Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 Jun 2005 14:23:05 -0400
From:      Aziz Kezzou <french.linuxian@gmail.com>
To:        Julian Elischer <julian@elischer.org>
Cc:        freebsd-hackers <freebsd-hackers@freebsd.org>
Subject:   Re: How to check root powers on a struct proc ?
Message-ID:  <372739270506171123a82a450@mail.gmail.com>
In-Reply-To: <42B305DB.50000@elischer.org>
References:  <3727392705061709318b9346f@mail.gmail.com> <42B305DB.50000@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Aziz Kezzou wrote:
> > Hi all,
> > I am trying to check that a process (struct proc) has root powers when
> > it calls my KLD system call.
> > I know from kern_jail.c that I can use suser() but this function takes
> > a struct thread* instead of struct proc* although the credentials
> > (struct ucred *p_ucred;) are stored in proc !
>=20
> no.. the thread has a credential that it inherrits from the proc.
> when a thread changes the credential of the process as a whole, the
> other threads in the kernel don't notice until they return from their
> syscalls.. in the mean time they continue to use the reference they
> hold to the old credential. This is so that a credential doesn;t change h=
alf way
> through a syscall.  the active credential at entry will be the active cre=
dential
> for that thread until it completes its time in the kernel.
>=20
> >
> > Is there an esay way to get a struct thread* from a struct proc* ? or
> > should I simply use the function:  int suser_cred(struct ucred *cred,
> > int flag); with cred =3D p-> p_ucred
>=20
> why get a struct proc?  the thread has a pointer to the cred it is runnin=
g
> under.
>=20
>=20

I probably didn't make myself clear enough.
When my KLD system call is called I get a reference on the calling
process as "struct proc *p". Now how do I check if the calling process
has root powers ?

Would the following work  ? :
static int ukcoe_register_ud( struct proc *p, struct
ukcoe_register_ud_args* arg ) {
int error;
error =3D suser_cred(p->p_cred, 0);
if(error) return error;

/* do the actual work*/
return 0;
}

Thanks,
-aziz

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?372739270506171123a82a450>