RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-06-01 09:38:10 +00:00
Code Issues Activity Actions

Kernel: Make /proc/PID directories owned by the EUID:EGID

Browse source 
This is instead of the UID:GID, since that was allowing some very bad
information leaks like spawning "su" as an unprivileged user and having
full /proc access to it.

Work towards #4504.
This commit is contained in:
Andreas Kling 2020-12-25 17:56:02 +01:00
parent 057c1d4798
commit 3c9bd911b8
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Kernel/FileSystem/ProcFS.cpp
View file

@ -1138,8 +1138,8 @@ InodeMetadata ProcFSInode::metadata() const
ProcessID pid = to_pid(identifier()); ProcessID pid = to_pid(identifier());
auto process = Process::from_pid(pid); auto process = Process::from_pid(pid);
if (process) { if (process) {
metadata.uid = process->sys$getuid(); metadata.uid = process->euid();
metadata.gid = process->sys$getgid(); metadata.gid = process->egid();
} else { } else {
// TODO: How to handle this? // TODO: How to handle this?
metadata.uid = 0; metadata.uid = 0;
@ -1149,8 +1149,8 @@ InodeMetadata ProcFSInode::metadata() const
ThreadID tid = to_tid(identifier()); ThreadID tid = to_tid(identifier());
auto thread = Thread::from_tid(tid); auto thread = Thread::from_tid(tid);
if (thread) { if (thread) {
metadata.uid = thread->process().sys$getuid(); metadata.uid = thread->process().euid();
metadata.gid = thread->process().sys$getgid(); metadata.gid = thread->process().egid();
} else { } else {
// TODO: How to handle this? // TODO: How to handle this?
metadata.uid = 0; metadata.uid = 0;