From owner-freebsd-hackers@FreeBSD.ORG Fri Jun 17 17:18:26 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A23916A41C for ; Fri, 17 Jun 2005 17:18:26 +0000 (GMT) (envelope-from julian@elischer.org) Received: from delight.idiom.com (delight.idiom.com [216.240.32.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3348343D55 for ; Fri, 17 Jun 2005 17:18:26 +0000 (GMT) (envelope-from julian@elischer.org) Received: from idiom.com (idiom.com [216.240.32.1]) by delight.idiom.com (Postfix) with ESMTP id CBECF1F6EBA; Fri, 17 Jun 2005 10:18:25 -0700 (PDT) Received: from [192.168.2.5] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id j5HHINKW017070; Fri, 17 Jun 2005 10:18:25 -0700 (PDT) (envelope-from julian@elischer.org) Message-ID: <42B305DB.50000@elischer.org> Date: Fri, 17 Jun 2005 10:18:19 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050424 X-Accept-Language: en, hu MIME-Version: 1.0 To: Aziz Kezzou References: <3727392705061709318b9346f@mail.gmail.com> In-Reply-To: <3727392705061709318b9346f@mail.gmail.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers Subject: Re: How to check root powers on a struct proc ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2005 17:18:26 -0000 Aziz Kezzou wrote: > Hi all, > I am trying to check that a process (struct proc) has root powers when > it calls my KLD system call. > I know from kern_jail.c that I can use suser() but this function takes > a struct thread* instead of struct proc* although the credentials > (struct ucred *p_ucred;) are stored in proc ! no.. the thread has a credential that it inherrits from the proc. when a thread changes the credential of the process as a whole, the other threads in the kernel don't notice until they return from their syscalls.. in the mean time they continue to use the reference they hold to the old credential. This is so that a credential doesn;t change half way through a syscall. the active credential at entry will be the active credential for that thread until it completes its time in the kernel. > > Is there an esay way to get a struct thread* from a struct proc* ? or > should I simply use the function: int suser_cred(struct ucred *cred, > int flag); with cred = p-> p_ucred why get a struct proc? the thread has a pointer to the cred it is running under. > > BTW what would the value of flag be? > > Thanks, > -aziz > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"