[PATCH 1/6] p9auth: set fsuid

From: serue
Date: Tue Feb 02 2010 - 10:57:37 EST

Next message: serue: "[PATCH 6/6] p9auth: do groups"
Previous message: Linus Torvalds: "Re: [PATCH][RFC] %pd - for printing dentry name"
Next in thread: serue: "[PATCH 6/6] p9auth: do groups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Serge E. Hallyn <serue@xxxxxxxxxx>

fsuid should always trail euid changes. So p9auth should
set fsuid as well when it sets ruid and euid. Whether the
suid should also be set is an open question - keeping the
old uid in suid may be useful, or may just serve to trick
lazy userspace.

Note that so long as we do not also set suid, the setuid_fixup()
code will not (when we later switch to setresuid()) fully
fill/clear capability sets. So while I had previously thought
that keeping suid unchanged would be useful, I think it is
better to change all uids.

Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
Cc: Greg KH <greg@xxxxxxxxx>
cc: rsc@xxxxxxxxx
Cc: Ashwin Ganti <ashwin.ganti@xxxxxxxxx>
Cc: ericvh@xxxxxxxxx
Cc: devel@xxxxxxxxxxxxxxxxxxxxxx
Cc: linux-kernel@xxxxxxxxxxxxxxx
Cc: Ron Minnich <rminnich@xxxxxxxxx>
---
drivers/staging/p9auth/p9auth.c | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/p9auth/p9auth.c b/drivers/staging/p9auth/p9auth.c
index db79626..70ef45b 100644
--- a/drivers/staging/p9auth/p9auth.c
+++ b/drivers/staging/p9auth/p9auth.c
@@ -275,10 +275,14 @@ static ssize_t cap_write(struct file *filp, const char __user *buf,
goto out;
}
/*
- * What all id's need to be changed here? uid,
- * euid, fsid, savedids ?? Currently I am
- * changing the effective user id since most of
- * the authorisation decisions are based on it
+ * Change all uids. It might be useful to
+ * keep suid unchanged, however that will
+ * mean that changing from uid=0 to uid=!0
+ * pP is not emptied (only pE is), and when
+ * changing from uid=!0 to uid=0, sets are
+ * not filled. They will be correct after
+ * the next exec, but this is IMO not
+ * sufficient. So change all uids.
*/
new = prepare_creds();
if (!new) {
@@ -286,7 +290,7 @@ static ssize_t cap_write(struct file *filp, const char __user *buf,
goto out;
}
new->uid = (uid_t) target_int;
- new->euid = (uid_t) target_int;
+ new->suid = new->fsuid = new->euid = new->uid;
retval = commit_creds(new);
if (retval)
goto out;
--
1.6.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: serue: "[PATCH 6/6] p9auth: do groups"
Previous message: Linus Torvalds: "Re: [PATCH][RFC] %pd - for printing dentry name"
Next in thread: serue: "[PATCH 6/6] p9auth: do groups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]