From owner-freebsd-hackers@FreeBSD.ORG Fri Jun 17 18:23:05 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E82C016A41C for ; Fri, 17 Jun 2005 18:23:05 +0000 (GMT) (envelope-from french.linuxian@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id A42A343D48 for ; Fri, 17 Jun 2005 18:23:05 +0000 (GMT) (envelope-from french.linuxian@gmail.com) Received: by zproxy.gmail.com with SMTP id 12so489335nzp for ; Fri, 17 Jun 2005 11:23:05 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jW3bC1/mBmqyIBL44nliXBg3nDwjCpi3GIiLGjd3Wwim1Kx9Djyyk+JcTzmxsZW2Km4tUyy9/hB2eJbULgfMRo3v8TvEfTsF4GW4yk21FKdCjEAxz64CDD75pMdS7rlNaBYxJSMcLGY3Jw666uo/kjKIUjuetM+slvGMklD68Yo= Received: by 10.36.222.19 with SMTP id u19mr864929nzg; Fri, 17 Jun 2005 11:23:05 -0700 (PDT) Received: by 10.36.57.3 with HTTP; Fri, 17 Jun 2005 11:23:05 -0700 (PDT) Message-ID: <372739270506171123a82a450@mail.gmail.com> Date: Fri, 17 Jun 2005 14:23:05 -0400 From: Aziz Kezzou To: Julian Elischer In-Reply-To: <42B305DB.50000@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <3727392705061709318b9346f@mail.gmail.com> <42B305DB.50000@elischer.org> Cc: freebsd-hackers Subject: Re: How to check root powers on a struct proc ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Aziz Kezzou List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2005 18:23:06 -0000 > Aziz Kezzou wrote: > > Hi all, > > I am trying to check that a process (struct proc) has root powers when > > it calls my KLD system call. > > I know from kern_jail.c that I can use suser() but this function takes > > a struct thread* instead of struct proc* although the credentials > > (struct ucred *p_ucred;) are stored in proc ! >=20 > no.. the thread has a credential that it inherrits from the proc. > when a thread changes the credential of the process as a whole, the > other threads in the kernel don't notice until they return from their > syscalls.. in the mean time they continue to use the reference they > hold to the old credential. This is so that a credential doesn;t change h= alf way > through a syscall. the active credential at entry will be the active cre= dential > for that thread until it completes its time in the kernel. >=20 > > > > Is there an esay way to get a struct thread* from a struct proc* ? or > > should I simply use the function: int suser_cred(struct ucred *cred, > > int flag); with cred =3D p-> p_ucred >=20 > why get a struct proc? the thread has a pointer to the cred it is runnin= g > under. >=20 >=20 I probably didn't make myself clear enough. When my KLD system call is called I get a reference on the calling process as "struct proc *p". Now how do I check if the calling process has root powers ? Would the following work ? : static int ukcoe_register_ud( struct proc *p, struct ukcoe_register_ud_args* arg ) { int error; error =3D suser_cred(p->p_cred, 0); if(error) return error; /* do the actual work*/ return 0; } Thanks, -aziz