Re: access(2) using effective uid instead of real one?
2009/8/11 Alex <ahornung@gmail.com>:
> As far as I can see it should be trivial to change it touse the real
> uid in vop_helper_access. Just change the references to cr_uid and
> cr_gid to cr_ruid and cr_rgid.
> If this is how it should be or shouldn't... I don't know.
I reckon that's one possibility.
Alternatively, the credentials passed to VOP_ACCESS() can be changed
as shown in the patch below. Doing it this way simplifies the
incoming implementation of faccessat(2) which can check either the
effective or real uid/gid.
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 0c723e4..12d3b53 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -2318,8 +2318,16 @@ int
kern_access(struct nlookupdata *nd, int aflags)
{
struct vnode *vp;
+ struct ucred *cr;
int error, flags;
+ /*
+ * Perform check with real uid/gid
+ */
+ cr = cratom(&nd->nl_cred);
+ cr->cr_uid = cr->cr_ruid;
+ cr->cr_groups[0] = cr->cr_rgid;
+
if ((error = nlookup(nd)) != 0)
return (error);
retry:
討論串 (同標題文章)
完整討論串 (本文為第 4 之 9 篇):