RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 12:05:00 +00:00
Code Issues Activity Actions

Kernel: Use real UID/GID when checking for file access

Browse source 
This aligns the rest of the system with POSIX, who says that access(2)
must check against the real UID and GID, not effective ones.
This commit is contained in:
sin-ack 2022-10-01 12:03:46 +00:00 committed by Andrew Kaster
parent 3472c84d14
commit fa692e13f9
3 changed files with 20 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

15
Kernel/FileSystem/InodeMetadata.cpp
View file

@ -9,19 +9,22 @@
namespace Kernel {
bool InodeMetadata::may_read(Credentials const& credentials) const
bool InodeMetadata::may_read(Credentials const& credentials, UseEffectiveIDs use_effective_ids) const
{
return may_read(credentials.euid(), credentials.egid(), credentials.extra_gids());
bool eids = use_effective_ids == UseEffectiveIDs::Yes;
return may_read(eids ? credentials.euid() : credentials.uid(), eids ? credentials.egid() : credentials.gid(), credentials.extra_gids());
}
bool InodeMetadata::may_write(Credentials const& credentials) const
bool InodeMetadata::may_write(Credentials const& credentials, UseEffectiveIDs use_effective_ids) const
{
return may_write(credentials.euid(), credentials.egid(), credentials.extra_gids());
bool eids = use_effective_ids == UseEffectiveIDs::Yes;
return may_write(eids ? credentials.euid() : credentials.uid(), eids ? credentials.egid() : credentials.gid(), credentials.extra_gids());
}
bool InodeMetadata::may_execute(Credentials const& credentials) const
bool InodeMetadata::may_execute(Credentials const& credentials, UseEffectiveIDs use_effective_ids) const
{
return may_execute(credentials.euid(), credentials.egid(), credentials.extra_gids());
bool eids = use_effective_ids == UseEffectiveIDs::Yes;
return may_execute(eids ? credentials.euid() : credentials.uid(), eids ? credentials.egid() : credentials.gid(), credentials.extra_gids());
}
}