aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2012-03-04 00:17:15 -0500
committerEric W. Biederman <ebiederm@xmission.com>2012-05-03 06:29:34 -0400
commit8e96e3b7b8407be794ab1fd8e4b332818a358e78 (patch)
treef27756bb2ec49e586221ac669ea00c68e8a2ee58 /fs
parent72cda3d1ef24ab0a9a89c15e9776ca737b75f45a (diff)
userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs
Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/attr.c8
-rw-r--r--fs/exec.c10
-rw-r--r--fs/fcntl.c6
-rw-r--r--fs/ioprio.c4
-rw-r--r--fs/locks.c2
-rw-r--r--fs/namei.c8
6 files changed, 19 insertions, 19 deletions
diff --git a/fs/attr.c b/fs/attr.c
index 73f69a6ce9ed..584620e5dee5 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -47,14 +47,14 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
47 47
48 /* Make sure a caller can chown. */ 48 /* Make sure a caller can chown. */
49 if ((ia_valid & ATTR_UID) && 49 if ((ia_valid & ATTR_UID) &&
50 (current_fsuid() != inode->i_uid || 50 (!uid_eq(current_fsuid(), inode->i_uid) ||
51 attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) 51 !uid_eq(attr->ia_uid, inode->i_uid)) && !capable(CAP_CHOWN))
52 return -EPERM; 52 return -EPERM;
53 53
54 /* Make sure caller can chgrp. */ 54 /* Make sure caller can chgrp. */
55 if ((ia_valid & ATTR_GID) && 55 if ((ia_valid & ATTR_GID) &&
56 (current_fsuid() != inode->i_uid || 56 (!uid_eq(current_fsuid(), inode->i_uid) ||
57 (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && 57 (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) &&
58 !capable(CAP_CHOWN)) 58 !capable(CAP_CHOWN))
59 return -EPERM; 59 return -EPERM;
60 60
diff --git a/fs/exec.c b/fs/exec.c
index 9a1d9f0a60ab..00ae2ef100d8 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1139,7 +1139,7 @@ void setup_new_exec(struct linux_binprm * bprm)
1139 /* This is the point of no return */ 1139 /* This is the point of no return */
1140 current->sas_ss_sp = current->sas_ss_size = 0; 1140 current->sas_ss_sp = current->sas_ss_size = 0;
1141 1141
1142 if (current_euid() == current_uid() && current_egid() == current_gid()) 1142 if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid()))
1143 set_dumpable(current->mm, 1); 1143 set_dumpable(current->mm, 1);
1144 else 1144 else
1145 set_dumpable(current->mm, suid_dumpable); 1145 set_dumpable(current->mm, suid_dumpable);
@@ -1153,8 +1153,8 @@ void setup_new_exec(struct linux_binprm * bprm)
1153 current->mm->task_size = TASK_SIZE; 1153 current->mm->task_size = TASK_SIZE;
1154 1154
1155 /* install the new credentials */ 1155 /* install the new credentials */
1156 if (bprm->cred->uid != current_euid() || 1156 if (!uid_eq(bprm->cred->uid, current_euid()) ||
1157 bprm->cred->gid != current_egid()) { 1157 !gid_eq(bprm->cred->gid, current_egid())) {
1158 current->pdeath_signal = 0; 1158 current->pdeath_signal = 0;
1159 } else { 1159 } else {
1160 would_dump(bprm, bprm->file); 1160 would_dump(bprm, bprm->file);
@@ -2120,7 +2120,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
2120 if (__get_dumpable(cprm.mm_flags) == 2) { 2120 if (__get_dumpable(cprm.mm_flags) == 2) {
2121 /* Setuid core dump mode */ 2121 /* Setuid core dump mode */
2122 flag = O_EXCL; /* Stop rewrite attacks */ 2122 flag = O_EXCL; /* Stop rewrite attacks */
2123 cred->fsuid = 0; /* Dump root private */ 2123 cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */
2124 } 2124 }
2125 2125
2126 retval = coredump_wait(exit_code, &core_state); 2126 retval = coredump_wait(exit_code, &core_state);
@@ -2221,7 +2221,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
2221 * Dont allow local users get cute and trick others to coredump 2221 * Dont allow local users get cute and trick others to coredump
2222 * into their pre-created files. 2222 * into their pre-created files.
2223 */ 2223 */
2224 if (inode->i_uid != current_fsuid()) 2224 if (!uid_eq(inode->i_uid, current_fsuid()))
2225 goto close_fail; 2225 goto close_fail;
2226 if (!cprm.file->f_op || !cprm.file->f_op->write) 2226 if (!cprm.file->f_op || !cprm.file->f_op->write)
2227 goto close_fail; 2227 goto close_fail;
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 75e7c1f3a080..d078b75572a7 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -532,9 +532,9 @@ static inline int sigio_perm(struct task_struct *p,
532 532
533 rcu_read_lock(); 533 rcu_read_lock();
534 cred = __task_cred(p); 534 cred = __task_cred(p);
535 ret = ((fown->euid == 0 || 535 ret = ((uid_eq(fown->euid, GLOBAL_ROOT_UID) ||
536 fown->euid == cred->suid || fown->euid == cred->uid || 536 uid_eq(fown->euid, cred->suid) || uid_eq(fown->euid, cred->uid) ||
537 fown->uid == cred->suid || fown->uid == cred->uid) && 537 uid_eq(fown->uid, cred->suid) || uid_eq(fown->uid, cred->uid)) &&
538 !security_file_send_sigiotask(p, fown, sig)); 538 !security_file_send_sigiotask(p, fown, sig));
539 rcu_read_unlock(); 539 rcu_read_unlock();
540 return ret; 540 return ret;
diff --git a/fs/ioprio.c b/fs/ioprio.c
index 2072e41785d2..5e6dbe8958fc 100644
--- a/fs/ioprio.c
+++ b/fs/ioprio.c
@@ -37,8 +37,8 @@ int set_task_ioprio(struct task_struct *task, int ioprio)
37 37
38 rcu_read_lock(); 38 rcu_read_lock();
39 tcred = __task_cred(task); 39 tcred = __task_cred(task);
40 if (tcred->uid != cred->euid && 40 if (!uid_eq(tcred->uid, cred->euid) &&
41 tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) { 41 !uid_eq(tcred->uid, cred->uid) && !capable(CAP_SYS_NICE)) {
42 rcu_read_unlock(); 42 rcu_read_unlock();
43 return -EPERM; 43 return -EPERM;
44 } 44 }
diff --git a/fs/locks.c b/fs/locks.c
index 637694bf3a03..3e946cda98c6 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1445,7 +1445,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
1445 struct inode *inode = dentry->d_inode; 1445 struct inode *inode = dentry->d_inode;
1446 int error; 1446 int error;
1447 1447
1448 if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE)) 1448 if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
1449 return -EACCES; 1449 return -EACCES;
1450 if (!S_ISREG(inode->i_mode)) 1450 if (!S_ISREG(inode->i_mode))
1451 return -EINVAL; 1451 return -EINVAL;
diff --git a/fs/namei.c b/fs/namei.c
index 941c4362e298..86512b4d38fd 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -228,7 +228,7 @@ static int acl_permission_check(struct inode *inode, int mask)
228{ 228{
229 unsigned int mode = inode->i_mode; 229 unsigned int mode = inode->i_mode;
230 230
231 if (likely(current_fsuid() == inode->i_uid)) 231 if (likely(uid_eq(current_fsuid(), inode->i_uid)))
232 mode >>= 6; 232 mode >>= 6;
233 else { 233 else {
234 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) { 234 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
@@ -1956,13 +1956,13 @@ static int user_path_parent(int dfd, const char __user *path,
1956 */ 1956 */
1957static inline int check_sticky(struct inode *dir, struct inode *inode) 1957static inline int check_sticky(struct inode *dir, struct inode *inode)
1958{ 1958{
1959 uid_t fsuid = current_fsuid(); 1959 kuid_t fsuid = current_fsuid();
1960 1960
1961 if (!(dir->i_mode & S_ISVTX)) 1961 if (!(dir->i_mode & S_ISVTX))
1962 return 0; 1962 return 0;
1963 if (inode->i_uid == fsuid) 1963 if (uid_eq(inode->i_uid, fsuid))
1964 return 0; 1964 return 0;
1965 if (dir->i_uid == fsuid) 1965 if (uid_eq(dir->i_uid, fsuid))
1966 return 0; 1966 return 0;
1967 return !inode_capable(inode, CAP_FOWNER); 1967 return !inode_capable(inode, CAP_FOWNER);
1968} 1968}