1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-24 16:47:42 +00:00

Kernel+Userland: Implement setuid() and setgid() and add /bin/su

Also show setuid and setgid bits in "ls -l" output. :^)
This commit is contained in:
Andreas Kling 2019-02-21 23:35:07 +01:00
parent 6071a77e8e
commit 920e8e58ed
9 changed files with 79 additions and 8 deletions

View file

@ -1,2 +1,3 @@
root:x:0:0:root:/:/bin/sh
anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
nona:x:200:200:Nona,,,:/home/nona:/bin/sh

View file

@ -411,6 +411,11 @@ int Process::do_exec(String path, Vector<String> arguments, Vector<String> envir
m_initial_arguments = move(arguments);
m_initial_environment = move(environment);
if (descriptor->metadata().is_setuid())
m_euid = descriptor->metadata().uid;
if (descriptor->metadata().is_setgid())
m_egid = descriptor->metadata().gid;
#ifdef TASK_DEBUG
kprintf("Process %u (%s) exec'd %s @ %p\n", pid(), name().characters(), path.characters(), m_tss.eip);
#endif
@ -1352,14 +1357,22 @@ int Process::sys$killpg(int pgrp, int signum)
ASSERT_NOT_REACHED();
}
int Process::sys$setuid(uid_t)
int Process::sys$setuid(uid_t uid)
{
ASSERT_NOT_REACHED();
if (uid != m_uid && !is_superuser())
return -EPERM;
m_uid = uid;
m_euid = uid;
return 0;
}
int Process::sys$setgid(gid_t)
int Process::sys$setgid(gid_t gid)
{
ASSERT_NOT_REACHED();
if (gid != m_gid && !is_superuser())
return -EPERM;
m_gid = gid;
m_egid = gid;
return 0;
}
unsigned Process::sys$alarm(unsigned seconds)
@ -1900,7 +1913,7 @@ int Process::sys$getgroups(int count, gid_t* gids)
int Process::sys$setgroups(size_t count, const gid_t* gids)
{
if (!is_root())
if (!is_superuser())
return -EPERM;
if (count >= MAX_PROCESS_GIDS)
return -EINVAL;

View file

@ -283,7 +283,7 @@ public:
Process* fork(RegisterDump&);
int exec(String path, Vector<String> arguments, Vector<String> environment);
bool is_root() const { return m_euid == 0; }
bool is_superuser() const { return m_euid == 0; }
bool wakeup_requested() { return m_wakeup_requested; }
void request_wakeup() { m_wakeup_requested = true; }

View file

@ -32,7 +32,10 @@ ln -s /proc/self/fd/0 mnt/dev/stdin
ln -s /proc/self/fd/1 mnt/dev/stdout
ln -s /proc/self/fd/2 mnt/dev/stderr
cp -vR ../Base/* mnt/
mkdir mnt/home/anon
mkdir mnt/home/nona
chown -vR 100:100 mnt/home/anon
chown -vR 200:200 mnt/home/nona
cp -v ../Userland/sh mnt/bin/sh
cp -v ../Userland/id mnt/bin/id
cp -v ../Userland/ps mnt/bin/ps
@ -65,6 +68,8 @@ cp -v ../Userland/chmod mnt/bin/chmod
cp -v ../Userland/top mnt/bin/top
cp -v ../Userland/ln mnt/bin/ln
cp -v ../Userland/df mnt/bin/df
cp -v ../Userland/su mnt/bin/su
chmod 4755 mnt/bin/su
cp -v ../Applications/Terminal/Terminal mnt/bin/Terminal
cp -v ../Applications/FontEditor/FontEditor mnt/bin/FontEditor
cp -v ../Applications/Launcher/Launcher mnt/bin/Launcher

View file

@ -31,6 +31,8 @@ gid_t getgid();
pid_t getpid();
int getgroups(int size, gid_t list[]);
int setgroups(size_t, const gid_t*);
int setuid(uid_t);
int setgid(gid_t);
pid_t tcgetpgrp(int fd);
int tcsetpgrp(int fd, pid_t pgid);
int open(const char* path, int options, ...);

1
Userland/.gitignore vendored
View file

@ -33,3 +33,4 @@ chmod
pape
ln
df
su

View file

@ -29,6 +29,7 @@ OBJS = \
top.o \
df.o \
ln.o \
su.o \
rm.o
APPS = \
@ -63,6 +64,7 @@ APPS = \
top \
ln \
df \
su \
rm
ARCH_FLAGS =
@ -179,6 +181,9 @@ ln: ln.o
df: df.o
$(LD) -o $@ $(LDFLAGS) $< ../LibC/LibC.a
su: su.o
$(LD) -o $@ $(LDFLAGS) $< ../LibC/LibC.a
.cpp.o:
@echo "CXX $<"; $(CXX) $(CXXFLAGS) -o $@ -c $<

View file

@ -148,10 +148,10 @@ int do_dir(const char* path)
printf("%c%c%c%c%c%c%c%c",
st.st_mode & S_IRUSR ? 'r' : '-',
st.st_mode & S_IWUSR ? 'w' : '-',
st.st_mode & S_IXUSR ? 'x' : '-',
st.st_mode & S_ISUID ? 's' : (st.st_mode & S_IXUSR ? 'x' : '-'),
st.st_mode & S_IRGRP ? 'r' : '-',
st.st_mode & S_IWGRP ? 'w' : '-',
st.st_mode & S_IXGRP ? 'x' : '-',
st.st_mode & S_ISGID ? 's' : (st.st_mode & S_IXGRP ? 'x' : '-'),
st.st_mode & S_IROTH ? 'r' : '-',
st.st_mode & S_IWOTH ? 'w' : '-'
);

44
Userland/su.cpp Normal file
View file

@ -0,0 +1,44 @@
#include <unistd.h>
#include <stdio.h>
#include <pwd.h>
#include <grp.h>
#include <alloca.h>
extern "C" int main(int, char**);
int main(int argc, char** argv)
{
uid_t uid;
gid_t gid;
if (argc == 1) {
uid = 0;
gid = 0;
} else {
auto* pwd = getpwnam(argv[1]);
if (!pwd) {
fprintf(stderr, "No such user: %s\n", argv[1]);
return 1;
}
uid = pwd->pw_uid;
gid = pwd->pw_gid;
}
int rc = setgid(uid);
if (rc < 0) {
perror("setgid");
return 1;
}
rc = setuid(gid);
if (rc < 0) {
perror("setuid");
return 1;
}
rc = execl("/bin/sh", "sh", nullptr);
if (rc < 0) {
perror("execl");
return 1;
}
return 0;
}