[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Matthias Drochner wrote:
How can you tell I botched it?
Sorry I usually avoid to point fingers at persons, but in this
case it was a nicely fitting reply to the question.
Your change removed a check which returned EPERM in case
the owner etc didn't match.
My bad: I was looking at the wrong part of the code (specifically the
EACCES at the bottom rather than the EPERM at the top).
Anyway, the fix here isn't so obvious; specifically, the original check
checked both the effective and the real uid ("root" is a user with
effective uid 0). Additionally, the documentation (not ours) doesn't
necessarily specify a super-user, but rather a user with the proper
privileges, which is more correct. We have to decide if we want to
maintain the behavior (uid or euid 0 -> no EPERM, which is IMHO wrong),
fix it (euid 0 -> no EPERM, IMHO right, can simply be a
KAUTH_GENERIC_ISSUSER for now), or do something completely different
(like make listeners return errno values and weigh them, similar to
FreeBSD, long-term goal).
The attached diff is simply restores the original checks.
RCS file: /usr/cvs/src/sys/kern/kern_resource.c,v
retrieving revision 1.151
diff -u -p -r1.151 kern_resource.c
--- sys/kern/kern_resource.c 29 Mar 2009 01:02:50 -0000 1.151
+++ sys/kern/kern_resource.c 25 May 2009 04:05:26 -0000
@@ -229,6 +229,11 @@ donice(struct lwp *l, struct proc *chgp,
+ if (kauth_cred_geteuid(cred) && kauth_cred_getuid(cred) &&
+ kauth_cred_geteuid(cred) != kauth_cred_geteuid(chgp->p_cred) &&
+ kauth_cred_getuid(cred) != kauth_cred_geteuid(chgp->p_cred))
+ return (EPERM);
if (n > PRIO_MAX)
n = PRIO_MAX;
if (n < PRIO_MIN)
Main Index |
Thread Index |