Date: Mon, 2 Jul 2001 18:58:27 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: hackers@freebsd.org Subject: patch for cr_uid checks against zero in -CURRENT Message-ID: <20010702185826.A3253@hades.hell.gr>
index | next in thread | raw e-mail
[-- Attachment #1 --]
I was reading handbook/contrib.html to find useful things to do today.
There's a mention about replacing explicit checks of cr_uid against
zero with calls to suser() or suser_xxx().
The following little script, was what I used to look for cr_uid
occurences.
#!/bin/sh
( find . -type f | xargs egrep -C5 'cr_uid' ) |\
sed -e 's/cr_uid/&/g' |\
less -r
The output is rather long, and skimming through it, I found out that
the following files contained explicit checks of cr_uid against zero:
./dev/digi/digi.c
./fs/msdosfs/msdosfs_vfsops.c
./fs/nwfs/nwfs_vnops.c
./fs/smbfs/smbfs_vnops.c
./fs/umapfs/umap_vnops.c
./gnu/ext2fs/ext2_alloc.c
./gnu/ext2fs/ext2_lookup.c
./gnu/ext2fs/ext2_readwrite.c
./gnu/ext2fs/ext2_vnops.c
./kern/kern_ktrace.c
./kern/kern_sig.c
./netinet/in_pcb.c
./netinet6/in6_pcb.c
./netinet6/ipsec.c
./netinet6/raw_ip6.c
./nfs/nfs_subs.c
./nfs/nfs_vnops.c
./ufs/ffs/ffs_alloc.c
./ufs/ffs/ffs_vfsops.c
I am not sure if I can test the attached patch for all the changes
that it does, so here it is with any comments, suggestions,
corrections, welcome :-)
-giorgos
[-- Attachment #2 --]
Index: ./dev/digi/digi.c
===================================================================
RCS file: /home/ncvs/src/sys/dev/digi/digi.c,v
retrieving revision 1.11
diff -c -u -r1.11 digi.c
--- ./dev/digi/digi.c 2001/06/20 14:52:08 1.11
+++ ./dev/digi/digi.c 2001/07/02 15:30:18
@@ -801,7 +801,7 @@
}
goto open_top;
}
- if (tp->t_state & TS_XCLUDE && p->p_ucred->cr_uid != 0) {
+ if (tp->t_state & TS_XCLUDE && suser(p)) {
error = EBUSY;
goto out;
}
Index: ./fs/msdosfs/msdosfs_vfsops.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/msdosfs/msdosfs_vfsops.c,v
retrieving revision 1.79
diff -c -u -r1.79 msdosfs_vfsops.c
--- ./fs/msdosfs/msdosfs_vfsops.c 2001/06/28 03:47:50 1.79
+++ ./fs/msdosfs/msdosfs_vfsops.c 2001/07/02 15:31:47
@@ -263,7 +263,7 @@
* If upgrade to read-write by non-root, then verify
* that user has necessary permissions on the device.
*/
- if (p->p_ucred->cr_uid != 0) {
+ if (suser(p)) {
devvp = pmp->pm_devvp;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p);
error = VOP_ACCESS(devvp, VREAD | VWRITE,
@@ -310,7 +310,7 @@
* If mount by non-root, then verify that user has necessary
* permissions on the device.
*/
- if (p->p_ucred->cr_uid != 0) {
+ if (suser(p)) {
accessmode = VREAD;
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
Index: ./fs/nwfs/nwfs_vnops.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/nwfs/nwfs_vnops.c,v
retrieving revision 1.20
diff -c -u -r1.20 nwfs_vnops.c
--- ./fs/nwfs/nwfs_vnops.c 2001/05/26 11:57:37 1.20
+++ ./fs/nwfs/nwfs_vnops.c 2001/07/02 15:32:20
@@ -150,7 +150,7 @@
break;
}
}
- if (cred->cr_uid == 0)
+ if (suser_xxx(cred, 0, 0) == 0)
return 0;
if (cred->cr_uid != nmp->m.uid) {
mode >>= 3;
Index: ./fs/smbfs/smbfs_vnops.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/smbfs/smbfs_vnops.c,v
retrieving revision 1.2
diff -c -u -r1.2 smbfs_vnops.c
--- ./fs/smbfs/smbfs_vnops.c 2001/04/29 11:48:34 1.2
+++ ./fs/smbfs/smbfs_vnops.c 2001/07/02 15:33:13
@@ -155,7 +155,7 @@
break;
}
}
- if (cred->cr_uid == 0)
+ if (suser(cred, 0, 0) == 0)
return 0;
if (cred->cr_uid != smp->sm_args.uid) {
mode >>= 3;
Index: ./fs/umapfs/umap_vnops.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/umapfs/umap_vnops.c,v
retrieving revision 1.33
diff -c -u -r1.33 umap_vnops.c
--- ./fs/umapfs/umap_vnops.c 2001/05/23 09:42:13 1.33
+++ ./fs/umapfs/umap_vnops.c 2001/07/02 15:36:04
@@ -152,7 +152,7 @@
(*credpp) = crdup(savecredp);
credp = *credpp;
- if (umap_bug_bypass && credp->cr_uid != 0)
+ if (umap_bug_bypass && suser_xxx(credp, 0, 0))
printf("umap_bypass: user was %lu, group %lu\n",
(u_long)credp->cr_uid, (u_long)credp->cr_gid);
@@ -160,7 +160,7 @@
umap_mapids(vp1->v_mount, credp);
- if (umap_bug_bypass && credp->cr_uid != 0)
+ if (umap_bug_bypass && suser_xxx(credp, 0, 0))
printf("umap_bypass: user now %lu, group %lu\n",
(u_long)credp->cr_uid, (u_long)credp->cr_gid);
}
@@ -180,7 +180,7 @@
(*compnamepp)->cn_cred = crdup(savecompcredp);
compcredp = (*compnamepp)->cn_cred;
- if (umap_bug_bypass && compcredp->cr_uid != 0)
+ if (umap_bug_bypass && suser_xxx(compcredp, 0, 0))
printf(
"umap_bypass: component credit user was %lu, group %lu\n",
(u_long)compcredp->cr_uid,
@@ -190,7 +190,7 @@
umap_mapids(vp1->v_mount, compcredp);
- if (umap_bug_bypass && compcredp->cr_uid != 0)
+ if (umap_bug_bypass && suser_xxx(compcredp, 0, 0))
printf(
"umap_bypass: component credit user now %lu, group %lu\n",
(u_long)compcredp->cr_uid,
@@ -240,14 +240,14 @@
* Free duplicate cred structure and restore old one.
*/
if (descp->vdesc_cred_offset != VDESC_NO_OFFSET) {
- if (umap_bug_bypass && credp && credp->cr_uid != 0)
+ if (umap_bug_bypass && credp && suser_xxx(credp, 0, 0))
printf("umap_bypass: returning-user was %lu\n",
(u_long)credp->cr_uid);
if (savecredp != NOCRED) {
crfree(credp);
(*credpp) = savecredp;
- if (umap_bug_bypass && credpp && (*credpp)->cr_uid != 0)
+ if (umap_bug_bypass && credpp && suser_xxx((*credpp), 0, 0))
printf(
"umap_bypass: returning-user now %lu\n\n",
(u_long)(*credpp)->cr_uid);
@@ -255,7 +255,7 @@
}
if (descp->vdesc_componentname_offset != VDESC_NO_OFFSET) {
- if (umap_bug_bypass && compcredp && compcredp->cr_uid != 0)
+ if (umap_bug_bypass && compcredp && suser_xxx(compcredp, 0, 0))
printf(
"umap_bypass: returning-component-user was %lu\n",
(u_long)compcredp->cr_uid);
@@ -263,7 +263,7 @@
if (savecompcredp != NOCRED) {
crfree(compcredp);
(*compnamepp)->cn_cred = savecompcredp;
- if (umap_bug_bypass && credpp && (*credpp)->cr_uid != 0)
+ if (umap_bug_bypass && credpp && suser_xxx((*credpp), 0, 0))
printf(
"umap_bypass: returning-component-user now %lu\n",
(u_long)compcredp->cr_uid);
@@ -469,7 +469,7 @@
savecompcredp = compcredp;
compcredp = compnamep->cn_cred = crdup(savecompcredp);
- if (umap_bug_bypass && compcredp->cr_uid != 0)
+ if (umap_bug_bypass && suser_xxx(compcredp, 0, 0))
printf(
"umap_rename: rename component credit user was %lu, group %lu\n",
(u_long)compcredp->cr_uid, (u_long)compcredp->cr_gid);
@@ -478,7 +478,7 @@
umap_mapids(vp->v_mount, compcredp);
- if (umap_bug_bypass && compcredp->cr_uid != 0)
+ if (umap_bug_bypass && suser_xxx(compcredp, 0, 0))
printf(
"umap_rename: rename component credit user now %lu, group %lu\n",
(u_long)compcredp->cr_uid, (u_long)compcredp->cr_gid);
Index: ./gnu/ext2fs/ext2_alloc.c
===================================================================
RCS file: /home/ncvs/src/sys/gnu/ext2fs/ext2_alloc.c,v
retrieving revision 1.30
diff -c -u -r1.30 ext2_alloc.c
--- ./gnu/ext2fs/ext2_alloc.c 2001/02/18 10:25:42 1.30
+++ ./gnu/ext2fs/ext2_alloc.c 2001/07/02 15:37:05
@@ -125,7 +125,7 @@
#endif /* DIAGNOSTIC */
if (size == fs->s_blocksize && fs->s_es->s_free_blocks_count == 0)
goto nospace;
- if (cred->cr_uid != 0 &&
+ if (suser_xxx(cred, 0, 0) &&
fs->s_es->s_free_blocks_count < fs->s_es->s_r_blocks_count)
goto nospace;
#if QUOTA
Index: ./gnu/ext2fs/ext2_lookup.c
===================================================================
RCS file: /home/ncvs/src/sys/gnu/ext2fs/ext2_lookup.c,v
retrieving revision 1.26
diff -c -u -r1.26 ext2_lookup.c
--- ./gnu/ext2fs/ext2_lookup.c 2000/10/27 11:45:22 1.26
+++ ./gnu/ext2fs/ext2_lookup.c 2001/07/02 15:37:30
@@ -610,7 +610,7 @@
* implements append-only directories.
*/
if ((dp->i_mode & ISVTX) &&
- cred->cr_uid != 0 &&
+ suser_xxx(cred, 0, 0) &&
cred->cr_uid != dp->i_uid &&
VTOI(tdp)->i_uid != cred->cr_uid) {
vput(tdp);
Index: ./gnu/ext2fs/ext2_readwrite.c
===================================================================
RCS file: /home/ncvs/src/sys/gnu/ext2fs/ext2_readwrite.c,v
retrieving revision 1.22
diff -c -u -r1.22 ext2_readwrite.c
--- ./gnu/ext2fs/ext2_readwrite.c 2001/03/07 03:37:00 1.22
+++ ./gnu/ext2fs/ext2_readwrite.c 2001/07/02 15:38:02
@@ -297,7 +297,7 @@
* we clear the setuid and setgid bits as a precaution against
* tampering.
*/
- if (resid > uio->uio_resid && ap->a_cred && ap->a_cred->cr_uid != 0)
+ if (resid > uio->uio_resid && ap->a_cred && suser_xxx(ap->a_cred, 0, 0))
ip->i_mode &= ~(ISUID | ISGID);
if (error) {
if (ioflag & IO_UNIT) {
Index: ./gnu/ext2fs/ext2_vnops.c
===================================================================
RCS file: /home/ncvs/src/sys/gnu/ext2fs/ext2_vnops.c,v
retrieving revision 1.56
diff -c -u -r1.56 ext2_vnops.c
--- ./gnu/ext2fs/ext2_vnops.c 2001/05/01 08:34:27 1.56
+++ ./gnu/ext2fs/ext2_vnops.c 2001/07/02 15:38:44
@@ -623,7 +623,7 @@
* otherwise the destination may not be changed (except by
* root). This implements append-only directories.
*/
- if ((dp->i_mode & S_ISTXT) && tcnp->cn_cred->cr_uid != 0 &&
+ if ((dp->i_mode & S_ISTXT) && suser_xxx(tcnp->cn_cred, 0, 0) &&
tcnp->cn_cred->cr_uid != dp->i_uid &&
xp->i_uid != tcnp->cn_cred->cr_uid) {
error = EPERM;
Index: ./kern/kern_ktrace.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_ktrace.c,v
retrieving revision 1.53
diff -c -u -r1.53 kern_ktrace.c
--- ./kern/kern_ktrace.c 2001/05/25 16:59:06 1.53
+++ ./kern/kern_ktrace.c 2001/07/02 15:39:12
@@ -404,7 +404,7 @@
p->p_tracep = vp;
}
p->p_traceflag |= facs;
- if (curp->p_ucred->cr_uid == 0)
+ if (suser(curp) == 0)
p->p_traceflag |= KTRFAC_ROOT;
} else {
/* KTROP_CLEAR */
Index: ./kern/kern_sig.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_sig.c,v
retrieving revision 1.123
diff -c -u -r1.123 kern_sig.c
--- ./kern/kern_sig.c 2001/06/22 23:02:37 1.123
+++ ./kern/kern_sig.c 2001/07/02 15:40:17
@@ -100,7 +100,7 @@
* Policy -- Can ucred cr1 send SIGIO to process cr2?
*/
#define CANSIGIO(cr1, cr2) \
- ((cr1)->cr_uid == 0 || \
+ (suser_xxx((cr1), 0, 0) == 0 || \
(cr2)->cr_ruid == (cr2)->cr_ruid || \
(cr2)->cr_uid == (cr2)->cr_ruid || \
(cr2)->cr_ruid == (cr2)->cr_uid || \
Index: ./netinet/in_pcb.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.85
diff -c -u -r1.85 in_pcb.c
--- ./netinet/in_pcb.c 2001/06/29 12:07:29 1.85
+++ ./netinet/in_pcb.c 2001/07/02 15:41:21
@@ -223,7 +223,7 @@
return (EACCES);
if (p && jailed(p->p_ucred))
prison = 1;
- if (so->so_cred->cr_uid != 0 &&
+ if (suser_xxx(so->so_cred, 0, 0) &&
!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
t = in_pcblookup_local(inp->inp_pcbinfo,
sin->sin_addr, lport,
Index: ./netinet6/in6_pcb.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6_pcb.c,v
retrieving revision 1.15
diff -c -u -r1.15 in6_pcb.c
--- ./netinet6/in6_pcb.c 2001/06/11 12:39:05 1.15
+++ ./netinet6/in6_pcb.c 2001/07/02 15:41:51
@@ -190,7 +190,7 @@
if (ntohs(lport) < IPV6PORT_RESERVED && p &&
suser_xxx(0, p, PRISON_ROOT))
return(EACCES);
- if (so->so_cred->cr_uid != 0 &&
+ if (suser_xxx(so->so_cred, 0, 0) &&
!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
t = in6_pcblookup_local(pcbinfo,
&sin6->sin6_addr, lport,
Index: ./netinet6/ipsec.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/ipsec.c,v
retrieving revision 1.12
diff -c -u -r1.12 ipsec.c
--- ./netinet6/ipsec.c 2001/06/11 12:39:06 1.12
+++ ./netinet6/ipsec.c 2001/07/02 15:42:39
@@ -1120,7 +1120,7 @@
}
bzero(new, sizeof(*new));
- if (so->so_cred != 0 && so->so_cred->cr_uid == 0)
+ if (suser_xxx(so->so_cred, 0, 0) == 0)
new->priv = 1;
else
new->priv = 0;
Index: ./netinet6/raw_ip6.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/raw_ip6.c,v
retrieving revision 1.11
diff -c -u -r1.11 raw_ip6.c
--- ./netinet6/raw_ip6.c 2001/06/11 12:39:06 1.11
+++ ./netinet6/raw_ip6.c 2001/07/02 15:43:12
@@ -326,7 +326,7 @@
in6p = sotoin6pcb(so);
priv = 0;
- if (so->so_cred->cr_uid == 0)
+ if (suser_xxx(so->so_cred, 0, 0) == 0)
priv = 1;
dst = &dstsock->sin6_addr;
if (control) {
Index: ./nfs/nfs_subs.c
===================================================================
RCS file: /home/ncvs/src/sys/nfs/nfs_subs.c,v
retrieving revision 1.102
diff -c -u -r1.102 nfs_subs.c
--- ./nfs/nfs_subs.c 2001/06/28 04:08:20 1.102
+++ ./nfs/nfs_subs.c 2001/07/02 15:43:44
@@ -1974,7 +1974,7 @@
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
- } else if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) {
+ } else if (suser_xxx(cred, 0, 0) == 0 || (exflags & MNT_EXPORTANON)) {
cred->cr_uid = credanon->cr_uid;
for (i = 0; i < credanon->cr_ngroups && i < NGROUPS; i++)
cred->cr_groups[i] = credanon->cr_groups[i];
Index: ./nfs/nfs_vnops.c
===================================================================
RCS file: /home/ncvs/src/sys/nfs/nfs_vnops.c,v
retrieving revision 1.171
diff -c -u -r1.171 nfs_vnops.c
--- ./nfs/nfs_vnops.c 2001/05/23 09:42:05 1.171
+++ ./nfs/nfs_vnops.c 2001/07/02 15:44:28
@@ -402,7 +402,7 @@
* After calling nfsspec_access, we should have the correct
* file size cached.
*/
- if (ap->a_cred->cr_uid == 0 && (ap->a_mode & VREAD)
+ if (suser_xxx(ap->a_cred, 0, 0) == 0 && (ap->a_mode & VREAD)
&& VTONFS(vp)->n_size > 0) {
struct iovec aiov;
struct uio auio;
@@ -3158,7 +3158,7 @@
* If you're the super-user,
* you always get access.
*/
- if (cred->cr_uid == 0)
+ if (suser_xxx(cred, 0, 0) == 0)
return (0);
vap = &vattr;
error = VOP_GETATTR(vp, vap, cred, ap->a_p);
Index: ./ufs/ffs/ffs_alloc.c
===================================================================
RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_alloc.c,v
retrieving revision 1.80
diff -c -u -r1.80 ffs_alloc.c
--- ./ufs/ffs/ffs_alloc.c 2001/06/15 07:44:39 1.80
+++ ./ufs/ffs/ffs_alloc.c 2001/07/02 15:45:15
@@ -126,7 +126,7 @@
#endif /* DIAGNOSTIC */
if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
goto nospace;
- if (cred->cr_uid != 0 &&
+ if (suser_xxx(cred, 0, 0) != 0 &&
freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0)
goto nospace;
#ifdef QUOTA
@@ -198,7 +198,7 @@
if (cred == NOCRED)
panic("ffs_realloccg: missing credential");
#endif /* DIAGNOSTIC */
- if (cred->cr_uid != 0 &&
+ if (suser_xxx(cred, 0, 0) != 0 &&
freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0)
goto nospace;
if ((bprev = ip->i_db[lbprev]) == 0) {
Index: ./ufs/ffs/ffs_vfsops.c
===================================================================
RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_vfsops.c,v
retrieving revision 1.157
diff -c -u -r1.157 ffs_vfsops.c
--- ./ufs/ffs/ffs_vfsops.c 2001/06/28 22:21:27 1.157
+++ ./ufs/ffs/ffs_vfsops.c 2001/07/02 15:45:44
@@ -219,7 +219,7 @@
* If upgrade to read-write by non-root, then verify
* that user has necessary permissions on the device.
*/
- if (p->p_ucred->cr_uid != 0) {
+ if (suser(p)) {
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p);
if ((error = VOP_ACCESS(devvp, VREAD | VWRITE,
p->p_ucred, p)) != 0) {
@@ -300,7 +300,7 @@
* If mount by non-root, then verify that user has necessary
* permissions on the device.
*/
- if (p->p_ucred->cr_uid != 0) {
+ if (suser(p)) {
accessmode = VREAD;
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010702185826.A3253>