RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-23 10:47:36 +00:00
Code Issues Activity Actions

Kernel: Add sid and pgid to Credentials

Browse source 
There are places in the kernel that would like to have access
to `pgid` credentials in certain circumstances.

I haven't found any use cases for `sid` yet, but `sid` and `pgid` are
both changed with `sys$setpgid`, so it seemed sensical to add it.

In Linux, `man 7 credentials` also mentions both the session id and
process group id, so this isn't unprecedented.
This commit is contained in:
yyny 2022-12-19 21:21:51 +01:00 committed by Andreas Kling
parent 456a8436b5
commit 9ca979846c
6 changed files with 62 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Kernel/Credentials.cpp
View file

@ -10,13 +10,13 @@
namespace Kernel {
ErrorOr<NonnullRefPtr<Credentials>> Credentials::create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids)
ErrorOr<NonnullRefPtr<Credentials>> Credentials::create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids, SessionID sid, ProcessGroupID pgid)
{
auto extra_gids_array = TRY(FixedArray<GroupID>::try_create(extra_gids));
return adopt_nonnull_ref_or_enomem(new (nothrow) Credentials(uid, gid, euid, egid, suid, sgid, move(extra_gids_array)));
return adopt_nonnull_ref_or_enomem(new (nothrow) Credentials(uid, gid, euid, egid, suid, sgid, move(extra_gids_array), sid, pgid));
}
Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids)
Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids, SessionID sid, ProcessGroupID pgid)
: m_uid(uid)
, m_gid(gid)
, m_euid(euid)
@ -24,6 +24,8 @@ Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, Use
, m_suid(suid)
, m_sgid(sgid)
, m_extra_gids(move(extra_gids))
, m_sid(sid)
, m_pgid(pgid)
{
}

8
Kernel/Credentials.h
View file

@ -14,7 +14,7 @@ namespace Kernel {
class Credentials final : public AtomicRefCounted<Credentials> {
public:
static ErrorOr<NonnullRefPtr<Credentials>> create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids);
static ErrorOr<NonnullRefPtr<Credentials>> create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids, SessionID sid, ProcessGroupID pgid);
~Credentials();
bool is_superuser() const { return euid() == 0; }
@ -26,11 +26,13 @@ public:
UserID suid() const { return m_suid; }
GroupID sgid() const { return m_sgid; }
Span<GroupID const> extra_gids() const { return m_extra_gids.span(); }
SessionID sid() const { return m_sid; };
ProcessGroupID pgid() const { return m_pgid; }
bool in_group(GroupID) const;
private:
Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids);
Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids, SessionID sid, ProcessGroupID pgid);
UserID m_uid;
GroupID m_gid;
@ -39,6 +41,8 @@ private:
UserID m_suid;
GroupID m_sgid;
FixedArray<GroupID> m_extra_gids;
SessionID m_sid;
ProcessGroupID m_pgid;
};
}

2
Kernel/Process.cpp
View file

@ -311,7 +311,7 @@ ErrorOr<NonnullLockRefPtr<Process>> Process::try_create(LockRefPtr<Thread>& firs
}
auto unveil_tree = UnveilNode { TRY(KString::try_create("/"sv)), UnveilMetadata(TRY(KString::try_create("/"sv))) };
auto exec_unveil_tree = UnveilNode { TRY(KString::try_create("/"sv)), UnveilMetadata(TRY(KString::try_create("/"sv))) };
auto credentials = TRY(Credentials::create(uid, gid, uid, gid, uid, gid, {}));
auto credentials = TRY(Credentials::create(uid, gid, uid, gid, uid, gid, {}, fork_parent ? fork_parent->sid() : 0, fork_parent ? fork_parent->pgid() : 0));
auto process = TRY(adopt_nonnull_lock_ref_or_enomem(new (nothrow) Process(move(name), move(credentials), ppid, is_kernel_process, move(current_directory), move(executable), tty, move(unveil_tree), move(exec_unveil_tree))));
TRY(process->attach_resources(new_address_space.release_nonnull(), first_thread, fork_parent));
return process;

4
Kernel/Syscalls/execve.cpp
View file

@ -540,7 +540,9 @@ ErrorOr<void> Process::do_exec(NonnullLockRefPtr<OpenFileDescription> main_progr
new_egid,
new_suid,
new_sgid,
old_credentials->extra_gids()));
old_credentials->extra_gids(),
old_credentials->sid(),
old_credentials->pgid()));
}
}

16
Kernel/Syscalls/setpgid.cpp
View file

@ -120,7 +120,23 @@ ErrorOr<FlatPtr> Process::sys$setpgid(pid_t specified_pid, pid_t specified_pgid)
}
// FIXME: There are more EPERM conditions to check for here..
process->m_pg = TRY(ProcessGroup::try_find_or_create(new_pgid));
return with_mutable_protected_data([&](auto& protected_data) -> ErrorOr<FlatPtr> {
auto credentials = this->credentials();
auto new_credentials = TRY(Credentials::create(
credentials->uid(),
credentials->gid(),
credentials->euid(),
credentials->egid(),
credentials->suid(),
credentials->sgid(),
credentials->extra_gids(),
new_sid,
new_pgid));
protected_data.credentials = move(new_credentials);
return 0;
});
}
}

40
Kernel/Syscalls/setuid.cpp
View file

@ -30,7 +30,9 @@ ErrorOr<FlatPtr> Process::sys$seteuid(UserID new_euid)
credentials->egid(),
credentials->suid(),
credentials->sgid(),
credentials->extra_gids()));
credentials->extra_gids(),
credentials->sid(),
credentials->pgid()));
if (credentials->euid() != new_euid)
protected_data.dumpable = false;
@ -61,7 +63,9 @@ ErrorOr<FlatPtr> Process::sys$setegid(GroupID new_egid)
new_egid,
credentials->suid(),
credentials->sgid(),
credentials->extra_gids()));
credentials->extra_gids(),
credentials->sid(),
credentials->pgid()));
if (credentials->egid() != new_egid)
protected_data.dumpable = false;
@ -92,7 +96,9 @@ ErrorOr<FlatPtr> Process::sys$setuid(UserID new_uid)
credentials->egid(),
new_uid,
credentials->sgid(),
credentials->extra_gids()));
credentials->extra_gids(),
credentials->sid(),
credentials->pgid()));
if (credentials->euid() != new_uid)
protected_data.dumpable = false;
@ -123,7 +129,9 @@ ErrorOr<FlatPtr> Process::sys$setgid(GroupID new_gid)
new_gid,
credentials->suid(),
new_gid,
credentials->extra_gids()));
credentials->extra_gids(),
credentials->sid(),
credentials->pgid()));
if (credentials->egid() != new_gid)
protected_data.dumpable = false;
@ -160,7 +168,9 @@ ErrorOr<FlatPtr> Process::sys$setreuid(UserID new_ruid, UserID new_euid)
credentials->egid(),
credentials->suid(),
credentials->sgid(),
credentials->extra_gids()));
credentials->extra_gids(),
credentials->sid(),
credentials->pgid()));
if (credentials->euid() != new_euid)
protected_data.dumpable = false;
@ -196,7 +206,9 @@ ErrorOr<FlatPtr> Process::sys$setresuid(UserID new_ruid, UserID new_euid, UserID
credentials->egid(),
new_suid,
credentials->sgid(),
credentials->extra_gids()));
credentials->extra_gids(),
credentials->sid(),
credentials->pgid()));
if (credentials->euid() != new_euid)
protected_data.dumpable = false;
@ -230,7 +242,9 @@ ErrorOr<FlatPtr> Process::sys$setregid(GroupID new_rgid, GroupID new_egid)
new_egid,
credentials->suid(),
credentials->sgid(),
credentials->extra_gids()));
credentials->extra_gids(),
credentials->sid(),
credentials->pgid()));
if (credentials->egid() != new_egid)
protected_data.dumpable = false;
@ -266,7 +280,9 @@ ErrorOr<FlatPtr> Process::sys$setresgid(GroupID new_rgid, GroupID new_egid, Grou
new_egid,
credentials->suid(),
new_sgid,
credentials->extra_gids()));
credentials->extra_gids(),
credentials->sid(),
credentials->pgid()));
if (credentials->egid() != new_egid)
protected_data.dumpable = false;
@ -298,7 +314,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*>
credentials->egid(),
credentials->suid(),
credentials->sgid(),
{}));
{},
credentials->sid(),
credentials->pgid()));
return 0;
}
@ -324,7 +342,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*>
credentials->egid(),
credentials->suid(),
credentials->sgid(),
new_extra_gids.span()));
new_extra_gids.span(),
credentials->sid(),
credentials->pgid()));
return 0;
});
}