mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-23 18:02:05 -05:00
Code Issues Projects Releases Packages Wiki Activity

Kernel: Make LocalSocket do chown/chmod through VFS

Browse source 
This ensures that all the permissions checks are made against the
provided credentials. Previously we were just calling through directly
to the inode setters, which did no security checks!
This commit is contained in:
Andreas Kling 2022-08-21 16:22:34 +02:00
parent dbe182f1c6
commit 8d0bd3f225
1 changed files with 12 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
Kernel/Net/LocalSocket.cpp
View file

@ -445,25 +445,25 @@ ErrorOr<void> LocalSocket::ioctl(OpenFileDescription& description, unsigned requ
return EINVAL;
}
ErrorOr<void> LocalSocket::chmod(Credentials const&, OpenFileDescription&, mode_t mode)
ErrorOr<void> LocalSocket::chmod(Credentials const& credentials, OpenFileDescription& description, mode_t mode)
{
// FIXME: Use the credentials.
auto inode = m_inode.strong_ref();
if (inode)
return inode->chmod(mode);
if (m_inode) {
if (auto custody = description.custody())
return VirtualFileSystem::the().chmod(credentials, *custody, mode);
VERIFY_NOT_REACHED();
}
m_prebind_mode = mode & 0777;
return {};
}
ErrorOr<void> LocalSocket::chown(Credentials const& credentials, OpenFileDescription&, UserID uid, GroupID gid)
ErrorOr<void> LocalSocket::chown(Credentials const& credentials, OpenFileDescription& description, UserID uid, GroupID gid)
{
// FIXME: Use the credentials.
auto inode = m_inode.strong_ref();
if (inode)
return inode->chown(uid, gid);
if (m_inode) {
if (auto custody = description.custody())
return VirtualFileSystem::the().chown(credentials, *custody, uid, gid);
VERIFY_NOT_REACHED();
}
if (!credentials.is_superuser() && (credentials.euid() != uid || !credentials.in_group(gid)))
return set_so_error(EPERM);