mirror of
https://github.com/SerenityOS/serenity.git
synced 2025-01-26 03:12:07 -05:00
01b79910b3
The compiler can re-order the structure (class) members if that's necessary, so if we make Process to inherit from ProcFSExposedComponent, even if the declaration is to inherit first from ProcessBase, then from ProcFSExposedComponent and last from Weakable<Process>, the members of class ProcFSExposedComponent (including the Ref-counted parts) are the first members of the Process class. This problem made it impossible to safely use the current toggling method with the write-protection bit on the ProcessBase members, so instead of inheriting from it, we make its members the last ones in the Process class so we can safely locate and modify the corresponding page write protection bit of these values. We make sure that the Process class doesn't expand beyond 8192 bytes and the protected values are always aligned on a page boundary.
195 lines
5 KiB
C++
195 lines
5 KiB
C++
/*
|
|
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
|
|
*
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*/
|
|
|
|
#include <Kernel/Process.h>
|
|
|
|
namespace Kernel {
|
|
|
|
KResultOr<FlatPtr> Process::sys$seteuid(uid_t new_euid)
|
|
{
|
|
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
|
|
REQUIRE_PROMISE(id);
|
|
|
|
if (new_euid != uid() && new_euid != suid() && !is_superuser())
|
|
return EPERM;
|
|
|
|
if (euid() != new_euid)
|
|
set_dumpable(false);
|
|
|
|
ProtectedDataMutationScope scope { *this };
|
|
|
|
m_protected_values.euid = new_euid;
|
|
return 0;
|
|
}
|
|
|
|
KResultOr<FlatPtr> Process::sys$setegid(gid_t new_egid)
|
|
{
|
|
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
|
|
REQUIRE_PROMISE(id);
|
|
|
|
if (new_egid != gid() && new_egid != sgid() && !is_superuser())
|
|
return EPERM;
|
|
|
|
if (egid() != new_egid)
|
|
set_dumpable(false);
|
|
|
|
ProtectedDataMutationScope scope { *this };
|
|
m_protected_values.egid = new_egid;
|
|
return 0;
|
|
}
|
|
|
|
KResultOr<FlatPtr> Process::sys$setuid(uid_t new_uid)
|
|
{
|
|
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
|
|
REQUIRE_PROMISE(id);
|
|
|
|
if (new_uid != uid() && new_uid != euid() && !is_superuser())
|
|
return EPERM;
|
|
|
|
if (euid() != new_uid)
|
|
set_dumpable(false);
|
|
|
|
ProtectedDataMutationScope scope { *this };
|
|
m_protected_values.uid = new_uid;
|
|
m_protected_values.euid = new_uid;
|
|
m_protected_values.suid = new_uid;
|
|
return 0;
|
|
}
|
|
|
|
KResultOr<FlatPtr> Process::sys$setgid(gid_t new_gid)
|
|
{
|
|
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
|
|
REQUIRE_PROMISE(id);
|
|
|
|
if (new_gid != gid() && new_gid != egid() && !is_superuser())
|
|
return EPERM;
|
|
|
|
if (egid() != new_gid)
|
|
set_dumpable(false);
|
|
|
|
ProtectedDataMutationScope scope { *this };
|
|
m_protected_values.gid = new_gid;
|
|
m_protected_values.egid = new_gid;
|
|
m_protected_values.sgid = new_gid;
|
|
return 0;
|
|
}
|
|
|
|
KResultOr<FlatPtr> Process::sys$setreuid(uid_t new_ruid, uid_t new_euid)
|
|
{
|
|
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
|
|
REQUIRE_PROMISE(id);
|
|
|
|
if (new_ruid == (uid_t)-1)
|
|
new_ruid = uid();
|
|
if (new_euid == (uid_t)-1)
|
|
new_euid = euid();
|
|
|
|
auto ok = [this](uid_t id) { return id == uid() || id == euid() || id == suid(); };
|
|
if (!ok(new_ruid) || !ok(new_euid))
|
|
return EPERM;
|
|
|
|
if (new_ruid < (uid_t)-1 || new_euid < (uid_t)-1)
|
|
return EINVAL;
|
|
|
|
if (euid() != new_euid)
|
|
set_dumpable(false);
|
|
|
|
ProtectedDataMutationScope scope { *this };
|
|
m_protected_values.uid = new_ruid;
|
|
m_protected_values.euid = new_euid;
|
|
return 0;
|
|
}
|
|
|
|
KResultOr<FlatPtr> Process::sys$setresuid(uid_t new_ruid, uid_t new_euid, uid_t new_suid)
|
|
{
|
|
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
|
|
REQUIRE_PROMISE(id);
|
|
|
|
if (new_ruid == (uid_t)-1)
|
|
new_ruid = uid();
|
|
if (new_euid == (uid_t)-1)
|
|
new_euid = euid();
|
|
if (new_suid == (uid_t)-1)
|
|
new_suid = suid();
|
|
|
|
auto ok = [this](uid_t id) { return id == uid() || id == euid() || id == suid(); };
|
|
if ((!ok(new_ruid) || !ok(new_euid) || !ok(new_suid)) && !is_superuser())
|
|
return EPERM;
|
|
|
|
if (euid() != new_euid)
|
|
set_dumpable(false);
|
|
|
|
ProtectedDataMutationScope scope { *this };
|
|
m_protected_values.uid = new_ruid;
|
|
m_protected_values.euid = new_euid;
|
|
m_protected_values.suid = new_suid;
|
|
return 0;
|
|
}
|
|
|
|
KResultOr<FlatPtr> Process::sys$setresgid(gid_t new_rgid, gid_t new_egid, gid_t new_sgid)
|
|
{
|
|
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
|
|
REQUIRE_PROMISE(id);
|
|
|
|
if (new_rgid == (gid_t)-1)
|
|
new_rgid = gid();
|
|
if (new_egid == (gid_t)-1)
|
|
new_egid = egid();
|
|
if (new_sgid == (gid_t)-1)
|
|
new_sgid = sgid();
|
|
|
|
auto ok = [this](gid_t id) { return id == gid() || id == egid() || id == sgid(); };
|
|
if ((!ok(new_rgid) || !ok(new_egid) || !ok(new_sgid)) && !is_superuser())
|
|
return EPERM;
|
|
|
|
if (egid() != new_egid)
|
|
set_dumpable(false);
|
|
|
|
ProtectedDataMutationScope scope { *this };
|
|
m_protected_values.gid = new_rgid;
|
|
m_protected_values.egid = new_egid;
|
|
m_protected_values.sgid = new_sgid;
|
|
return 0;
|
|
}
|
|
|
|
KResultOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<const gid_t*> user_gids)
|
|
{
|
|
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
|
|
REQUIRE_PROMISE(id);
|
|
if (!is_superuser())
|
|
return EPERM;
|
|
|
|
if (!count) {
|
|
ProtectedDataMutationScope scope { *this };
|
|
m_protected_values.extra_gids.clear();
|
|
return 0;
|
|
}
|
|
|
|
Vector<gid_t> new_extra_gids;
|
|
if (!new_extra_gids.try_resize(count))
|
|
return ENOMEM;
|
|
if (!copy_n_from_user(new_extra_gids.data(), user_gids, count))
|
|
return EFAULT;
|
|
|
|
HashTable<gid_t> unique_extra_gids;
|
|
for (auto& extra_gid : new_extra_gids) {
|
|
if (extra_gid != gid())
|
|
unique_extra_gids.set(extra_gid);
|
|
}
|
|
|
|
ProtectedDataMutationScope scope { *this };
|
|
if (!m_protected_values.extra_gids.try_resize(unique_extra_gids.size()))
|
|
return ENOMEM;
|
|
size_t i = 0;
|
|
for (auto& extra_gid : unique_extra_gids) {
|
|
if (extra_gid == gid())
|
|
continue;
|
|
m_protected_values.extra_gids[i++] = extra_gid;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
}
|