diff options
author | Justus Winter <justus@gnupg.org> | 2016-04-25 01:38:45 +0200 |
---|---|---|
committer | Justus Winter <justus@gnupg.org> | 2016-04-26 14:49:46 +0200 |
commit | 94ce9fa4c443ec9a0e6ecc92cb6b07534c321c75 (patch) | |
tree | c648e34b5b21eed772bb1d8920b30ac59f34d04b | |
parent | d67a86c9690c2a9984ca6e9f3c376956495897f4 (diff) |
libtrivfs: fix notion of privileged user
Set 'is_root' if the node has been opened by the root user (this was
the old behavior) or if it has been opened by the user the translator
is executing under.
This fixes the irritating bug that an unprivileged user cannot control
her own trivfs-based translators. It does not change how privileged
trivfs translators work.
* libtrivfs/io-reauthenticate.c (trivfs_S_io_reauthenticate): Use the
new function to compute 'isroot'.
* libtrivfs/io-restrict-auth.c (trivfs_S_io_restrict_auth): Likewise.
* libtrivfs/open.c (trivfs_open): Likewise.
* libtrivfs/priv.h (_is_privileged): New function.
* libtrivfs/trivfs.h (struct peropen): Clarify what 'isroot' means.
-rw-r--r-- | libtrivfs/io-reauthenticate.c | 3 | ||||
-rw-r--r-- | libtrivfs/io-restrict-auth.c | 4 | ||||
-rw-r--r-- | libtrivfs/open.c | 2 | ||||
-rw-r--r-- | libtrivfs/priv.h | 9 | ||||
-rw-r--r-- | libtrivfs/trivfs.h | 3 |
5 files changed, 14 insertions, 7 deletions
diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c index 35775e57..72684e35 100644 --- a/libtrivfs/io-reauthenticate.c +++ b/libtrivfs/io-reauthenticate.c @@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred, return err; mach_port_deallocate (mach_task_self (), newright); - if (idvec_contains (newcred->user->uids, 0)) - newcred->isroot = 1; + newcred->isroot = _is_privileged (newcred->user->uids); newcred->hook = cred->hook; newcred->po = cred->po; diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c index cb4224dc..6c807f17 100644 --- a/libtrivfs/io-restrict-auth.c +++ b/libtrivfs/io-restrict-auth.c @@ -109,11 +109,9 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred, return err; } - newcred->isroot = 0; newcred->po = cred->po; refcount_ref (&newcred->po->refcnt); - if (cred->isroot && idvec_contains (user->uids, 0)) - newcred->isroot = 1; + newcred->isroot = cred->isroot && _is_privileged (user->uids); newcred->user = user; newcred->hook = cred->hook; diff --git a/libtrivfs/open.c b/libtrivfs/open.c index 97e70a16..35a9452c 100644 --- a/libtrivfs/open.c +++ b/libtrivfs/open.c @@ -56,7 +56,7 @@ trivfs_open (struct trivfs_control *cntl, if (! err) { new->user = user; - new->isroot = idvec_contains (user->uids, 0); + new->isroot = _is_privileged (user->uids); new->po = po; new->hook = 0; diff --git a/libtrivfs/priv.h b/libtrivfs/priv.h index d92fe336..4bdd4f77 100644 --- a/libtrivfs/priv.h +++ b/libtrivfs/priv.h @@ -21,6 +21,15 @@ #include <mach.h> #include <hurd.h> #include <hurd/ports.h> +#include <idvec.h> +#include <unistd.h> #include "trivfs.h" +/* Returns true if UIDS contains either 0 or our user id. */ +static inline int +_is_privileged (struct idvec *uids) +{ + return idvec_contains (uids, 0) || idvec_contains (uids, getuid ()); +} + #endif diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h index d81c4f93..49cc765f 100644 --- a/libtrivfs/trivfs.h +++ b/libtrivfs/trivfs.h @@ -30,7 +30,8 @@ struct trivfs_protid { struct port_info pi; struct iouser *user; - int isroot; + int isroot; /* Opened by a privileged user, either + root or our own user. */ /* REALNODE will be null if this protid wasn't fully created (currently only in the case where trivfs_protid_create_hook returns an error). */ mach_port_t realnode; /* restricted permissions */ |