Replace setuid, setgid with setreuid, setregid
This commit is contained in:
Jeremy Soller
parent
c5e0d77085
commit
1f28ec72b7
|
|
@ -5,11 +5,13 @@ use context;
|
||||||
use syscall::error::Result;
|
use syscall::error::Result;
|
||||||
|
|
||||||
pub fn resource() -> Result<Vec<u8>> {
|
pub fn resource() -> Result<Vec<u8>> {
|
||||||
let mut string = format!("{:<6}{:<6}{:<6}{:<6}{:<6}{:<6}{:<8}{:<6}{}\n",
|
let mut string = format!("{:<6}{:<6}{:<6}{:<6}{:<6}{:<6}{:<6}{:<6}{:<8}{:<6}{}\n",
|
||||||
"PID",
|
"PID",
|
||||||
"PPID",
|
"PPID",
|
||||||
"UID",
|
"RUID",
|
||||||
"GID",
|
"RGID",
|
||||||
|
"EUID",
|
||||||
|
"EGID",
|
||||||
"STAT",
|
"STAT",
|
||||||
"CPU",
|
"CPU",
|
||||||
"MEM",
|
"MEM",
|
||||||
|
|
@ -83,9 +85,11 @@ pub fn resource() -> Result<Vec<u8>> {
|
||||||
let name_bytes = context.name.lock();
|
let name_bytes = context.name.lock();
|
||||||
let name = str::from_utf8(&name_bytes).unwrap_or("");
|
let name = str::from_utf8(&name_bytes).unwrap_or("");
|
||||||
|
|
||||||
string.push_str(&format!("{:<6}{:<6}{:<6}{:<6}{:<6}{:<6}{:<8}{:<6}{}\n",
|
string.push_str(&format!("{:<6}{:<6}{:<6}{:<6}{:<6}{:<6}{:<6}{:<6}{:<8}{:<6}{}\n",
|
||||||
context.id.into(),
|
context.id.into(),
|
||||||
context.ppid.into(),
|
context.ppid.into(),
|
||||||
|
context.ruid,
|
||||||
|
context.rgid,
|
||||||
context.euid,
|
context.euid,
|
||||||
context.egid,
|
context.egid,
|
||||||
stat_string,
|
stat_string,
|
||||||
|
|
|
||||||
|
|
@ -86,8 +86,8 @@ pub extern fn syscall(a: usize, b: usize, c: usize, d: usize, e: usize, f: usize
|
||||||
SYS_GETGID => getgid(),
|
SYS_GETGID => getgid(),
|
||||||
SYS_GETEUID => geteuid(),
|
SYS_GETEUID => geteuid(),
|
||||||
SYS_GETEGID => getegid(),
|
SYS_GETEGID => getegid(),
|
||||||
SYS_SETUID => setuid(b as u32),
|
SYS_SETREUID => setreuid(b as u32, c as u32),
|
||||||
SYS_SETGID => setgid(b as u32),
|
SYS_SETREGID => setregid(b as u32, c as u32),
|
||||||
SYS_SETNS => setns(validate_slice(b as *const [usize; 2], c)?),
|
SYS_SETNS => setns(validate_slice(b as *const [usize; 2], c)?),
|
||||||
SYS_PIPE2 => pipe2(validate_slice_mut(b as *mut usize, 2)?, c),
|
SYS_PIPE2 => pipe2(validate_slice_mut(b as *mut usize, 2)?, c),
|
||||||
SYS_PHYSALLOC => physalloc(b),
|
SYS_PHYSALLOC => physalloc(b),
|
||||||
|
|
|
||||||
|
|
@ -33,26 +33,52 @@ pub fn getuid() -> Result<usize> {
|
||||||
Ok(context.ruid as usize)
|
Ok(context.ruid as usize)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn setgid(gid: u32) -> Result<usize> {
|
pub fn setregid(rgid: u32, egid: u32) -> Result<usize> {
|
||||||
let contexts = context::contexts();
|
let contexts = context::contexts();
|
||||||
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
|
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
|
||||||
let mut context = context_lock.write();
|
let mut context = context_lock.write();
|
||||||
if context.egid == 0 {
|
|
||||||
context.rgid = gid;
|
if (context.euid == 0
|
||||||
context.egid = gid;
|
|| rgid as i32 == -1
|
||||||
|
|| rgid == context.egid
|
||||||
|
|| rgid == context.rgid)
|
||||||
|
&& (context.euid == 0
|
||||||
|
|| egid as i32 == -1
|
||||||
|
|| egid == context.egid
|
||||||
|
|| egid == context.rgid)
|
||||||
|
{
|
||||||
|
if rgid as i32 != -1 {
|
||||||
|
context.rgid = rgid;
|
||||||
|
}
|
||||||
|
if egid as i32 != -1 {
|
||||||
|
context.egid = egid;
|
||||||
|
}
|
||||||
Ok(0)
|
Ok(0)
|
||||||
} else {
|
} else {
|
||||||
Err(Error::new(EPERM))
|
Err(Error::new(EPERM))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn setuid(uid: u32) -> Result<usize> {
|
pub fn setreuid(ruid: u32, euid: u32) -> Result<usize> {
|
||||||
let contexts = context::contexts();
|
let contexts = context::contexts();
|
||||||
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
|
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
|
||||||
let mut context = context_lock.write();
|
let mut context = context_lock.write();
|
||||||
if context.euid == 0 {
|
|
||||||
context.ruid = uid;
|
if (context.euid == 0
|
||||||
context.euid = uid;
|
|| ruid as i32 == -1
|
||||||
|
|| ruid == context.euid
|
||||||
|
|| ruid == context.ruid)
|
||||||
|
&& (context.euid == 0
|
||||||
|
|| euid as i32 == -1
|
||||||
|
|| euid == context.euid
|
||||||
|
|| euid == context.ruid)
|
||||||
|
{
|
||||||
|
if ruid as i32 != -1 {
|
||||||
|
context.ruid = ruid;
|
||||||
|
}
|
||||||
|
if euid as i32 != -1 {
|
||||||
|
context.euid = euid;
|
||||||
|
}
|
||||||
Ok(0)
|
Ok(0)
|
||||||
} else {
|
} else {
|
||||||
Err(Error::new(EPERM))
|
Err(Error::new(EPERM))
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ use self::syscall::data::{Stat, TimeSpec};
|
||||||
pub use self::syscall::error::*;
|
pub use self::syscall::error::*;
|
||||||
pub use self::syscall::flag::*;
|
pub use self::syscall::flag::*;
|
||||||
pub use self::syscall::{
|
pub use self::syscall::{
|
||||||
clock_gettime, clone, execve as exec, exit, futex, getpid, kill, nanosleep, setgid, setuid, waitpid,
|
clock_gettime, clone, execve as exec, exit, futex, getpid, kill, nanosleep, setregid, setreuid, waitpid,
|
||||||
chdir, chmod, getcwd, open, mkdir, rmdir, unlink, dup, pipe2,
|
chdir, chmod, getcwd, open, mkdir, rmdir, unlink, dup, pipe2,
|
||||||
read, write, fcntl, fpath, fstat, fsync, ftruncate, lseek, close
|
read, write, fcntl, fpath, fstat, fsync, ftruncate, lseek, close
|
||||||
};
|
};
|
||||||
|
|
|
||||||
2
rust
2
rust
|
|
@ -1 +1 @@
|
||||||
Subproject commit f01add1a3bc3d86ee62f5819fa6ed9f79d453665
|
Subproject commit 2556400a5d4c9b56084332c29b6c91ac5cd3a9fa
|
||||||
2
syscall
2
syscall
|
|
@ -1 +1 @@
|
||||||
Subproject commit 7b8cc598909189526d8c0caa8057e4a6b23f0fdc
|
Subproject commit 8ce29a6ea29042d4101733cc25e84a013a74018a
|
||||||
Loading…
Reference in a new issue