RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-28 07:35:08 +00:00
Code Issues Activity Actions

Kernel: Make /proc/PID directories owned by the EUID:EGID

Browse source 
This is instead of the UID:GID, since that was allowing some very bad
information leaks like spawning "su" as an unprivileged user and having
full /proc access to it.

Work towards #4504.
This commit is contained in:
Andreas Kling 2020-12-25 17:56:02 +01:00
parent 057c1d4798
commit 3c9bd911b8
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Kernel/FileSystem/ProcFS.cpp
View file

@ -1138,8 +1138,8 @@ InodeMetadata ProcFSInode::metadata() const
ProcessID pid = to_pid(identifier());
auto process = Process::from_pid(pid);
if (process) {
metadata.uid = process->sys$getuid();
metadata.gid = process->sys$getgid();
metadata.uid = process->euid();
metadata.gid = process->egid();
} else {
// TODO: How to handle this?
metadata.uid = 0;
@ -1149,8 +1149,8 @@ InodeMetadata ProcFSInode::metadata() const
ThreadID tid = to_tid(identifier());
auto thread = Thread::from_tid(tid);
if (thread) {
metadata.uid = thread->process().sys$getuid();
metadata.gid = thread->process().sys$getgid();
metadata.uid = thread->process().euid();
metadata.gid = thread->process().egid();
} else {
// TODO: How to handle this?
metadata.uid = 0;