userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs (8e96e3b7) · Commits · EulixOS / Software / Kernel

fs/attr.c

+4 −4

Original line number	Diff line number	Diff line
		@@ -47,14 +47,14 @@ int inode_change_ok(const struct inode inode, struct iattr attr)

		/* Make sure a caller can chown. */
		if ((ia_valid & ATTR_UID) &&
		(current_fsuid() != inode->i_uid \|\|
		attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN))
		(!uid_eq(current_fsuid(), inode->i_uid) \|\|
		!uid_eq(attr->ia_uid, inode->i_uid)) && !capable(CAP_CHOWN))
		return -EPERM;

		/* Make sure caller can chgrp. */
		if ((ia_valid & ATTR_GID) &&
		(current_fsuid() != inode->i_uid \|\|
		(!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
		(!uid_eq(current_fsuid(), inode->i_uid) \|\|
		(!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) &&
		!capable(CAP_CHOWN))
		return -EPERM;

+5 −5

Original line number	Diff line number	Diff line
		@@ -1139,7 +1139,7 @@ void setup_new_exec(struct linux_binprm * bprm)
		/* This is the point of no return */
		current->sas_ss_sp = current->sas_ss_size = 0;

		if (current_euid() == current_uid() && current_egid() == current_gid())
		if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid()))
		set_dumpable(current->mm, 1);
		else
		set_dumpable(current->mm, suid_dumpable);
		@@ -1153,8 +1153,8 @@ void setup_new_exec(struct linux_binprm * bprm)
		current->mm->task_size = TASK_SIZE;

		/* install the new credentials */
		if (bprm->cred->uid != current_euid() \|\|
		bprm->cred->gid != current_egid()) {
		if (!uid_eq(bprm->cred->uid, current_euid()) \|\|
		!gid_eq(bprm->cred->gid, current_egid())) {
		current->pdeath_signal = 0;
		} else {
		would_dump(bprm, bprm->file);
		@@ -2120,7 +2120,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
		if (__get_dumpable(cprm.mm_flags) == 2) {
		/* Setuid core dump mode */
		flag = O_EXCL; /* Stop rewrite attacks */
		cred->fsuid = 0; /* Dump root private */
		cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */
		}

		retval = coredump_wait(exit_code, &core_state);
		@@ -2221,7 +2221,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
		* Dont allow local users get cute and trick others to coredump
		* into their pre-created files.
		*/
		if (inode->i_uid != current_fsuid())
		if (!uid_eq(inode->i_uid, current_fsuid()))
		goto close_fail;
		if (!cprm.file->f_op \|\| !cprm.file->f_op->write)
		goto close_fail;

+3 −3

Original line number	Diff line number	Diff line
		@@ -532,9 +532,9 @@ static inline int sigio_perm(struct task_struct *p,

		rcu_read_lock();
		cred = __task_cred(p);
		ret = ((fown->euid == 0 \|\|
		fown->euid == cred->suid \|\| fown->euid == cred->uid \|\|
		fown->uid == cred->suid \|\| fown->uid == cred->uid) &&
		ret = ((uid_eq(fown->euid, GLOBAL_ROOT_UID) \|\|
		uid_eq(fown->euid, cred->suid) \|\| uid_eq(fown->euid, cred->uid) \|\|
		uid_eq(fown->uid, cred->suid) \|\| uid_eq(fown->uid, cred->uid)) &&
		!security_file_send_sigiotask(p, fown, sig));
		rcu_read_unlock();
		return ret;

+2 −2

Original line number	Diff line number	Diff line
		@@ -37,8 +37,8 @@ int set_task_ioprio(struct task_struct *task, int ioprio)

		rcu_read_lock();
		tcred = __task_cred(task);
		if (tcred->uid != cred->euid &&
		tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) {
		if (!uid_eq(tcred->uid, cred->euid) &&
		!uid_eq(tcred->uid, cred->uid) && !capable(CAP_SYS_NICE)) {
		rcu_read_unlock();
		return -EPERM;
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -1445,7 +1445,7 @@ int generic_setlease(struct file filp, long arg, struct file_lock *flp)
		struct inode *inode = dentry->d_inode;
		int error;

		if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE))
		if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
		return -EACCES;
		if (!S_ISREG(inode->i_mode))
		return -EINVAL;