RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 13:38:11 +00:00
Code Issues Activity Actions

Kernel: Mark Process::jail() method as const

Browse source 
We really don't want callers of this function to accidentally change
the jail, or even worse - remove the Process from an attached jail.
To ensure this never happens, we can just declare this method as const
so nobody can mutate it this way.
This commit is contained in:
Liav A 2023-01-06 10:08:22 +02:00 committed by Ali Mohammad Pur
parent a03d42b098
commit 04221a7533
6 changed files with 13 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Syscalls/execve.cpp
View file

@ -474,7 +474,7 @@ ErrorOr<void> Process::do_exec(NonnullLockRefPtr<OpenFileDescription> main_progr
VERIFY(!Processor::in_critical());
auto main_program_metadata = main_program_description->metadata();
// NOTE: Don't allow running SUID binaries at all if we are in a jail.
TRY(Process::current().jail().with([&](auto& my_jail) -> ErrorOr<void> {
TRY(Process::current().jail().with([&](auto const& my_jail) -> ErrorOr<void> {
if (my_jail && (main_program_metadata.is_setuid() || main_program_metadata.is_setgid())) {
return Error::from_errno(EPERM);
}