 1437 | goto out; | 1437 | goto out; |
| 1438 | out_ptr += rc; | 1438 | out_ptr += rc; |
| @@ -1709,7 +1709,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
| 1709 | struct inode * inode; | 1709 | struct inode * inode; |
| 1710 | struct file * file; | 1710 | struct file * file; |
| 1711 | int retval = 0; | 1711 | int retval = 0; |
| 1712 | int fsuid = current->fsuid; | 1712 | int fsuid = current_fsuid(); |
| 1713 | int flag = 0; | 1713 | int flag = 0; |
| 1714 | int ispipe = 0; | 1714 | int ispipe = 0; |
| 1715 | unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; | 1715 | unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; |
| @@ -1815,7 +1815,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
| 1815 | * Dont allow local users get cute and trick others to coredump | 1815 | * Dont allow local users get cute and trick others to coredump |
| 1816 | * into their pre-created files: | 1816 | * into their pre-created files: |
| 1817 | */ | 1817 | */ |
| 1818 | if (inode->i_uid != current->fsuid) | 1818 | if (inode->i_uid != current_fsuid()) |
| 1819 | goto close_fail; | 1819 | goto close_fail; |
| 1820 | if (!file->f_op) | 1820 | if (!file->f_op) |
| 1821 | goto close_fail; | 1821 | goto close_fail; |