Re: [PATCH 9/9] make net/core/scm.c uid comparisons user namespaceaware
From: Joe Perches
Date: Tue Oct 18 2011 - 18:14:11 EST
On Tue, 2011-10-18 at 21:54 +0000, Serge Hallyn wrote:
> From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxxxxx>
Hi Serge.
Just some trivial style notes.
> Currently uids are compared without regard for the user namespace.
> Fix that to prevent tasks in a different user namespace from
> wrongly matching on SCM_CREDENTIALS.
[]
> diff --git a/net/core/scm.c b/net/core/scm.c
> -static __inline__ int scm_check_creds(struct ucred *creds)
> +static __inline__ bool uidequiv(const struct cred *src, struct ucred *tgt,
> + struct user_namespace *ns)
Perhaps inline is better than __inline__ and do these
functions really need to be marked inline at all?
> +{
> + if (src->user_ns != ns)
> + goto check_capable;
> + if (src->uid == tgt->uid || src->euid == tgt->uid ||
> + src->suid == tgt->uid)
Perhaps this is less prone to typo errors and are a bit
more readable as:
if (tgt->uid == src->uid ||
tgt->uid == src->euid ||
tgt->uid == src->suid)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/