From owner-freebsd-hackers@FreeBSD.ORG Mon Jul 24 02:07:30 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08F2D16A4DD for ; Mon, 24 Jul 2006 02:07:30 +0000 (UTC) (envelope-from shangjie.li@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62B5B43D4C for ; Mon, 24 Jul 2006 02:07:29 +0000 (GMT) (envelope-from shangjie.li@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so2150808uge for ; Sun, 23 Jul 2006 19:07:28 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=SFp0QpwBZKIZj2efqDipzBC8eOHoh3hRp/uHBP7EnnJkLJYnfGA0Jsf9BD+PgKN7a29V2vN3d/i4tQU3wUKV72SFOLmbWSEVAfq/ceVzu6LPp2bMSEYyvAfFVN2pF5NKJrFUAKNFHecU1UvYmCf9UM8vMBk7PdMYJ2ykGtcMcco= Received: by 10.78.170.17 with SMTP id s17mr1281979hue; Sun, 23 Jul 2006 19:07:27 -0700 (PDT) Received: by 10.78.127.20 with HTTP; Sun, 23 Jul 2006 19:07:27 -0700 (PDT) Message-ID: Date: Mon, 24 Jul 2006 10:07:27 +0800 From: "=?GB2312?B?wO7J0L3c?=" To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: A question about ipcperm() call? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 02:07:30 -0000 The code for ipcperm() call : 78 ipcperm(td, perm, mode) 79 struct thread *td; 80 struct ipc_perm *perm; 81 int mode; 82 { 83 struct ucred *cred = td->td_ucred; 84 int error; 85 86 if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) { 87 /* 88 * For a non-create/owner, we require privilege to 89 * modify the object protections. Note: some other 90 * implementations permit IPC_M to be delegated to 91 * unprivileged non-creator/owner uids/gids. 92 */ 93 if (mode & IPC_M) { 94 error = suser(td); 95 if (error) 96 return (error); 97 } 98 /* 99 * Try to match against creator/owner group; if not, fall 100 * back on other. 101 */ 102 mode >>= 3; 103 if (!groupmember(perm->gid, cred) && 104 !groupmember(perm->cgid, cred)) 105 mode >>= 3; 106 } else { 107 /* 108 * Always permit the creator/owner to update the object 109 * protections regardless of whether the object mode 110 * permits it. 111 */ 112 if (mode & IPC_M) 113 return (0); 114 } 115 116 if ((mode & perm->mode) != mode) { 117 if (suser(td) != 0) 118 return (EACCES); 119 } 120 return (0); 121 } why not directly return the error in line 94? |Institute of Software, Chinese Academy of Sciences, |P.O. Box 8718, Beijing 100080, CHINA |Phone: (8610)62561197/62635158-1008(O), 82680528(H) |Email: shangjie02@ios.cn >---------------------------------------------------<