From 8d0bd3f225786c0ee36e0ec4297b8115290b709a Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Sun, 21 Aug 2022 16:22:34 +0200 Subject: [PATCH] Kernel: Make LocalSocket do chown/chmod through VFS This ensures that all the permissions checks are made against the provided credentials. Previously we were just calling through directly to the inode setters, which did no security checks! --- Kernel/Net/LocalSocket.cpp | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/Kernel/Net/LocalSocket.cpp b/Kernel/Net/LocalSocket.cpp index d532dbad25..a31c16e242 100644 --- a/Kernel/Net/LocalSocket.cpp +++ b/Kernel/Net/LocalSocket.cpp @@ -445,25 +445,25 @@ ErrorOr LocalSocket::ioctl(OpenFileDescription& description, unsigned requ return EINVAL; } -ErrorOr LocalSocket::chmod(Credentials const&, OpenFileDescription&, mode_t mode) +ErrorOr LocalSocket::chmod(Credentials const& credentials, OpenFileDescription& description, mode_t mode) { - // FIXME: Use the credentials. - - auto inode = m_inode.strong_ref(); - if (inode) - return inode->chmod(mode); + if (m_inode) { + if (auto custody = description.custody()) + return VirtualFileSystem::the().chmod(credentials, *custody, mode); + VERIFY_NOT_REACHED(); + } m_prebind_mode = mode & 0777; return {}; } -ErrorOr LocalSocket::chown(Credentials const& credentials, OpenFileDescription&, UserID uid, GroupID gid) +ErrorOr LocalSocket::chown(Credentials const& credentials, OpenFileDescription& description, UserID uid, GroupID gid) { - // FIXME: Use the credentials. - - auto inode = m_inode.strong_ref(); - if (inode) - return inode->chown(uid, gid); + if (m_inode) { + if (auto custody = description.custody()) + return VirtualFileSystem::the().chown(credentials, *custody, uid, gid); + VERIFY_NOT_REACHED(); + } if (!credentials.is_superuser() && (credentials.euid() != uid || !credentials.in_group(gid))) return set_so_error(EPERM);