From owner-freebsd-hackers@FreeBSD.ORG Fri Jun 17 19:37:35 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC4D516A42B for ; Fri, 17 Jun 2005 19:37:35 +0000 (GMT) (envelope-from jhb@FreeBSD.org) Received: from mv.twc.weather.com (mv.twc.weather.com [65.212.71.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id D772443D48 for ; Fri, 17 Jun 2005 19:37:33 +0000 (GMT) (envelope-from jhb@FreeBSD.org) Received: from [10.50.41.231] (Not Verified[216.133.140.1]) by mv.twc.weather.com with NetIQ MailMarshal (v6, 0, 3, 8) id ; Fri, 17 Jun 2005 15:51:00 -0400 From: John Baldwin To: freebsd-hackers@freebsd.org Date: Fri, 17 Jun 2005 15:36:13 -0400 User-Agent: KMail/1.8 References: <3727392705061709318b9346f@mail.gmail.com> <372739270506171123a82a450@mail.gmail.com> <42B31E65.2090803@elischer.org> In-Reply-To: <42B31E65.2090803@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200506171536.14711.jhb@FreeBSD.org> Cc: Julian Elischer , Aziz Kezzou Subject: Re: How to check root powers on a struct proc ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2005 19:37:36 -0000 On Friday 17 June 2005 03:03 pm, Julian Elischer wrote: > Aziz Kezzou wrote: > >>Aziz Kezzou wrote: > >>>Hi all, > >>>I am trying to check that a process (struct proc) has root powers when > >>>it calls my KLD system call. > >>>I know from kern_jail.c that I can use suser() but this function takes > >>>a struct thread* instead of struct proc* although the credentials > >>>(struct ucred *p_ucred;) are stored in proc ! > >> > >>no.. the thread has a credential that it inherrits from the proc. > >>when a thread changes the credential of the process as a whole, the > >>other threads in the kernel don't notice until they return from their > >>syscalls.. in the mean time they continue to use the reference they > >>hold to the old credential. This is so that a credential doesn;t change > >> half way through a syscall. the active credential at entry will be the > >> active credential for that thread until it completes its time in the > >> kernel. > >> > >>>Is there an esay way to get a struct thread* from a struct proc* ? or > >>>should I simply use the function: int suser_cred(struct ucred *cred, > >>>int flag); with cred = p-> p_ucred > >> > >>why get a struct proc? the thread has a pointer to the cred it is > >> running under. > > > >I probably didn't make myself clear enough. > >When my KLD system call is called I get a reference on the calling > >process as "struct proc *p". Now how do I check if the calling process > >has root powers ? > > why do you get a proc*? Who is giving it to you? > > > there is always a thread and it is always better to pass a thread than a > proc. > because you can trivially go from thread to proc but the converse is not > easy.. > (there may be many threads) > > given a thread you can do td->td_proc to find the proc > > you can also find the current thread easily with "curthread" > > so the current process is curthread->td_proc However, td_ucred can only be used from curthread (it's that way to be fast for curthread on purpose.) > >Would the following work ? : > >static int ukcoe_register_ud( struct proc *p, struct > >ukcoe_register_ud_args* arg ) { > >int error; > >error = suser_cred(p->p_cred, 0); > >if(error) return error; > > > >/* do the actual work*/ > >return 0; > >} You need some locks to avoid walking off a wild pointer. Namely, you need to lock the target process. See the various p_canfoo() functions for some examples. Your code might be something like: int error; PROC_LOCK(p); error = suser_cred(p->p_ucred, 0); PROC_UNLOCK(p); /* * XXX: Note that the cred is now free to change within that process * now that the lock is dropped. */ if (error) return (error); ... return (0); -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org