diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2001-05-25 16:59:11 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2001-05-25 16:59:11 +0000 |
| commit | b1fc0ec1a7a49dede256c4d357878fa2ba19cf93 (patch) | |
| tree | 75f6fb93b72acac3ddfbfb0c1cbfcefff13848a5 /sys/posix4 | |
| parent | 7edce08ac4f77962b15b2fca8a8e15ac67357f91 (diff) | |
Notes
Diffstat (limited to 'sys/posix4')
| -rw-r--r-- | sys/posix4/p1003_1b.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/sys/posix4/p1003_1b.c b/sys/posix4/p1003_1b.c index 569bb6f78f6e..cf2c7da20d10 100644 --- a/sys/posix4/p1003_1b.c +++ b/sys/posix4/p1003_1b.c @@ -68,16 +68,17 @@ MALLOC_DEFINE(M_P31B, "p1003.1b", "Posix 1003.1B"); /* * This is stolen from CANSIGNAL in kern_sig: * - * Can process p, with pcred pc, do "write flavor" operations to process q? + * Can process with credential cr1 do "write flavor" operations to credential + * cr2. This check needs to use generalized checks. */ -#define CAN_AFFECT(p, q) \ - (!suser_xxx(NULL, p, PRISON_ROOT) || \ - (p)->p_cred->pc_ruid == (q)->p_cred->p_ruid || \ - (p)->p_ucred->cr_uid == (q)->p_cred->p_ruid || \ - (p)->p_cred->pc_ruid == (q)->p_ucred->cr_uid || \ - (p)->p_ucred->cr_uid == (q)->p_ucred->cr_uid) +#define CAN_AFFECT(cr1, cr2) \ + (!suser_xxx(cr1, NULL, PRISON_ROOT) || \ + (c1)->cr_ruid == (cr2)->cr_ruid || \ + (c1)->cr_uid == (cr2)->cr_ruid || \ + (c1)->cr_ruid == (cr2)->cr_uid || \ + (c1)->cr_uid == (cr2)->cr_uid) #else -#define CAN_AFFECT(p, q) (!suser_xxx(NULL, p, PRISON_ROOT)) +#define CAN_AFFECT(cr1, cr2) (!suser_xxx(cr1, NULL, PRISON_ROOT)) #endif /* @@ -99,7 +100,7 @@ int p31b_proc(struct proc *p, pid_t pid, struct proc **pp) { /* Enforce permission policy. */ - if (CAN_AFFECT(p, other_proc)) + if (CAN_AFFECT(p->p_ucred, other_proc->p_ucred)) *pp = other_proc; else ret = EPERM; |