NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/41489: setpriority(2) returns EACCES instead of EPERM

Matthias Drochner wrote: said:
How can you tell I botched it?

Sorry I usually avoid to point fingers at persons, but in this
case it was a nicely fitting reply to the question.

Your change removed a check which returned EPERM in case
the owner etc didn't match.

My bad: I was looking at the wrong part of the code (specifically the EACCES at the bottom rather than the EPERM at the top).

Anyway, the fix here isn't so obvious; specifically, the original check checked both the effective and the real uid ("root" is a user with effective uid 0). Additionally, the documentation (not ours) doesn't necessarily specify a super-user, but rather a user with the proper privileges, which is more correct. We have to decide if we want to maintain the behavior (uid or euid 0 -> no EPERM, which is IMHO wrong), fix it (euid 0 -> no EPERM, IMHO right, can simply be a KAUTH_GENERIC_ISSUSER for now), or do something completely different (like make listeners return errno values and weigh them, similar to FreeBSD, long-term goal).

The attached diff is simply restores the original checks.

Index: sys/kern/kern_resource.c
RCS file: /usr/cvs/src/sys/kern/kern_resource.c,v
retrieving revision 1.151
diff -u -p -r1.151 kern_resource.c
--- sys/kern/kern_resource.c    29 Mar 2009 01:02:50 -0000      1.151
+++ sys/kern/kern_resource.c    25 May 2009 04:05:26 -0000
@@ -229,6 +229,11 @@ donice(struct lwp *l, struct proc *chgp,
+       if (kauth_cred_geteuid(cred) && kauth_cred_getuid(cred) &&
+           kauth_cred_geteuid(cred) != kauth_cred_geteuid(chgp->p_cred) &&
+           kauth_cred_getuid(cred) != kauth_cred_geteuid(chgp->p_cred))
+               return (EPERM);
        if (n > PRIO_MAX)
                n = PRIO_MAX;
        if (n < PRIO_MIN)

Home | Main Index | Thread Index | Old Index