| kern_prot.c (71a057bc737b5014490a9a79c0d3ced40c70eba6) | kern_prot.c (56f21b9d74a516a6c2f67d09e1b6c588bfa54c6a) |
|---|---|
| 1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. --- 510 unchanged lines hidden (view full) --- 519 */ 520 if (uid != oldcred->cr_ruid && /* allow setuid(getuid()) */ 521#ifdef _POSIX_SAVED_IDS 522 uid != oldcred->cr_svuid && /* allow setuid(saved gid) */ 523#endif 524#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ 525 uid != oldcred->cr_uid && /* allow setuid(geteuid()) */ 526#endif | 1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. --- 510 unchanged lines hidden (view full) --- 519 */ 520 if (uid != oldcred->cr_ruid && /* allow setuid(getuid()) */ 521#ifdef _POSIX_SAVED_IDS 522 uid != oldcred->cr_svuid && /* allow setuid(saved gid) */ 523#endif 524#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ 525 uid != oldcred->cr_uid && /* allow setuid(geteuid()) */ 526#endif |
| 527 (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { | 527 (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { |
| 528 PROC_UNLOCK(p); 529 uifree(uip); 530 crfree(newcred); 531 return (error); 532 } 533 534 /* 535 * Copy credentials so other references do not see our changes. 536 */ 537 crcopy(newcred, oldcred); 538#ifdef _POSIX_SAVED_IDS 539 /* 540 * Do we have "appropriate privileges" (are we root or uid == euid) 541 * If so, we are changing the real uid and/or saved uid. 542 */ 543 if ( 544#ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */ 545 uid == oldcred->cr_uid || 546#endif | 528 PROC_UNLOCK(p); 529 uifree(uip); 530 crfree(newcred); 531 return (error); 532 } 533 534 /* 535 * Copy credentials so other references do not see our changes. 536 */ 537 crcopy(newcred, oldcred); 538#ifdef _POSIX_SAVED_IDS 539 /* 540 * Do we have "appropriate privileges" (are we root or uid == euid) 541 * If so, we are changing the real uid and/or saved uid. 542 */ 543 if ( 544#ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */ 545 uid == oldcred->cr_uid || 546#endif |
| 547 suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */ | 547 suser_cred(oldcred, SUSER_ALLOWJAIL) == 0) /* we are using privs */ |
| 548#endif 549 { 550 /* 551 * Set the real uid and transfer proc count to new user. 552 */ 553 if (uid != oldcred->cr_ruid) { 554 change_ruid(newcred, uip); 555 setsugid(p); --- 45 unchanged lines hidden (view full) --- 601 602 euid = uap->euid; 603 newcred = crget(); 604 euip = uifind(euid); 605 PROC_LOCK(p); 606 oldcred = p->p_ucred; 607 if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ 608 euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ | 548#endif 549 { 550 /* 551 * Set the real uid and transfer proc count to new user. 552 */ 553 if (uid != oldcred->cr_ruid) { 554 change_ruid(newcred, uip); 555 setsugid(p); --- 45 unchanged lines hidden (view full) --- 601 602 euid = uap->euid; 603 newcred = crget(); 604 euip = uifind(euid); 605 PROC_LOCK(p); 606 oldcred = p->p_ucred; 607 if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ 608 euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ |
| 609 (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { | 609 (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { |
| 610 PROC_UNLOCK(p); 611 uifree(euip); 612 crfree(newcred); 613 return (error); 614 } 615 /* 616 * Everything's okay, do it. Copy credentials so other references do 617 * not see our changes. --- 45 unchanged lines hidden (view full) --- 663 */ 664 if (gid != oldcred->cr_rgid && /* allow setgid(getgid()) */ 665#ifdef _POSIX_SAVED_IDS 666 gid != oldcred->cr_svgid && /* allow setgid(saved gid) */ 667#endif 668#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ 669 gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ 670#endif | 610 PROC_UNLOCK(p); 611 uifree(euip); 612 crfree(newcred); 613 return (error); 614 } 615 /* 616 * Everything's okay, do it. Copy credentials so other references do 617 * not see our changes. --- 45 unchanged lines hidden (view full) --- 663 */ 664 if (gid != oldcred->cr_rgid && /* allow setgid(getgid()) */ 665#ifdef _POSIX_SAVED_IDS 666 gid != oldcred->cr_svgid && /* allow setgid(saved gid) */ 667#endif 668#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ 669 gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ 670#endif |
| 671 (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { | 671 (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { |
| 672 PROC_UNLOCK(p); 673 crfree(newcred); 674 return (error); 675 } 676 677 crcopy(newcred, oldcred); 678#ifdef _POSIX_SAVED_IDS 679 /* 680 * Do we have "appropriate privileges" (are we root or gid == egid) 681 * If so, we are changing the real uid and saved gid. 682 */ 683 if ( 684#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ 685 gid == oldcred->cr_groups[0] || 686#endif | 672 PROC_UNLOCK(p); 673 crfree(newcred); 674 return (error); 675 } 676 677 crcopy(newcred, oldcred); 678#ifdef _POSIX_SAVED_IDS 679 /* 680 * Do we have "appropriate privileges" (are we root or gid == egid) 681 * If so, we are changing the real uid and saved gid. 682 */ 683 if ( 684#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ 685 gid == oldcred->cr_groups[0] || 686#endif |
| 687 suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */ | 687 suser_cred(oldcred, SUSER_ALLOWJAIL) == 0) /* we are using privs */ |
| 688#endif 689 { 690 /* 691 * Set real gid 692 */ 693 if (oldcred->cr_rgid != gid) { 694 change_rgid(newcred, gid); 695 setsugid(p); --- 42 unchanged lines hidden (view full) --- 738 int error; 739 740 egid = uap->egid; 741 newcred = crget(); 742 PROC_LOCK(p); 743 oldcred = p->p_ucred; 744 if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ 745 egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ | 688#endif 689 { 690 /* 691 * Set real gid 692 */ 693 if (oldcred->cr_rgid != gid) { 694 change_rgid(newcred, gid); 695 setsugid(p); --- 42 unchanged lines hidden (view full) --- 738 int error; 739 740 egid = uap->egid; 741 newcred = crget(); 742 PROC_LOCK(p); 743 oldcred = p->p_ucred; 744 if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ 745 egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ |
| 746 (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { | 746 (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { |
| 747 PROC_UNLOCK(p); 748 crfree(newcred); 749 return (error); 750 } 751 crcopy(newcred, oldcred); 752 if (oldcred->cr_groups[0] != egid) { 753 change_egid(newcred, egid); 754 setsugid(p); --- 29 unchanged lines hidden (view full) --- 784 error = copyin(uap->gidset, tempcred->cr_groups, ngrp * sizeof(gid_t)); 785 if (error != 0) { 786 crfree(tempcred); 787 return (error); 788 } 789 newcred = crget(); 790 PROC_LOCK(p); 791 oldcred = p->p_ucred; | 747 PROC_UNLOCK(p); 748 crfree(newcred); 749 return (error); 750 } 751 crcopy(newcred, oldcred); 752 if (oldcred->cr_groups[0] != egid) { 753 change_egid(newcred, egid); 754 setsugid(p); --- 29 unchanged lines hidden (view full) --- 784 error = copyin(uap->gidset, tempcred->cr_groups, ngrp * sizeof(gid_t)); 785 if (error != 0) { 786 crfree(tempcred); 787 return (error); 788 } 789 newcred = crget(); 790 PROC_LOCK(p); 791 oldcred = p->p_ucred; |
| 792 error = suser_cred(oldcred, PRISON_ROOT); | 792 error = suser_cred(oldcred, SUSER_ALLOWJAIL); |
| 793 if (error) { 794 PROC_UNLOCK(p); 795 crfree(newcred); 796 crfree(tempcred); 797 return (error); 798 } 799 800 /* --- 47 unchanged lines hidden (view full) --- 848 euip = uifind(euid); 849 ruip = uifind(ruid); 850 PROC_LOCK(p); 851 oldcred = p->p_ucred; 852 if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && 853 ruid != oldcred->cr_svuid) || 854 (euid != (uid_t)-1 && euid != oldcred->cr_uid && 855 euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && | 793 if (error) { 794 PROC_UNLOCK(p); 795 crfree(newcred); 796 crfree(tempcred); 797 return (error); 798 } 799 800 /* --- 47 unchanged lines hidden (view full) --- 848 euip = uifind(euid); 849 ruip = uifind(ruid); 850 PROC_LOCK(p); 851 oldcred = p->p_ucred; 852 if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && 853 ruid != oldcred->cr_svuid) || 854 (euid != (uid_t)-1 && euid != oldcred->cr_uid && 855 euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && |
| 856 (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { | 856 (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { |
| 857 PROC_UNLOCK(p); 858 uifree(ruip); 859 uifree(euip); 860 crfree(newcred); 861 return (error); 862 } 863 crcopy(newcred, oldcred); 864 if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { --- 39 unchanged lines hidden (view full) --- 904 rgid = uap->rgid; 905 newcred = crget(); 906 PROC_LOCK(p); 907 oldcred = p->p_ucred; 908 if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && 909 rgid != oldcred->cr_svgid) || 910 (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && 911 egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && | 857 PROC_UNLOCK(p); 858 uifree(ruip); 859 uifree(euip); 860 crfree(newcred); 861 return (error); 862 } 863 crcopy(newcred, oldcred); 864 if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { --- 39 unchanged lines hidden (view full) --- 904 rgid = uap->rgid; 905 newcred = crget(); 906 PROC_LOCK(p); 907 oldcred = p->p_ucred; 908 if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && 909 rgid != oldcred->cr_svgid) || 910 (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && 911 egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && |
| 912 (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { | 912 (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { |
| 913 PROC_UNLOCK(p); 914 crfree(newcred); 915 return (error); 916 } 917 918 crcopy(newcred, oldcred); 919 if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { 920 change_egid(newcred, egid); --- 51 unchanged lines hidden (view full) --- 972 ruid != oldcred->cr_svuid && 973 ruid != oldcred->cr_uid) || 974 (euid != (uid_t)-1 && euid != oldcred->cr_ruid && 975 euid != oldcred->cr_svuid && 976 euid != oldcred->cr_uid) || 977 (suid != (uid_t)-1 && suid != oldcred->cr_ruid && 978 suid != oldcred->cr_svuid && 979 suid != oldcred->cr_uid)) && | 913 PROC_UNLOCK(p); 914 crfree(newcred); 915 return (error); 916 } 917 918 crcopy(newcred, oldcred); 919 if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { 920 change_egid(newcred, egid); --- 51 unchanged lines hidden (view full) --- 972 ruid != oldcred->cr_svuid && 973 ruid != oldcred->cr_uid) || 974 (euid != (uid_t)-1 && euid != oldcred->cr_ruid && 975 euid != oldcred->cr_svuid && 976 euid != oldcred->cr_uid) || 977 (suid != (uid_t)-1 && suid != oldcred->cr_ruid && 978 suid != oldcred->cr_svuid && 979 suid != oldcred->cr_uid)) && |
| 980 (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { | 980 (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { |
| 981 PROC_UNLOCK(p); 982 uifree(ruip); 983 uifree(euip); 984 crfree(newcred); 985 return (error); 986 } 987 988 crcopy(newcred, oldcred); --- 51 unchanged lines hidden (view full) --- 1040 rgid != oldcred->cr_svgid && 1041 rgid != oldcred->cr_groups[0]) || 1042 (egid != (gid_t)-1 && egid != oldcred->cr_rgid && 1043 egid != oldcred->cr_svgid && 1044 egid != oldcred->cr_groups[0]) || 1045 (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && 1046 sgid != oldcred->cr_svgid && 1047 sgid != oldcred->cr_groups[0])) && | 981 PROC_UNLOCK(p); 982 uifree(ruip); 983 uifree(euip); 984 crfree(newcred); 985 return (error); 986 } 987 988 crcopy(newcred, oldcred); --- 51 unchanged lines hidden (view full) --- 1040 rgid != oldcred->cr_svgid && 1041 rgid != oldcred->cr_groups[0]) || 1042 (egid != (gid_t)-1 && egid != oldcred->cr_rgid && 1043 egid != oldcred->cr_svgid && 1044 egid != oldcred->cr_groups[0]) || 1045 (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && 1046 sgid != oldcred->cr_svgid && 1047 sgid != oldcred->cr_groups[0])) && |
| 1048 (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { | 1048 (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { |
| 1049 PROC_UNLOCK(p); 1050 crfree(newcred); 1051 return (error); 1052 } 1053 1054 crcopy(newcred, oldcred); 1055 if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { 1056 change_egid(newcred, egid); --- 171 unchanged lines hidden (view full) --- 1228int 1229suser_cred(struct ucred *cred, int flag) 1230{ 1231 1232 if (!suser_enabled) 1233 return (EPERM); 1234 if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0) 1235 return (EPERM); | 1049 PROC_UNLOCK(p); 1050 crfree(newcred); 1051 return (error); 1052 } 1053 1054 crcopy(newcred, oldcred); 1055 if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { 1056 change_egid(newcred, egid); --- 171 unchanged lines hidden (view full) --- 1228int 1229suser_cred(struct ucred *cred, int flag) 1230{ 1231 1232 if (!suser_enabled) 1233 return (EPERM); 1234 if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0) 1235 return (EPERM); |
| 1236 if (jailed(cred) && !(flag & PRISON_ROOT)) | 1236 if (jailed(cred) && !(flag & SUSER_ALLOWJAIL)) |
| 1237 return (EPERM); 1238 return (0); 1239} 1240 1241/* 1242 * Shortcut to hide contents of struct td and struct proc from the 1243 * caller, promoting binary compatibility. 1244 */ --- 74 unchanged lines hidden (view full) --- 1319 * References: *u1 and *u2 must not change during the call 1320 * u1 may equal u2, in which case only one reference is required 1321 */ 1322static int 1323cr_seeotheruids(struct ucred *u1, struct ucred *u2) 1324{ 1325 1326 if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { | 1237 return (EPERM); 1238 return (0); 1239} 1240 1241/* 1242 * Shortcut to hide contents of struct td and struct proc from the 1243 * caller, promoting binary compatibility. 1244 */ --- 74 unchanged lines hidden (view full) --- 1319 * References: *u1 and *u2 must not change during the call 1320 * u1 may equal u2, in which case only one reference is required 1321 */ 1322static int 1323cr_seeotheruids(struct ucred *u1, struct ucred *u2) 1324{ 1325 1326 if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { |
| 1327 if (suser_cred(u1, PRISON_ROOT) != 0) | 1327 if (suser_cred(u1, SUSER_ALLOWJAIL) != 0) |
| 1328 return (ESRCH); 1329 } 1330 return (0); 1331} 1332 1333/* 1334 * 'see_other_gids' determines whether or not visibility of processes 1335 * and sockets with credentials holding different real gids is possible --- 22 unchanged lines hidden (view full) --- 1358 match = 0; 1359 for (i = 0; i < u1->cr_ngroups; i++) { 1360 if (groupmember(u1->cr_groups[i], u2)) 1361 match = 1; 1362 if (match) 1363 break; 1364 } 1365 if (!match) { | 1328 return (ESRCH); 1329 } 1330 return (0); 1331} 1332 1333/* 1334 * 'see_other_gids' determines whether or not visibility of processes 1335 * and sockets with credentials holding different real gids is possible --- 22 unchanged lines hidden (view full) --- 1358 match = 0; 1359 for (i = 0; i < u1->cr_ngroups; i++) { 1360 if (groupmember(u1->cr_groups[i], u2)) 1361 match = 1; 1362 if (match) 1363 break; 1364 } 1365 if (!match) { |
| 1366 if (suser_cred(u1, PRISON_ROOT) != 0) | 1366 if (suser_cred(u1, SUSER_ALLOWJAIL) != 0) |
| 1367 return (ESRCH); 1368 } 1369 } 1370 return (0); 1371} 1372 1373/*- 1374 * Determine if u1 "can see" the subject specified by u2. --- 100 unchanged lines hidden (view full) --- 1475 case SIGUSR2: 1476 /* 1477 * Generally, permit job and terminal control 1478 * signals. 1479 */ 1480 break; 1481 default: 1482 /* Not permitted without privilege. */ | 1367 return (ESRCH); 1368 } 1369 } 1370 return (0); 1371} 1372 1373/*- 1374 * Determine if u1 "can see" the subject specified by u2. --- 100 unchanged lines hidden (view full) --- 1475 case SIGUSR2: 1476 /* 1477 * Generally, permit job and terminal control 1478 * signals. 1479 */ 1480 break; 1481 default: 1482 /* Not permitted without privilege. */ |
| 1483 error = suser_cred(cred, PRISON_ROOT); | 1483 error = suser_cred(cred, SUSER_ALLOWJAIL); |
| 1484 if (error) 1485 return (error); 1486 } 1487 } 1488 1489 /* 1490 * Generally, the target credential's ruid or svuid must match the 1491 * subject credential's ruid or euid. 1492 */ 1493 if (cred->cr_ruid != proc->p_ucred->cr_ruid && 1494 cred->cr_ruid != proc->p_ucred->cr_svuid && 1495 cred->cr_uid != proc->p_ucred->cr_ruid && 1496 cred->cr_uid != proc->p_ucred->cr_svuid) { 1497 /* Not permitted without privilege. */ | 1484 if (error) 1485 return (error); 1486 } 1487 } 1488 1489 /* 1490 * Generally, the target credential's ruid or svuid must match the 1491 * subject credential's ruid or euid. 1492 */ 1493 if (cred->cr_ruid != proc->p_ucred->cr_ruid && 1494 cred->cr_ruid != proc->p_ucred->cr_svuid && 1495 cred->cr_uid != proc->p_ucred->cr_ruid && 1496 cred->cr_uid != proc->p_ucred->cr_svuid) { 1497 /* Not permitted without privilege. */ |
| 1498 error = suser_cred(cred, PRISON_ROOT); | 1498 error = suser_cred(cred, SUSER_ALLOWJAIL); |
| 1499 if (error) 1500 return (error); 1501 } 1502 1503 return (0); 1504} 1505 1506 --- 52 unchanged lines hidden (view full) --- 1559 if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) 1560 return (error); 1561 if ((error = cr_seeothergids(td->td_ucred, p->p_ucred))) 1562 return (error); 1563 if (td->td_ucred->cr_ruid == p->p_ucred->cr_ruid) 1564 return (0); 1565 if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid) 1566 return (0); | 1499 if (error) 1500 return (error); 1501 } 1502 1503 return (0); 1504} 1505 1506 --- 52 unchanged lines hidden (view full) --- 1559 if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) 1560 return (error); 1561 if ((error = cr_seeothergids(td->td_ucred, p->p_ucred))) 1562 return (error); 1563 if (td->td_ucred->cr_ruid == p->p_ucred->cr_ruid) 1564 return (0); 1565 if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid) 1566 return (0); |
| 1567 if (suser_cred(td->td_ucred, PRISON_ROOT) == 0) | 1567 if (suser_cred(td->td_ucred, SUSER_ALLOWJAIL) == 0) |
| 1568 return (0); 1569 1570#ifdef CAPABILITIES | 1568 return (0); 1569 1570#ifdef CAPABILITIES |
| 1571 if (!cap_check(NULL, td, CAP_SYS_NICE, PRISON_ROOT)) | 1571 if (!cap_check(NULL, td, CAP_SYS_NICE, SUSER_ALLOWJAIL)) |
| 1572 return (0); 1573#endif 1574 1575 return (EPERM); 1576} 1577 1578/* 1579 * The 'unprivileged_proc_debug' flag may be used to disable a variety of --- 22 unchanged lines hidden (view full) --- 1602int 1603p_candebug(struct thread *td, struct proc *p) 1604{ 1605 int credentialchanged, error, grpsubset, i, uidsubset; 1606 1607 KASSERT(td == curthread, ("%s: td not curthread", __func__)); 1608 PROC_LOCK_ASSERT(p, MA_OWNED); 1609 if (!unprivileged_proc_debug) { | 1572 return (0); 1573#endif 1574 1575 return (EPERM); 1576} 1577 1578/* 1579 * The 'unprivileged_proc_debug' flag may be used to disable a variety of --- 22 unchanged lines hidden (view full) --- 1602int 1603p_candebug(struct thread *td, struct proc *p) 1604{ 1605 int credentialchanged, error, grpsubset, i, uidsubset; 1606 1607 KASSERT(td == curthread, ("%s: td not curthread", __func__)); 1608 PROC_LOCK_ASSERT(p, MA_OWNED); 1609 if (!unprivileged_proc_debug) { |
| 1610 error = suser_cred(td->td_ucred, PRISON_ROOT); | 1610 error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); |
| 1611 if (error) 1612 return (error); 1613 } 1614 if (td->td_proc == p) 1615 return (0); 1616 if ((error = prison_check(td->td_ucred, p->p_ucred))) 1617 return (error); 1618#ifdef MAC --- 35 unchanged lines hidden (view full) --- 1654 1655 /* 1656 * If p's gids aren't a subset, or the uids aren't a subset, 1657 * or the credential has changed, require appropriate privilege 1658 * for td to debug p. For POSIX.1e capabilities, this will 1659 * require CAP_SYS_PTRACE. 1660 */ 1661 if (!grpsubset || !uidsubset || credentialchanged) { | 1611 if (error) 1612 return (error); 1613 } 1614 if (td->td_proc == p) 1615 return (0); 1616 if ((error = prison_check(td->td_ucred, p->p_ucred))) 1617 return (error); 1618#ifdef MAC --- 35 unchanged lines hidden (view full) --- 1654 1655 /* 1656 * If p's gids aren't a subset, or the uids aren't a subset, 1657 * or the credential has changed, require appropriate privilege 1658 * for td to debug p. For POSIX.1e capabilities, this will 1659 * require CAP_SYS_PTRACE. 1660 */ 1661 if (!grpsubset || !uidsubset || credentialchanged) { |
| 1662 error = suser_cred(td->td_ucred, PRISON_ROOT); | 1662 error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); |
| 1663 if (error) 1664 return (error); 1665 } 1666 1667 /* Can't trace init when securelevel > 0. */ 1668 if (p == initproc) { 1669 error = securelevel_gt(td->td_ucred, 0); 1670 if (error) --- 251 unchanged lines hidden (view full) --- 1922/* ARGSUSED */ 1923int 1924setlogin(struct thread *td, struct setlogin_args *uap) 1925{ 1926 struct proc *p = td->td_proc; 1927 int error; 1928 char logintmp[MAXLOGNAME]; 1929 | 1663 if (error) 1664 return (error); 1665 } 1666 1667 /* Can't trace init when securelevel > 0. */ 1668 if (p == initproc) { 1669 error = securelevel_gt(td->td_ucred, 0); 1670 if (error) --- 251 unchanged lines hidden (view full) --- 1922/* ARGSUSED */ 1923int 1924setlogin(struct thread *td, struct setlogin_args *uap) 1925{ 1926 struct proc *p = td->td_proc; 1927 int error; 1928 char logintmp[MAXLOGNAME]; 1929 |
| 1930 error = suser_cred(td->td_ucred, PRISON_ROOT); | 1930 error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); |
| 1931 if (error) 1932 return (error); 1933 error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL); 1934 if (error == ENAMETOOLONG) 1935 error = EINVAL; 1936 else if (!error) { 1937 PROC_LOCK(p); 1938 SESS_LOCK(p->p_session); --- 105 unchanged lines hidden --- | 1931 if (error) 1932 return (error); 1933 error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL); 1934 if (error == ENAMETOOLONG) 1935 error = EINVAL; 1936 else if (!error) { 1937 PROC_LOCK(p); 1938 SESS_LOCK(p->p_session); --- 105 unchanged lines hidden --- |