diff options
| author | Casper H.S. Dik <Casper.Dik@Sun.COM> | 2009-06-05 09:55:17 +0200 |
|---|---|---|
| committer | Casper H.S. Dik <Casper.Dik@Sun.COM> | 2009-06-05 09:55:17 +0200 |
| commit | 982b4ad2dc6b5ed2a2c8c1670e94ecf1fe63fc56 (patch) | |
| tree | 3077df62cad552b23dca4e8f69efc223a857bdf1 /usr/src/uts/common/syscall/uid.c | |
| parent | c7402f0767d7a0360fabd0bd449c6baf9b282074 (diff) | |
| download | illumos-joyent-982b4ad2dc6b5ed2a2c8c1670e94ecf1fe63fc56.tar.gz | |
PSARC 2007/072 PRIV_AWARE_RESET
6452447 Need the ability to limit each and every privilege on login
Diffstat (limited to 'usr/src/uts/common/syscall/uid.c')
| -rw-r--r-- | usr/src/uts/common/syscall/uid.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr/src/uts/common/syscall/uid.c b/usr/src/uts/common/syscall/uid.c index 967ebaf462..e3aa0a2dd2 100644 --- a/usr/src/uts/common/syscall/uid.c +++ b/usr/src/uts/common/syscall/uid.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -27,8 +27,6 @@ * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/param.h> #include <sys/types.h> #include <sys/sysmacros.h> @@ -136,6 +134,9 @@ retry_locked: newcr->cr_suid = uid; newcr->cr_uid = uid; crsetsid(newcr, ksp, KSID_USER); + + priv_reset_PA(newcr, B_TRUE); + ASSERT(uid != oldruid ? uidchge : 1); mutex_exit(&p->p_crlock); } else { @@ -230,6 +231,7 @@ retry: p->p_cred = newcr; newcr->cr_uid = uid; crsetsid(newcr, ksp, KSID_USER); + priv_reset_PA(newcr, B_FALSE); mutex_exit(&p->p_crlock); if (do_nocd) { mutex_enter(&p->p_lock); @@ -364,6 +366,7 @@ retry_locked: cr->cr_suid != newcr->cr_suid)) do_nocd = 1; + priv_reset_PA(newcr, ruid != -1 && euid != -1 && ruid == euid); crfree(cr); } mutex_exit(&p->p_crlock); |