From 84ac957d7ae09e20bd817500d3bd718742b9f0a0 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Tue, 4 Apr 2023 16:49:42 +0200 Subject: [PATCH] Kernel: Make Credentials the authority on process SID The SID was duplicated between the process credentials and protected data. And to make matters worse, the credentials SID was not updated in sys$setsid. This patch fixes this by removing the SID from protected data and updating the credentials SID everywhere. --- Kernel/Process.h | 6 +----- Kernel/Syscalls/fork.cpp | 1 - Kernel/Syscalls/setpgid.cpp | 24 +++++++++++++++++++----- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/Kernel/Process.h b/Kernel/Process.h index deec474ded..b41be5b8a1 100644 --- a/Kernel/Process.h +++ b/Kernel/Process.h @@ -114,7 +114,6 @@ class Process final public: ProcessID pid { 0 }; ProcessID ppid { 0 }; - SessionID sid { 0 }; // FIXME: This should be a NonnullRefPtr RefPtr credentials; RefPtr process_group; @@ -233,10 +232,7 @@ public: { return with_protected_data([](auto& protected_data) { return protected_data.pid; }); } - SessionID sid() const - { - return with_protected_data([](auto& protected_data) { return protected_data.sid; }); - } + SessionID sid() const { return credentials()->sid(); } bool is_session_leader() const { return sid().value() == pid().value(); } ProcessGroupID pgid() const { diff --git a/Kernel/Syscalls/fork.cpp b/Kernel/Syscalls/fork.cpp index 22b20a13b8..d58e76d544 100644 --- a/Kernel/Syscalls/fork.cpp +++ b/Kernel/Syscalls/fork.cpp @@ -103,7 +103,6 @@ ErrorOr Process::sys$fork(RegisterState& regs) child_protected_data.execpromises = my_protected_data.execpromises.load(); child_protected_data.has_promises = my_protected_data.has_promises.load(); child_protected_data.has_execpromises = my_protected_data.has_execpromises.load(); - child_protected_data.sid = my_protected_data.sid; child_protected_data.credentials = my_protected_data.credentials; child_protected_data.umask = my_protected_data.umask; child_protected_data.signal_trampoline = my_protected_data.signal_trampoline; diff --git a/Kernel/Syscalls/setpgid.cpp b/Kernel/Syscalls/setpgid.cpp index c52da585b5..00c0db0faf 100644 --- a/Kernel/Syscalls/setpgid.cpp +++ b/Kernel/Syscalls/setpgid.cpp @@ -32,12 +32,26 @@ ErrorOr Process::sys$setsid() // NOTE: ProcessGroup::create_if_unused_pgid() will fail with EPERM // if a process group with the same PGID already exists. auto process_group = TRY(ProcessGroup::create_if_unused_pgid(ProcessGroupID(pid().value()))); - return with_mutable_protected_data([&](auto& protected_data) -> ErrorOr { + + auto new_sid = SessionID(pid().value()); + auto credentials = this->credentials(); + auto new_credentials = TRY(Credentials::create( + credentials->uid(), + credentials->gid(), + credentials->euid(), + credentials->egid(), + credentials->suid(), + credentials->sgid(), + credentials->extra_gids(), + new_sid, + credentials->pgid())); + + with_mutable_protected_data([&](auto& protected_data) { protected_data.tty = nullptr; protected_data.process_group = move(process_group); - protected_data.sid = pid().value(); - return protected_data.sid.value(); + protected_data.credentials = move(new_credentials); }); + return new_sid.value(); } ErrorOr Process::sys$getpgid(pid_t pid) @@ -114,7 +128,7 @@ ErrorOr Process::sys$setpgid(pid_t specified_pid, pid_t specified_pgid) } // FIXME: There are more EPERM conditions to check for here.. auto process_group = TRY(ProcessGroup::find_or_create(new_pgid)); - return process->with_mutable_protected_data([&process, &process_group, new_sid, new_pgid](auto& protected_data) -> ErrorOr { + return process->with_mutable_protected_data([&process, &process_group, new_pgid](auto& protected_data) -> ErrorOr { auto credentials = process->credentials(); auto new_credentials = TRY(Credentials::create( @@ -125,7 +139,7 @@ ErrorOr Process::sys$setpgid(pid_t specified_pid, pid_t specified_pgid) credentials->suid(), credentials->sgid(), credentials->extra_gids(), - new_sid, + credentials->sid(), new_pgid)); protected_data.credentials = move(new_credentials);