diff --git a/Kernel/Coredump.cpp b/Kernel/Coredump.cpp index a99b858d74..1348f232f8 100644 --- a/Kernel/Coredump.cpp +++ b/Kernel/Coredump.cpp @@ -346,7 +346,7 @@ ErrorOr Coredump::write() TRY(write_regions()); TRY(write_notes_segment(builder.bytes())); - return m_description->chmod(0600); // Make coredump file read/writable + return m_description->chmod(Process::current().credentials(), 0600); // Make coredump file read/writable } } diff --git a/Kernel/FileSystem/File.h b/Kernel/FileSystem/File.h index 51206f8b7a..0679639326 100644 --- a/Kernel/FileSystem/File.h +++ b/Kernel/FileSystem/File.h @@ -98,8 +98,8 @@ public: virtual ErrorOr truncate(u64) { return EINVAL; } virtual ErrorOr sync() { return EINVAL; } - virtual ErrorOr chown(OpenFileDescription&, UserID, GroupID) { return EBADF; } - virtual ErrorOr chmod(OpenFileDescription&, mode_t) { return EBADF; } + virtual ErrorOr chown(Credentials const&, OpenFileDescription&, UserID, GroupID) { return EBADF; } + virtual ErrorOr chmod(Credentials const&, OpenFileDescription&, mode_t) { return EBADF; } virtual StringView class_name() const = 0; diff --git a/Kernel/FileSystem/InodeFile.cpp b/Kernel/FileSystem/InodeFile.cpp index 2696ae6793..ac61916892 100644 --- a/Kernel/FileSystem/InodeFile.cpp +++ b/Kernel/FileSystem/InodeFile.cpp @@ -115,18 +115,18 @@ ErrorOr InodeFile::sync() return {}; } -ErrorOr InodeFile::chown(OpenFileDescription& description, UserID uid, GroupID gid) +ErrorOr InodeFile::chown(Credentials const& credentials, OpenFileDescription& description, UserID uid, GroupID gid) { VERIFY(description.inode() == m_inode); VERIFY(description.custody()); - return VirtualFileSystem::the().chown(Process::current().credentials(), *description.custody(), uid, gid); + return VirtualFileSystem::the().chown(credentials, *description.custody(), uid, gid); } -ErrorOr InodeFile::chmod(OpenFileDescription& description, mode_t mode) +ErrorOr InodeFile::chmod(Credentials const& credentials, OpenFileDescription& description, mode_t mode) { VERIFY(description.inode() == m_inode); VERIFY(description.custody()); - return VirtualFileSystem::the().chmod(Process::current().credentials(), *description.custody(), mode); + return VirtualFileSystem::the().chmod(credentials, *description.custody(), mode); } } diff --git a/Kernel/FileSystem/InodeFile.h b/Kernel/FileSystem/InodeFile.h index 88576d9c0b..0b5b6f9c69 100644 --- a/Kernel/FileSystem/InodeFile.h +++ b/Kernel/FileSystem/InodeFile.h @@ -40,8 +40,8 @@ public: virtual ErrorOr truncate(u64) override; virtual ErrorOr sync() override; - virtual ErrorOr chown(OpenFileDescription&, UserID, GroupID) override; - virtual ErrorOr chmod(OpenFileDescription&, mode_t) override; + virtual ErrorOr chown(Credentials const&, OpenFileDescription&, UserID, GroupID) override; + virtual ErrorOr chmod(Credentials const&, OpenFileDescription&, mode_t) override; virtual StringView class_name() const override { return "InodeFile"sv; } diff --git a/Kernel/FileSystem/OpenFileDescription.cpp b/Kernel/FileSystem/OpenFileDescription.cpp index f7405d52a9..4331a5ec8c 100644 --- a/Kernel/FileSystem/OpenFileDescription.cpp +++ b/Kernel/FileSystem/OpenFileDescription.cpp @@ -430,14 +430,14 @@ void OpenFileDescription::set_file_flags(u32 flags) }); } -ErrorOr OpenFileDescription::chmod(mode_t mode) +ErrorOr OpenFileDescription::chmod(Credentials const& credentials, mode_t mode) { - return m_file->chmod(*this, mode); + return m_file->chmod(credentials, *this, mode); } -ErrorOr OpenFileDescription::chown(UserID uid, GroupID gid) +ErrorOr OpenFileDescription::chown(Credentials const& credentials, UserID uid, GroupID gid) { - return m_file->chown(*this, uid, gid); + return m_file->chown(credentials, *this, uid, gid); } FileBlockerSet& OpenFileDescription::blocker_set() diff --git a/Kernel/FileSystem/OpenFileDescription.h b/Kernel/FileSystem/OpenFileDescription.h index c4cdae2d49..951ea3f21a 100644 --- a/Kernel/FileSystem/OpenFileDescription.h +++ b/Kernel/FileSystem/OpenFileDescription.h @@ -50,7 +50,7 @@ public: ErrorOr read(UserOrKernelBuffer&, u64 offset, size_t); ErrorOr write(u64 offset, UserOrKernelBuffer const&, size_t); - ErrorOr chmod(mode_t); + ErrorOr chmod(Credentials const& credentials, mode_t); bool can_read() const; bool can_write() const; @@ -121,7 +121,7 @@ public: off_t offset() const; - ErrorOr chown(UserID, GroupID); + ErrorOr chown(Credentials const& credentials, UserID, GroupID); FileBlockerSet& blocker_set(); diff --git a/Kernel/Net/LocalSocket.cpp b/Kernel/Net/LocalSocket.cpp index c6c4e7e457..d532dbad25 100644 --- a/Kernel/Net/LocalSocket.cpp +++ b/Kernel/Net/LocalSocket.cpp @@ -445,8 +445,10 @@ ErrorOr LocalSocket::ioctl(OpenFileDescription& description, unsigned requ return EINVAL; } -ErrorOr LocalSocket::chmod(OpenFileDescription&, mode_t mode) +ErrorOr LocalSocket::chmod(Credentials const&, OpenFileDescription&, mode_t mode) { + // FIXME: Use the credentials. + auto inode = m_inode.strong_ref(); if (inode) return inode->chmod(mode); @@ -455,14 +457,15 @@ ErrorOr LocalSocket::chmod(OpenFileDescription&, mode_t mode) return {}; } -ErrorOr LocalSocket::chown(OpenFileDescription&, UserID uid, GroupID gid) +ErrorOr LocalSocket::chown(Credentials const& credentials, OpenFileDescription&, UserID uid, GroupID gid) { + // FIXME: Use the credentials. + auto inode = m_inode.strong_ref(); if (inode) return inode->chown(uid, gid); - auto& current_process = Process::current(); - if (!current_process.is_superuser() && (current_process.euid() != uid || !current_process.in_group(gid))) + if (!credentials.is_superuser() && (credentials.euid() != uid || !credentials.in_group(gid))) return set_so_error(EPERM); m_prebind_uid = uid; diff --git a/Kernel/Net/LocalSocket.h b/Kernel/Net/LocalSocket.h index 451c3b3fff..51f57c76b5 100644 --- a/Kernel/Net/LocalSocket.h +++ b/Kernel/Net/LocalSocket.h @@ -49,8 +49,8 @@ public: virtual ErrorOr recvfrom(OpenFileDescription&, UserOrKernelBuffer&, size_t, int flags, Userspace, Userspace, Time&) override; virtual ErrorOr getsockopt(OpenFileDescription&, int level, int option, Userspace, Userspace) override; virtual ErrorOr ioctl(OpenFileDescription&, unsigned request, Userspace arg) override; - virtual ErrorOr chown(OpenFileDescription&, UserID, GroupID) override; - virtual ErrorOr chmod(OpenFileDescription&, mode_t) override; + virtual ErrorOr chown(Credentials const&, OpenFileDescription&, UserID, GroupID) override; + virtual ErrorOr chmod(Credentials const&, OpenFileDescription&, mode_t) override; private: explicit LocalSocket(int type, NonnullOwnPtr client_buffer, NonnullOwnPtr server_buffer); diff --git a/Kernel/Syscalls/chmod.cpp b/Kernel/Syscalls/chmod.cpp index 0b5db76bd3..76350c8889 100644 --- a/Kernel/Syscalls/chmod.cpp +++ b/Kernel/Syscalls/chmod.cpp @@ -37,7 +37,7 @@ ErrorOr Process::sys$fchmod(int fd, mode_t mode) VERIFY_NO_PROCESS_BIG_LOCK(this); TRY(require_promise(Pledge::fattr)); auto description = TRY(open_file_description(fd)); - TRY(description->chmod(mode)); + TRY(description->chmod(credentials(), mode)); return 0; } diff --git a/Kernel/Syscalls/chown.cpp b/Kernel/Syscalls/chown.cpp index 29ab8c8703..1520668c87 100644 --- a/Kernel/Syscalls/chown.cpp +++ b/Kernel/Syscalls/chown.cpp @@ -17,7 +17,7 @@ ErrorOr Process::sys$fchown(int fd, UserID uid, GroupID gid) VERIFY_NO_PROCESS_BIG_LOCK(this); TRY(require_promise(Pledge::chown)); auto description = TRY(open_file_description(fd)); - TRY(description->chown(uid, gid)); + TRY(description->chown(credentials(), uid, gid)); return 0; }