diff options
Diffstat (limited to 'usr/src/uts/common/syscall')
| -rw-r--r-- | usr/src/uts/common/syscall/auditsys.c | 11 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/ppriv.c | 12 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/uid.c | 12 |
3 files changed, 23 insertions, 12 deletions
diff --git a/usr/src/uts/common/syscall/auditsys.c b/usr/src/uts/common/syscall/auditsys.c index 43b7df42b9..2b0f535d57 100644 --- a/usr/src/uts/common/syscall/auditsys.c +++ b/usr/src/uts/common/syscall/auditsys.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <sys/systm.h> @@ -106,7 +105,7 @@ getauid(caddr_t auid_p) { const auditinfo_addr_t *ainfo; - if (secpolicy_audit_getattr(CRED()) != 0) + if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0) return (EPERM); ainfo = crgetauinfo(CRED()); @@ -171,7 +170,7 @@ getaudit(caddr_t info_p) const auditinfo_addr_t *ainfo; model_t model; - if (secpolicy_audit_getattr(CRED()) != 0) + if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0) return (EPERM); model = get_udatamodel(); @@ -220,7 +219,7 @@ getaudit_addr(caddr_t info_p, int len) const auditinfo_addr_t *ainfo; model_t model; - if (secpolicy_audit_getattr(CRED()) != 0) + if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0) return (EPERM); model = get_udatamodel(); @@ -1344,7 +1343,7 @@ auditctl( case A_GETPOLICY: case A_GETQCTRL: case A_GETSTAT: - if (secpolicy_audit_getattr(CRED()) != 0) + if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0) return (EPERM); break; default: diff --git a/usr/src/uts/common/syscall/ppriv.c b/usr/src/uts/common/syscall/ppriv.c index 14858710d9..bf42dc9810 100644 --- a/usr/src/uts/common/syscall/ppriv.c +++ b/usr/src/uts/common/syscall/ppriv.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <sys/param.h> @@ -253,7 +252,7 @@ setpflags(uint_t flag, uint_t val, cred_t *tcr) if (val > 1 || (flag != PRIV_DEBUG && flag != PRIV_AWARE && flag != NET_MAC_AWARE && flag != NET_MAC_AWARE_INHERIT && flag != __PROC_PROTECT && flag != PRIV_XPOLICY && - flag != PRIV_AWARE_RESET)) { + flag != PRIV_AWARE_RESET && flag != PRIV_PFEXEC)) { return (EINVAL); } @@ -360,7 +359,8 @@ getpflags(uint_t flag, const cred_t *cr) { if (flag != PRIV_DEBUG && flag != PRIV_AWARE && flag != NET_MAC_AWARE && flag != NET_MAC_AWARE_INHERIT && - flag != PRIV_XPOLICY && flag != PRIV_AWARE_RESET) + flag != PRIV_XPOLICY && flag != PRIV_PFEXEC && + flag != PRIV_AWARE_RESET) return ((uint_t)-1); return ((CR_FLAGS(cr) & flag) != 0); @@ -402,6 +402,10 @@ privsys(int code, priv_op_t op, priv_ptype_t type, void *buf, size_t bufsize, buf)); case PRIVSYS_KLPD_UNREG: return ((int)klpd_unreg((int)op, (idtype_t)itype, (id_t)type)); + case PRIVSYS_PFEXEC_REG: + return ((int)pfexec_reg((int)op)); + case PRIVSYS_PFEXEC_UNREG: + return ((int)pfexec_unreg((int)op)); } return (set_errno(EINVAL)); } diff --git a/usr/src/uts/common/syscall/uid.c b/usr/src/uts/common/syscall/uid.c index e3aa0a2dd2..2841892ff4 100644 --- a/usr/src/uts/common/syscall/uid.c +++ b/usr/src/uts/common/syscall/uid.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -133,6 +132,11 @@ retry_locked: newcr->cr_ruid = uid; newcr->cr_suid = uid; newcr->cr_uid = uid; + + /* Remove the PRIV_PFEXEC, we changed the real uid. */ + if (uidchge) + CR_FLAGS(newcr) &= ~PRIV_PFEXEC; + crsetsid(newcr, ksp, KSID_USER); priv_reset_PA(newcr, B_TRUE); @@ -345,6 +349,10 @@ retry_locked: crsetsid(newcr, ksp, KSID_USER); } if (ruid != -1) { + /* Remove the PRIV_PFEXEC, we changed the real uid. */ + if (uidchge) + CR_FLAGS(newcr) &= ~PRIV_PFEXEC; + oldruid = newcr->cr_ruid; newcr->cr_ruid = ruid; ASSERT(ruid != oldruid ? uidchge : 1); |