diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-03-04 00:17:15 -0500 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-05-03 06:29:34 -0400 |
commit | 8e96e3b7b8407be794ab1fd8e4b332818a358e78 (patch) | |
tree | f27756bb2ec49e586221ac669ea00c68e8a2ee58 /fs | |
parent | 72cda3d1ef24ab0a9a89c15e9776ca737b75f45a (diff) |
userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/attr.c | 8 | ||||
-rw-r--r-- | fs/exec.c | 10 | ||||
-rw-r--r-- | fs/fcntl.c | 6 | ||||
-rw-r--r-- | fs/ioprio.c | 4 | ||||
-rw-r--r-- | fs/locks.c | 2 | ||||
-rw-r--r-- | fs/namei.c | 8 |
6 files changed, 19 insertions, 19 deletions
@@ -47,14 +47,14 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr) | |||
47 | 47 | ||
48 | /* Make sure a caller can chown. */ | 48 | /* Make sure a caller can chown. */ |
49 | if ((ia_valid & ATTR_UID) && | 49 | if ((ia_valid & ATTR_UID) && |
50 | (current_fsuid() != inode->i_uid || | 50 | (!uid_eq(current_fsuid(), inode->i_uid) || |
51 | attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) | 51 | !uid_eq(attr->ia_uid, inode->i_uid)) && !capable(CAP_CHOWN)) |
52 | return -EPERM; | 52 | return -EPERM; |
53 | 53 | ||
54 | /* Make sure caller can chgrp. */ | 54 | /* Make sure caller can chgrp. */ |
55 | if ((ia_valid & ATTR_GID) && | 55 | if ((ia_valid & ATTR_GID) && |
56 | (current_fsuid() != inode->i_uid || | 56 | (!uid_eq(current_fsuid(), inode->i_uid) || |
57 | (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && | 57 | (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) && |
58 | !capable(CAP_CHOWN)) | 58 | !capable(CAP_CHOWN)) |
59 | return -EPERM; | 59 | return -EPERM; |
60 | 60 | ||
@@ -1139,7 +1139,7 @@ void setup_new_exec(struct linux_binprm * bprm) | |||
1139 | /* This is the point of no return */ | 1139 | /* This is the point of no return */ |
1140 | current->sas_ss_sp = current->sas_ss_size = 0; | 1140 | current->sas_ss_sp = current->sas_ss_size = 0; |
1141 | 1141 | ||
1142 | if (current_euid() == current_uid() && current_egid() == current_gid()) | 1142 | if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid())) |
1143 | set_dumpable(current->mm, 1); | 1143 | set_dumpable(current->mm, 1); |
1144 | else | 1144 | else |
1145 | set_dumpable(current->mm, suid_dumpable); | 1145 | set_dumpable(current->mm, suid_dumpable); |
@@ -1153,8 +1153,8 @@ void setup_new_exec(struct linux_binprm * bprm) | |||
1153 | current->mm->task_size = TASK_SIZE; | 1153 | current->mm->task_size = TASK_SIZE; |
1154 | 1154 | ||
1155 | /* install the new credentials */ | 1155 | /* install the new credentials */ |
1156 | if (bprm->cred->uid != current_euid() || | 1156 | if (!uid_eq(bprm->cred->uid, current_euid()) || |
1157 | bprm->cred->gid != current_egid()) { | 1157 | !gid_eq(bprm->cred->gid, current_egid())) { |
1158 | current->pdeath_signal = 0; | 1158 | current->pdeath_signal = 0; |
1159 | } else { | 1159 | } else { |
1160 | would_dump(bprm, bprm->file); | 1160 | would_dump(bprm, bprm->file); |
@@ -2120,7 +2120,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) | |||
2120 | if (__get_dumpable(cprm.mm_flags) == 2) { | 2120 | if (__get_dumpable(cprm.mm_flags) == 2) { |
2121 | /* Setuid core dump mode */ | 2121 | /* Setuid core dump mode */ |
2122 | flag = O_EXCL; /* Stop rewrite attacks */ | 2122 | flag = O_EXCL; /* Stop rewrite attacks */ |
2123 | cred->fsuid = 0; /* Dump root private */ | 2123 | cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ |
2124 | } | 2124 | } |
2125 | 2125 | ||
2126 | retval = coredump_wait(exit_code, &core_state); | 2126 | retval = coredump_wait(exit_code, &core_state); |
@@ -2221,7 +2221,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) | |||
2221 | * Dont allow local users get cute and trick others to coredump | 2221 | * Dont allow local users get cute and trick others to coredump |
2222 | * into their pre-created files. | 2222 | * into their pre-created files. |
2223 | */ | 2223 | */ |
2224 | if (inode->i_uid != current_fsuid()) | 2224 | if (!uid_eq(inode->i_uid, current_fsuid())) |
2225 | goto close_fail; | 2225 | goto close_fail; |
2226 | if (!cprm.file->f_op || !cprm.file->f_op->write) | 2226 | if (!cprm.file->f_op || !cprm.file->f_op->write) |
2227 | goto close_fail; | 2227 | goto close_fail; |
diff --git a/fs/fcntl.c b/fs/fcntl.c index 75e7c1f3a080..d078b75572a7 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c | |||
@@ -532,9 +532,9 @@ static inline int sigio_perm(struct task_struct *p, | |||
532 | 532 | ||
533 | rcu_read_lock(); | 533 | rcu_read_lock(); |
534 | cred = __task_cred(p); | 534 | cred = __task_cred(p); |
535 | ret = ((fown->euid == 0 || | 535 | ret = ((uid_eq(fown->euid, GLOBAL_ROOT_UID) || |
536 | fown->euid == cred->suid || fown->euid == cred->uid || | 536 | uid_eq(fown->euid, cred->suid) || uid_eq(fown->euid, cred->uid) || |
537 | fown->uid == cred->suid || fown->uid == cred->uid) && | 537 | uid_eq(fown->uid, cred->suid) || uid_eq(fown->uid, cred->uid)) && |
538 | !security_file_send_sigiotask(p, fown, sig)); | 538 | !security_file_send_sigiotask(p, fown, sig)); |
539 | rcu_read_unlock(); | 539 | rcu_read_unlock(); |
540 | return ret; | 540 | return ret; |
diff --git a/fs/ioprio.c b/fs/ioprio.c index 2072e41785d2..5e6dbe8958fc 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c | |||
@@ -37,8 +37,8 @@ int set_task_ioprio(struct task_struct *task, int ioprio) | |||
37 | 37 | ||
38 | rcu_read_lock(); | 38 | rcu_read_lock(); |
39 | tcred = __task_cred(task); | 39 | tcred = __task_cred(task); |
40 | if (tcred->uid != cred->euid && | 40 | if (!uid_eq(tcred->uid, cred->euid) && |
41 | tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) { | 41 | !uid_eq(tcred->uid, cred->uid) && !capable(CAP_SYS_NICE)) { |
42 | rcu_read_unlock(); | 42 | rcu_read_unlock(); |
43 | return -EPERM; | 43 | return -EPERM; |
44 | } | 44 | } |
diff --git a/fs/locks.c b/fs/locks.c index 637694bf3a03..3e946cda98c6 100644 --- a/fs/locks.c +++ b/fs/locks.c | |||
@@ -1445,7 +1445,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp) | |||
1445 | struct inode *inode = dentry->d_inode; | 1445 | struct inode *inode = dentry->d_inode; |
1446 | int error; | 1446 | int error; |
1447 | 1447 | ||
1448 | if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE)) | 1448 | if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE)) |
1449 | return -EACCES; | 1449 | return -EACCES; |
1450 | if (!S_ISREG(inode->i_mode)) | 1450 | if (!S_ISREG(inode->i_mode)) |
1451 | return -EINVAL; | 1451 | return -EINVAL; |
diff --git a/fs/namei.c b/fs/namei.c index 941c4362e298..86512b4d38fd 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -228,7 +228,7 @@ static int acl_permission_check(struct inode *inode, int mask) | |||
228 | { | 228 | { |
229 | unsigned int mode = inode->i_mode; | 229 | unsigned int mode = inode->i_mode; |
230 | 230 | ||
231 | if (likely(current_fsuid() == inode->i_uid)) | 231 | if (likely(uid_eq(current_fsuid(), inode->i_uid))) |
232 | mode >>= 6; | 232 | mode >>= 6; |
233 | else { | 233 | else { |
234 | if (IS_POSIXACL(inode) && (mode & S_IRWXG)) { | 234 | if (IS_POSIXACL(inode) && (mode & S_IRWXG)) { |
@@ -1956,13 +1956,13 @@ static int user_path_parent(int dfd, const char __user *path, | |||
1956 | */ | 1956 | */ |
1957 | static inline int check_sticky(struct inode *dir, struct inode *inode) | 1957 | static inline int check_sticky(struct inode *dir, struct inode *inode) |
1958 | { | 1958 | { |
1959 | uid_t fsuid = current_fsuid(); | 1959 | kuid_t fsuid = current_fsuid(); |
1960 | 1960 | ||
1961 | if (!(dir->i_mode & S_ISVTX)) | 1961 | if (!(dir->i_mode & S_ISVTX)) |
1962 | return 0; | 1962 | return 0; |
1963 | if (inode->i_uid == fsuid) | 1963 | if (uid_eq(inode->i_uid, fsuid)) |
1964 | return 0; | 1964 | return 0; |
1965 | if (dir->i_uid == fsuid) | 1965 | if (uid_eq(dir->i_uid, fsuid)) |
1966 | return 0; | 1966 | return 0; |
1967 | return !inode_capable(inode, CAP_FOWNER); | 1967 | return !inode_capable(inode, CAP_FOWNER); |
1968 | } | 1968 | } |