diff options
| author | Justus Winter <justus@gnupg.org> | 2016-04-25 14:16:05 +0200 |
|---|---|---|
| committer | Justus Winter <justus@gnupg.org> | 2016-04-25 14:16:05 +0200 |
| commit | 92834e9990e01ce3633b30bf06e6d49fc1586eae (patch) | |
| tree | 31f30c557bcdab183194dbc3b2db596a2657d344 /debian/patches/fixes0002-xxx-fix-libtrivfs-for-unprivileged-users.patch | |
| parent | 7768121f557282d0af1a3d581ad78468ab87c4a6 (diff) | |
add patch series
Diffstat (limited to 'debian/patches/fixes0002-xxx-fix-libtrivfs-for-unprivileged-users.patch')
| -rw-r--r-- | debian/patches/fixes0002-xxx-fix-libtrivfs-for-unprivileged-users.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/debian/patches/fixes0002-xxx-fix-libtrivfs-for-unprivileged-users.patch b/debian/patches/fixes0002-xxx-fix-libtrivfs-for-unprivileged-users.patch new file mode 100644 index 00000000..685b35a6 --- /dev/null +++ b/debian/patches/fixes0002-xxx-fix-libtrivfs-for-unprivileged-users.patch @@ -0,0 +1,79 @@ +From e9a2b0863cb6bd62450d166606704bef79451e73 Mon Sep 17 00:00:00 2001 +From: Justus Winter <justus@gnupg.org> +Date: Mon, 25 Apr 2016 01:38:45 +0200 +Subject: [PATCH hurd 2/5] xxx fix libtrivfs' for unprivileged users + +--- + libtrivfs/io-reauthenticate.c | 3 +-- + libtrivfs/io-restrict-auth.c | 4 +--- + libtrivfs/open.c | 2 +- + libtrivfs/priv.h | 9 +++++++++ + 4 files changed, 12 insertions(+), 6 deletions(-) + +diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c +index 35775e5..72684e3 100644 +--- a/libtrivfs/io-reauthenticate.c ++++ b/libtrivfs/io-reauthenticate.c +@@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred, + return err; + + mach_port_deallocate (mach_task_self (), newright); +- if (idvec_contains (newcred->user->uids, 0)) +- newcred->isroot = 1; ++ newcred->isroot = _is_privileged (newcred->user->uids); + + newcred->hook = cred->hook; + newcred->po = cred->po; +diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c +index cb4224d..6c807f1 100644 +--- a/libtrivfs/io-restrict-auth.c ++++ b/libtrivfs/io-restrict-auth.c +@@ -109,11 +109,9 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred, + return err; + } + +- newcred->isroot = 0; + newcred->po = cred->po; + refcount_ref (&newcred->po->refcnt); +- if (cred->isroot && idvec_contains (user->uids, 0)) +- newcred->isroot = 1; ++ newcred->isroot = cred->isroot && _is_privileged (user->uids); + newcred->user = user; + newcred->hook = cred->hook; + +diff --git a/libtrivfs/open.c b/libtrivfs/open.c +index 97e70a1..35a9452 100644 +--- a/libtrivfs/open.c ++++ b/libtrivfs/open.c +@@ -56,7 +56,7 @@ trivfs_open (struct trivfs_control *cntl, + if (! err) + { + new->user = user; +- new->isroot = idvec_contains (user->uids, 0); ++ new->isroot = _is_privileged (user->uids); + + new->po = po; + new->hook = 0; +diff --git a/libtrivfs/priv.h b/libtrivfs/priv.h +index d92fe33..4bdd4f7 100644 +--- a/libtrivfs/priv.h ++++ b/libtrivfs/priv.h +@@ -21,6 +21,15 @@ + #include <mach.h> + #include <hurd.h> + #include <hurd/ports.h> ++#include <idvec.h> ++#include <unistd.h> + #include "trivfs.h" + ++/* Returns true if UIDS contains either 0 or our user id. */ ++static inline int ++_is_privileged (struct idvec *uids) ++{ ++ return idvec_contains (uids, 0) || idvec_contains (uids, getuid ()); ++} ++ + #endif +-- +2.1.4 + |