Date: Fri, 17 Jun 2005 14:23:05 -0400 From: Aziz Kezzou <french.linuxian@gmail.com> To: Julian Elischer <julian@elischer.org> Cc: freebsd-hackers <freebsd-hackers@freebsd.org> Subject: Re: How to check root powers on a struct proc ? Message-ID: <372739270506171123a82a450@mail.gmail.com> In-Reply-To: <42B305DB.50000@elischer.org> References: <3727392705061709318b9346f@mail.gmail.com> <42B305DB.50000@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Aziz Kezzou wrote: > > Hi all, > > I am trying to check that a process (struct proc) has root powers when > > it calls my KLD system call. > > I know from kern_jail.c that I can use suser() but this function takes > > a struct thread* instead of struct proc* although the credentials > > (struct ucred *p_ucred;) are stored in proc ! >=20 > no.. the thread has a credential that it inherrits from the proc. > when a thread changes the credential of the process as a whole, the > other threads in the kernel don't notice until they return from their > syscalls.. in the mean time they continue to use the reference they > hold to the old credential. This is so that a credential doesn;t change h= alf way > through a syscall. the active credential at entry will be the active cre= dential > for that thread until it completes its time in the kernel. >=20 > > > > Is there an esay way to get a struct thread* from a struct proc* ? or > > should I simply use the function: int suser_cred(struct ucred *cred, > > int flag); with cred =3D p-> p_ucred >=20 > why get a struct proc? the thread has a pointer to the cred it is runnin= g > under. >=20 >=20 I probably didn't make myself clear enough. When my KLD system call is called I get a reference on the calling process as "struct proc *p". Now how do I check if the calling process has root powers ? Would the following work ? : static int ukcoe_register_ud( struct proc *p, struct ukcoe_register_ud_args* arg ) { int error; error =3D suser_cred(p->p_cred, 0); if(error) return error; /* do the actual work*/ return 0; } Thanks, -aziz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?372739270506171123a82a450>