From 94ce9fa4c443ec9a0e6ecc92cb6b07534c321c75 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Mon, 25 Apr 2016 01:38:45 +0200 Subject: libtrivfs: fix notion of privileged user Set 'is_root' if the node has been opened by the root user (this was the old behavior) or if it has been opened by the user the translator is executing under. This fixes the irritating bug that an unprivileged user cannot control her own trivfs-based translators. It does not change how privileged trivfs translators work. * libtrivfs/io-reauthenticate.c (trivfs_S_io_reauthenticate): Use the new function to compute 'isroot'. * libtrivfs/io-restrict-auth.c (trivfs_S_io_restrict_auth): Likewise. * libtrivfs/open.c (trivfs_open): Likewise. * libtrivfs/priv.h (_is_privileged): New function. * libtrivfs/trivfs.h (struct peropen): Clarify what 'isroot' means. --- libtrivfs/io-reauthenticate.c | 3 +-- libtrivfs/io-restrict-auth.c | 4 +--- libtrivfs/open.c | 2 +- libtrivfs/priv.h | 9 +++++++++ libtrivfs/trivfs.h | 3 ++- 5 files changed, 14 insertions(+), 7 deletions(-) (limited to 'libtrivfs') diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c index 35775e57..72684e35 100644 --- a/libtrivfs/io-reauthenticate.c +++ b/libtrivfs/io-reauthenticate.c @@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred, return err; mach_port_deallocate (mach_task_self (), newright); - if (idvec_contains (newcred->user->uids, 0)) - newcred->isroot = 1; + newcred->isroot = _is_privileged (newcred->user->uids); newcred->hook = cred->hook; newcred->po = cred->po; diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c index cb4224dc..6c807f17 100644 --- a/libtrivfs/io-restrict-auth.c +++ b/libtrivfs/io-restrict-auth.c @@ -109,11 +109,9 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred, return err; } - newcred->isroot = 0; newcred->po = cred->po; refcount_ref (&newcred->po->refcnt); - if (cred->isroot && idvec_contains (user->uids, 0)) - newcred->isroot = 1; + newcred->isroot = cred->isroot && _is_privileged (user->uids); newcred->user = user; newcred->hook = cred->hook; diff --git a/libtrivfs/open.c b/libtrivfs/open.c index 97e70a16..35a9452c 100644 --- a/libtrivfs/open.c +++ b/libtrivfs/open.c @@ -56,7 +56,7 @@ trivfs_open (struct trivfs_control *cntl, if (! err) { new->user = user; - new->isroot = idvec_contains (user->uids, 0); + new->isroot = _is_privileged (user->uids); new->po = po; new->hook = 0; diff --git a/libtrivfs/priv.h b/libtrivfs/priv.h index d92fe336..4bdd4f77 100644 --- a/libtrivfs/priv.h +++ b/libtrivfs/priv.h @@ -21,6 +21,15 @@ #include #include #include +#include +#include #include "trivfs.h" +/* Returns true if UIDS contains either 0 or our user id. */ +static inline int +_is_privileged (struct idvec *uids) +{ + return idvec_contains (uids, 0) || idvec_contains (uids, getuid ()); +} + #endif diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h index d81c4f93..49cc765f 100644 --- a/libtrivfs/trivfs.h +++ b/libtrivfs/trivfs.h @@ -30,7 +30,8 @@ struct trivfs_protid { struct port_info pi; struct iouser *user; - int isroot; + int isroot; /* Opened by a privileged user, either + root or our own user. */ /* REALNODE will be null if this protid wasn't fully created (currently only in the case where trivfs_protid_create_hook returns an error). */ mach_port_t realnode; /* restricted permissions */ -- cgit v1.2.3