Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 Jul 2006 13:21:55 +0800
From:      "Xin LI" <delphij@gmail.com>
To:        "=?ISO-2022-JP?B?GyRCTXs+MFs/GyhC?=" <shangjie.li@gmail.com>
Cc:        freebsd-hackers@freebsd.org, rwatson@freebsd.org
Subject:   Re: A question about ipcperm() call?
Message-ID:  <a78074950607232221q7c3f3028xbb22d85dfd677c49@mail.gmail.com>
In-Reply-To: <de71d27b0607231907o6a7567bdy81e1a6d613b88c82@mail.gmail.com>
References:  <de71d27b0607231907o6a7567bdy81e1a6d613b88c82@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 7/24/06, $BM{>0[?(B <shangjie.li@gmail.com> wrote:
> The code for ipcperm() call :
>  78 ipcperm(td, perm, mode)
>  79         struct thread *td;
>  80         struct ipc_perm *perm;
>  81         int mode;
>  82 {
>  83         struct ucred *cred = td->td_ucred;
>  84         int error;
>  85
>  86         if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) {
>  87                 /*
>  88                  * For a non-create/owner, we require privilege to
>  89                  * modify the object protections.  Note: some other
>  90                  * implementations permit IPC_M to be delegated to
>  91                  * unprivileged non-creator/owner uids/gids.
>  92                  */
>  93                 if (mode & IPC_M) {
>  94                         error = suser(td);
>  95                         if (error)
>  96                                 return (error);
>  97                 }
>  98                 /*
>  99                  * Try to match against creator/owner group; if not, fall
> 100                  * back on other.
> 101                  */
> 102                 mode >>= 3;
> 103                 if (!groupmember(perm->gid, cred) &&
> 104                     !groupmember(perm->cgid, cred))
> 105                         mode >>= 3;
> 106         } else {
> 107                 /*
> 108                  * Always permit the creator/owner to update the object
> 109                  * protections regardless of whether the object mode
> 110                  * permits it.
> 111                  */
> 112                 if (mode & IPC_M)
> 113                         return (0);
> 114         }
> 115
> 116         if ((mode & perm->mode) != mode) {
> 117                 if (suser(td) != 0)
> 118                         return (EACCES);
> 119         }
> 120         return (0);
> 121 }
>
> why not directly return the error in line 94?

I think it makes sense to remove the assignment and the 'error'
variable.  Let's see Robert's opinion.

Cheers,
-- 
Xin LI <delphij@delphij.net> http://www.delphij.net

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a78074950607232221q7c3f3028xbb22d85dfd677c49>