DragonFly kernel List (threaded) for 2009-08
Re: access(2) using effective uid instead of real one?
2009/8/11 Alex <firstname.lastname@example.org>:
> As far as I can see it should be trivial to change it touse the real
> uid in vop_helper_access. Just change the references to cr_uid and
> cr_gid to cr_ruid and cr_rgid.
> If this is how it should be or shouldn't... I don't know.
I reckon that's one possibility.
Alternatively, the credentials passed to VOP_ACCESS() can be changed
as shown in the patch below. Doing it this way simplifies the
incoming implementation of faccessat(2) which can check either the
effective or real uid/gid.
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 0c723e4..12d3b53 100644
@@ -2318,8 +2318,16 @@ int
kern_access(struct nlookupdata *nd, int aflags)
struct vnode *vp;
+ struct ucred *cr;
int error, flags;
+ * Perform check with real uid/gid
+ cr = cratom(&nd->nl_cred);
+ cr->cr_uid = cr->cr_ruid;
+ cr->cr_groups = cr->cr_rgid;
if ((error = nlookup(nd)) != 0)