1 /* $NetBSD: sysv_ipc.c,v 1.7 1994/06/29 06:33:11 cgd Exp $ */ 2 /*- 3 * Copyright (c) 1994 Herb Peyerl <hpeyerl@novatel.ca> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. All advertising materials mentioning features or use of this software 15 * must display the following acknowledgement: 16 * This product includes software developed by Herb Peyerl. 17 * 4. The name of Herb Peyerl may not be used to endorse or promote products 18 * derived from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include "opt_sysvipc.h" 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/sem.h> 40 #include <sys/shm.h> 41 #include <sys/ipc.h> 42 #include <sys/proc.h> 43 #include <sys/ucred.h> 44 45 void (*shmfork_hook)(struct proc *, struct proc *) = NULL; 46 void (*shmexit_hook)(struct vmspace *) = NULL; 47 48 /* called from kern_fork.c */ 49 void 50 shmfork(p1, p2) 51 struct proc *p1, *p2; 52 { 53 54 if (shmfork_hook != NULL) 55 shmfork_hook(p1, p2); 56 return; 57 } 58 59 /* called from kern_exit.c */ 60 void 61 shmexit(struct vmspace *vm) 62 { 63 64 if (shmexit_hook != NULL) 65 shmexit_hook(vm); 66 return; 67 } 68 69 /* 70 * Check for IPC permission. 71 * 72 * Note: The MAC Framework does not require any modifications to the 73 * ipcperm() function, as access control checks are performed throughout the 74 * implementation of each primitive. Those entry point calls complement the 75 * ipcperm() discertionary checks. 76 */ 77 int 78 ipcperm(td, perm, mode) 79 struct thread *td; 80 struct ipc_perm *perm; 81 int mode; 82 { 83 struct ucred *cred = td->td_ucred; 84 int error; 85 86 if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) { 87 /* 88 * For a non-create/owner, we require privilege to 89 * modify the object protections. Note: some other 90 * implementations permit IPC_M to be delegated to 91 * unprivileged non-creator/owner uids/gids. 92 */ 93 if (mode & IPC_M) { 94 error = suser(td); 95 if (error) 96 return (error); 97 } 98 /* 99 * Try to match against creator/owner group; if not, fall 100 * back on other. 101 */ 102 mode >>= 3; 103 if (!groupmember(perm->gid, cred) && 104 !groupmember(perm->cgid, cred)) 105 mode >>= 3; 106 } else { 107 /* 108 * Always permit the creator/owner to update the object 109 * protections regardless of whether the object mode 110 * permits it. 111 */ 112 if (mode & IPC_M) 113 return (0); 114 } 115 116 if ((mode & perm->mode) != mode) { 117 if (suser(td) != 0) 118 return (EACCES); 119 } 120 return (0); 121 } 122