From owner-freebsd-hackers@FreeBSD.ORG Fri Jun 17 19:03:05 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F75316A41C for ; Fri, 17 Jun 2005 19:03:05 +0000 (GMT) (envelope-from julian@elischer.org) Received: from bigwoop.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B9B143D1F for ; Fri, 17 Jun 2005 19:03:04 +0000 (GMT) (envelope-from julian@elischer.org) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by bigwoop.vicor-nb.com (Postfix) with ESMTP id CFCA37A403; Fri, 17 Jun 2005 12:03:00 -0700 (PDT) Message-ID: <42B31E65.2090803@elischer.org> Date: Fri, 17 Jun 2005 12:03:01 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: Aziz Kezzou References: <3727392705061709318b9346f@mail.gmail.com> <42B305DB.50000@elischer.org> <372739270506171123a82a450@mail.gmail.com> In-Reply-To: <372739270506171123a82a450@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers Subject: Re: How to check root powers on a struct proc ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2005 19:03:05 -0000 Aziz Kezzou wrote: >>Aziz Kezzou wrote: >> >> >>>Hi all, >>>I am trying to check that a process (struct proc) has root powers when >>>it calls my KLD system call. >>>I know from kern_jail.c that I can use suser() but this function takes >>>a struct thread* instead of struct proc* although the credentials >>>(struct ucred *p_ucred;) are stored in proc ! >>> >>> >>no.. the thread has a credential that it inherrits from the proc. >>when a thread changes the credential of the process as a whole, the >>other threads in the kernel don't notice until they return from their >>syscalls.. in the mean time they continue to use the reference they >>hold to the old credential. This is so that a credential doesn;t change half way >>through a syscall. the active credential at entry will be the active credential >>for that thread until it completes its time in the kernel. >> >> >> >>>Is there an esay way to get a struct thread* from a struct proc* ? or >>>should I simply use the function: int suser_cred(struct ucred *cred, >>>int flag); with cred = p-> p_ucred >>> >>> >>why get a struct proc? the thread has a pointer to the cred it is running >>under. >> >> >> >> > >I probably didn't make myself clear enough. >When my KLD system call is called I get a reference on the calling >process as "struct proc *p". Now how do I check if the calling process >has root powers ? > > why do you get a proc*? Who is giving it to you? there is always a thread and it is always better to pass a thread than a proc. because you can trivially go from thread to proc but the converse is not easy.. (there may be many threads) given a thread you can do td->td_proc to find the proc you can also find the current thread easily with "curthread" so the current process is curthread->td_proc >Would the following work ? : >static int ukcoe_register_ud( struct proc *p, struct >ukcoe_register_ud_args* arg ) { >int error; >error = suser_cred(p->p_cred, 0); >if(error) return error; > >/* do the actual work*/ >return 0; >} > >Thanks, >-aziz >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > >