From owner-freebsd-hackers@FreeBSD.ORG Mon Jul 24 05:24:17 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E728416A4DD for ; Mon, 24 Jul 2006 05:24:17 +0000 (UTC) (envelope-from delphij@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 789C443D45 for ; Mon, 24 Jul 2006 05:24:17 +0000 (GMT) (envelope-from delphij@gmail.com) Received: by py-out-1112.google.com with SMTP id b36so1881866pyb for ; Sun, 23 Jul 2006 22:23:44 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=BO7gkGg3ClV0/4XPJybud/UeuWOr8re/zKeMBC40DI3iS7NctWPNZrxahxKDOLSU6+BzppAP/yiVUvM7C+5tAdRfh2WjtjnNUUyEjLnj0wPstPCDQVU+CeSDHtV/jzmtP+gh0JqesxdSL+QUYfLTJQN/ZGbKP14+MfEq0ZcCnD4= Received: by 10.35.37.18 with SMTP id p18mr6879117pyj; Sun, 23 Jul 2006 22:21:55 -0700 (PDT) Received: by 10.35.125.13 with HTTP; Sun, 23 Jul 2006 22:21:55 -0700 (PDT) Message-ID: Date: Mon, 24 Jul 2006 13:21:55 +0800 From: "Xin LI" To: "=?ISO-2022-JP?B?GyRCTXs+MFs/GyhC?=" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-2022-JP; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: freebsd-hackers@freebsd.org, rwatson@freebsd.org Subject: Re: A question about ipcperm() call? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: delphij@delphij.net List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 05:24:18 -0000 On 7/24/06, 李尚杰 wrote: > The code for ipcperm() call : > 78 ipcperm(td, perm, mode) > 79 struct thread *td; > 80 struct ipc_perm *perm; > 81 int mode; > 82 { > 83 struct ucred *cred = td->td_ucred; > 84 int error; > 85 > 86 if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) { > 87 /* > 88 * For a non-create/owner, we require privilege to > 89 * modify the object protections. Note: some other > 90 * implementations permit IPC_M to be delegated to > 91 * unprivileged non-creator/owner uids/gids. > 92 */ > 93 if (mode & IPC_M) { > 94 error = suser(td); > 95 if (error) > 96 return (error); > 97 } > 98 /* > 99 * Try to match against creator/owner group; if not, fall > 100 * back on other. > 101 */ > 102 mode >>= 3; > 103 if (!groupmember(perm->gid, cred) && > 104 !groupmember(perm->cgid, cred)) > 105 mode >>= 3; > 106 } else { > 107 /* > 108 * Always permit the creator/owner to update the object > 109 * protections regardless of whether the object mode > 110 * permits it. > 111 */ > 112 if (mode & IPC_M) > 113 return (0); > 114 } > 115 > 116 if ((mode & perm->mode) != mode) { > 117 if (suser(td) != 0) > 118 return (EACCES); > 119 } > 120 return (0); > 121 } > > why not directly return the error in line 94? I think it makes sense to remove the assignment and the 'error' variable. Let's see Robert's opinion. Cheers, -- Xin LI http://www.delphij.net