Bug #1191 ยป suser_to_priv.patch
sys/kern/vfs_syscalls.c | ||
---|---|---|
struct ucred *cred = p->p_ucred;
|
||
KKASSERT(p);
|
||
if (cred->cr_prison != NULL)
|
||
if (jailed(cred))
|
||
return (EPERM);
|
||
if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
|
||
return (error);
|
sys/kern/vfs_vnops.c | ||
---|---|---|
}
|
||
|
||
sb->st_flags = vap->va_flags;
|
||
if (priv_check_cred(cred, PRIV_ROOT, 0))
|
||
error = priv_check_cred(cred, PRIV_VFS_GENERATION, 0);
|
||
if (error)
|
||
sb->st_gen = 0;
|
||
else
|
||
sb->st_gen = (u_int32_t)vap->va_gen;
|
sys/vfs/procfs/procfs_ctl.c | ||
---|---|---|
#include <sys/param.h>
|
||
#include <sys/systm.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/vnode.h>
|
||
#include <sys/ptrace.h>
|
||
#include <sys/signalvar.h>
|
sys/vfs/procfs/procfs_dbregs.c | ||
---|---|---|
#include <sys/param.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/vnode.h>
|
||
#include <sys/reg.h>
|
||
#include <vfs/procfs/procfs.h>
|
sys/vfs/procfs/procfs_fpregs.c | ||
---|---|---|
#include <sys/param.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/vnode.h>
|
||
#include <sys/reg.h>
|
||
#include <vfs/procfs/procfs.h>
|
sys/vfs/procfs/procfs_mem.c | ||
---|---|---|
#include <sys/param.h>
|
||
#include <sys/systm.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/vnode.h>
|
||
#include <vfs/procfs/procfs.h>
|
||
#include <vm/vm.h>
|
sys/vfs/procfs/procfs_regs.c | ||
---|---|---|
#include <sys/param.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/vnode.h>
|
||
#include <sys/reg.h>
|
||
#include <vfs/procfs/procfs.h>
|
sys/vfs/procfs/procfs_status.c | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/malloc.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/jail.h>
|
||
#include <sys/vnode.h>
|
||
#include <sys/tty.h>
|
sys/kern/kern_prot.c | ||
---|---|---|
#include <sys/kernel.h>
|
||
#include <sys/lock.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/malloc.h>
|
||
#include <sys/pioctl.h>
|
||
#include <sys/resourcevar.h>
|
sys/kern/kern_prot.c | ||
---|---|---|
/*
|
||
* Test whether the specified credentials imply "super-user"
|
||
* privilege; if so, and we have accounting info, set the flag
|
||
* indicating use of super-powers. A kernel thread without a process
|
||
* context is assumed to have super user capabilities. In situations
|
||
* where the caller always expect a cred to exist, the cred should be
|
||
* passed separately and suser_cred()should be used instead of suser().
|
||
* privilege.
|
||
*
|
||
* Depreciated! Use priv_check() instead.
|
||
*/
|
||
int
|
||
suser(struct thread *td)
|
||
{
|
||
return priv_check(td, PRIV_ROOT);
|
||
}
|
||
/*
|
||
* Depreciated! Use priv_check_cred() instead.
|
||
*/
|
||
int
|
||
suser_cred(struct ucred *cred, int flag)
|
||
{
|
||
return priv_check_cred(cred, PRIV_ROOT, flag);
|
||
}
|
||
/*
|
||
* Test whether the specified credentials have the privilege
|
||
* in question.
|
||
*
|
||
* A kernel thread without a process context is assumed to have
|
||
* the privilege in question. In situations where the caller always
|
||
* expect a cred to exist, the cred should be passed separately and
|
||
* priv_check_cred() should be used instead of priv_check().
|
||
*
|
||
* Returns 0 or error.
|
||
*/
|
||
int
|
||
suser(struct thread *td)
|
||
priv_check(struct thread *td, int priv)
|
||
{
|
||
struct proc *p = td->td_proc;
|
||
if (p != NULL) {
|
||
return suser_cred(p->p_ucred, 0);
|
||
return priv_check_cred(p->p_ucred, priv, 0);
|
||
} else {
|
||
return (0);
|
||
}
|
||
}
|
||
/*
|
||
* Check a credential for privilege.
|
||
*
|
||
* A non-null credential is expected unless NULL_CRED_OKAY is set.
|
||
*/
|
||
int
|
||
suser_cred(struct ucred *cred, int flag)
|
||
priv_check_cred(struct ucred *cred, int priv, int flags)
|
||
{
|
||
KASSERT(cred != NULL || flag & NULL_CRED_OKAY,
|
||
("suser_cred: NULL cred!"));
|
||
KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege"));
|
||
KASSERT(cred != NULL || flags & NULL_CRED_OKAY,
|
||
("priv_check_cred: NULL cred!"));
|
||
if (cred == NULL) {
|
||
if (flag & NULL_CRED_OKAY)
|
||
if (flags & NULL_CRED_OKAY)
|
||
return (0);
|
||
else
|
||
return (EPERM);
|
||
}
|
||
if (cred->cr_uid != 0)
|
||
return (EPERM);
|
||
if (cred->cr_prison && !(flag & PRISON_ROOT))
|
||
if (cred->cr_prison && !(flags & PRISON_ROOT))
|
||
return (EPERM);
|
||
/* NOTE: accounting for suser access (p_acflag/ASU) removed */
|
||
return (0);
|
||
}
|
||
/*
|
||
* Check for privilege.
|
||
*
|
||
* YYY: For now this is just a wrapper calling suser().
|
||
*/
|
||
int
|
||
priv_check(struct thread *td, int priv)
|
||
{
|
||
return suser(td);
|
||
}
|
||
/*
|
||
* Check a credential for privilege.
|
||
*
|
||
* YYY: For now this is just a wrapper calling suser_cred().
|
||
*/
|
||
int
|
||
priv_check_cred(struct ucred *cred, int priv, int flags)
|
||
{
|
||
return suser_cred(cred, flags);
|
||
}
|
||
/*
|
||
* Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise.
|
||
*/
|
||
int
|
sys/dev/disk/ata/atapi-cd.c | ||
---|---|---|
#include <sys/kernel.h>
|
||
#include <sys/malloc.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/buf.h>
|
||
#include <sys/bus.h>
|
||
#include <sys/disk.h>
|
||
... | ... | |
case CDIOCRESET:
|
||
; /* note: if no proc EPERM will be returned */
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error)
|
||
break;
|
||
error = atapi_test_ready(cdp->device);
|
sys/dev/disk/fd/fd.c | ||
---|---|---|
#include <sys/malloc.h>
|
||
#include <sys/module.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/syslog.h>
|
||
#include <sys/device.h>
|
||
#include <sys/bus.h>
|
||
... | ... | |
case FD_STYPE: /* set drive type */
|
||
/* this is considered harmful; only allow for superuser */
|
||
if (suser_cred(ap->a_cred, 0) != 0)
|
||
if (priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0)
|
||
return EPERM;
|
||
fd->ft = *(struct fd_type *)ap->a_data;
|
||
break;
|
sys/dev/disk/nata/atapi-cd.c | ||
---|---|---|
#include <sys/module.h>
|
||
#include <sys/nata.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/systm.h>
|
||
#include "ata-all.h"
|
||
... | ... | |
break;
|
||
case CDIOCRESET:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error)
|
||
break;
|
||
error = acd_test_ready(dev);
|
sys/dev/disk/vn/vn.c | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/kernel.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/nlookup.h>
|
||
#include <sys/buf.h>
|
||
#include <sys/malloc.h>
|
||
... | ... | |
vn_specific:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error)
|
||
return (error);
|
||
sys/dev/drm/drmP.h | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/stat.h>
|
||
#if __FreeBSD_version >= 700000
|
||
#include <sys/priv.h>
|
||
#endif
|
||
#include <sys/proc.h>
|
||
#include <sys/lock.h>
|
||
#include <sys/fcntl.h>
|
||
... | ... | |
#if defined(__FreeBSD__) || defined(__DragonFly__)
|
||
#define PAGE_ALIGN(addr) round_page(addr)
|
||
/* DRM_SUSER returns true if the user is superuser */
|
||
#if __FreeBSD_version >= 700000
|
||
#define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0)
|
||
#else
|
||
#define DRM_SUSER(p) (suser(p) == 0)
|
||
#endif
|
||
#define DRM_AGP_FIND_DEVICE() agp_find_device()
|
||
#define DRM_MTRR_WC MDF_WRITECOMBINE
|
||
#define jiffies ticks
|
sys/dev/misc/dcons/dcons_os.c | ||
---|---|---|
#include <sys/tty.h>
|
||
#include <sys/malloc.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/thread2.h>
|
||
#include <sys/ucred.h>
|
||
#include <sys/bus.h>
|
||
... | ... | |
tp->t_lflag = TTYDEF_LFLAG;
|
||
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
|
||
ttsetwater(tp);
|
||
} else if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
|
||
} else if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
crit_exit();
|
||
return (EBUSY);
|
||
}
|
sys/dev/misc/nmdm/nmdm.c | ||
---|---|---|
#include <sys/ioctl_compat.h>
|
||
#endif
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/thread2.h>
|
||
#include <sys/tty.h>
|
||
#include <sys/conf.h>
|
||
... | ... | |
tp->t_lflag = TTYDEF_LFLAG;
|
||
tp->t_cflag = TTYDEF_CFLAG;
|
||
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
|
||
} else if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
|
||
} else if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
return (EBUSY);
|
||
} else if (pti->pt_prison != ap->a_cred->cr_prison) {
|
||
return (EBUSY);
|
sys/dev/misc/spigot/spigot.c | ||
---|---|---|
#include <sys/conf.h>
|
||
#include <sys/device.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/signalvar.h>
|
||
#include <sys/mman.h>
|
||
... | ... | |
* require sufficient privilege soon and nothing much can be done
|
||
* without them.
|
||
*/
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0)
|
||
return error;
|
||
if (securelevel > 0)
|
||
... | ... | |
break;
|
||
case SPIGOT_IOPL_ON: /* allow access to the IO PAGE */
|
||
#if !defined(SPIGOT_UNSECURE)
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0)
|
||
return error;
|
||
if (securelevel > 0)
|
sys/dev/misc/syscons/syscons.c | ||
---|---|---|
#include <sys/reboot.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/signalvar.h>
|
||
#include <sys/sysctl.h>
|
||
#include <sys/tty.h>
|
||
... | ... | |
(*linesw[tp->t_line].l_modem)(tp, 1);
|
||
}
|
||
else
|
||
if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0))
|
||
if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0))
|
||
return(EBUSY);
|
||
error = (*linesw[tp->t_line].l_open)(dev, tp);
|
||
... | ... | |
return 0;
|
||
case KDENABIO: /* allow io operations */
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0)
|
||
return error;
|
||
if (securelevel > 0)
|
sys/dev/misc/syscons/sysmouse.c | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/tty.h>
|
||
#include <sys/kernel.h>
|
||
#include <sys/thread2.h>
|
||
... | ... | |
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
|
||
smparam(tp, &tp->t_termios);
|
||
(*linesw[tp->t_line].l_modem)(tp, 1);
|
||
} else if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
|
||
} else if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
return EBUSY;
|
||
}
|
||
sys/dev/netif/an/if_an.c | ||
---|---|---|
#include <sys/mbuf.h>
|
||
#include <sys/kernel.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/ucred.h>
|
||
#include <sys/socket.h>
|
||
#ifdef ANCACHE
|
||
... | ... | |
break;
|
||
#ifdef ANCACHE
|
||
if (sc->areq.an_type == AN_RID_ZERO_CACHE) {
|
||
error = suser_cred(cr, NULL_CRED_OKAY);
|
||
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
|
||
if (error)
|
||
break;
|
||
sc->an_sigitems = sc->an_nextitem = 0;
|
||
... | ... | |
error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq));
|
||
break;
|
||
case SIOCSAIRONET:
|
||
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
|
||
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
|
||
break;
|
||
error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq));
|
||
if (error != 0)
|
||
... | ... | |
an_setdef(sc, &sc->areq);
|
||
break;
|
||
case SIOCGPRIVATE_0: /* used by Cisco client utility */
|
||
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
|
||
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
|
||
break;
|
||
copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
|
||
mode = l_ioctl.command;
|
||
... | ... | |
break;
|
||
case SIOCGPRIVATE_1: /* used by Cisco client utility */
|
||
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
|
||
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
|
||
break;
|
||
copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
|
||
l_ioctl.command = 0;
|
||
... | ... | |
}
|
||
break;
|
||
case SIOCS80211:
|
||
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
|
||
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
|
||
break;
|
||
sc->areq.an_len = sizeof(sc->areq);
|
||
/*
|
sys/dev/netif/ath/hal/ah_osdep.c | ||
---|---|---|
#include <sys/bus.h>
|
||
#include <sys/malloc.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <machine/stdarg.h>
|
||
... | ... | |
int error;
|
||
if (enable) {
|
||
error = suser(curthread);
|
||
error = priv_check(curthread, PRIV_ROOT);
|
||
if (error == 0) {
|
||
error = alq_open(&ath_hal_alq, ath_hal_logfile,
|
||
curthread->td_ucred, ALQ_DEFAULT_CMODE,
|
sys/dev/netif/cx/cx.c | ||
---|---|---|
#include <sys/fcntl.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/tty.h>
|
||
#include <sys/socket.h>
|
||
#include <sys/thread2.h>
|
||
... | ... | |
tp = c->ttyp;
|
||
tp->t_dev = dev;
|
||
if ((tp->t_state & TS_ISOPEN) && (tp->t_state & TS_XCLUDE) &&
|
||
suser_cred(ap->a_cred, 0))
|
||
priv_check_cred(ap->a_cred, PRIV_ROOT, 0))
|
||
return (EBUSY);
|
||
if (! (tp->t_state & TS_ISOPEN)) {
|
||
ttychars (tp);
|
sys/dev/netif/iwi/if_iwi.c | ||
---|---|---|
#include <sys/module.h>
|
||
#include <sys/endian.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/ucred.h>
|
||
#include <sys/bus.h>
|
||
#include <sys/rman.h>
|
||
... | ... | |
case SIOCSLOADFW:
|
||
/* only super-user can do that! */
|
||
error = suser_cred(cr, NULL_CRED_OKAY);
|
||
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
|
||
if (error != 0)
|
||
break;
|
||
... | ... | |
case SIOCSKILLFW:
|
||
/* only super-user can do that! */
|
||
error = suser_cred(cr, NULL_CRED_OKAY);
|
||
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
|
||
if (error != 0)
|
||
break;
|
||
sys/dev/netif/ndis/if_ndis.c | ||
---|---|---|
#include <sys/socket.h>
|
||
#include <sys/queue.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/sysctl.h>
|
||
#include <sys/bus.h>
|
||
#include <sys/rman.h>
|
||
... | ... | |
uint32_t foo;
|
||
int error, len;
|
||
error = suser(curthread);
|
||
error = priv_check(curthread, PRIV_ROOT);
|
||
if (error)
|
||
return (error);
|
||
sys/dev/netif/sbni/if_sbni.c | ||
---|---|---|
#include <sys/mbuf.h>
|
||
#include <sys/kernel.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/callout.h>
|
||
#include <sys/syslog.h>
|
||
#include <sys/random.h>
|
||
... | ... | |
case SIOCSHWFLAGS: /* set flags */
|
||
/* root only */
|
||
error = suser_cred(cr, NULL_CRED_OKAY);
|
||
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
|
||
/* NOTE: returns EPERM if no proc */
|
||
if (error)
|
||
break;
|
||
... | ... | |
break;
|
||
case SIOCRINSTATS:
|
||
if (!(error = suser_cred(cr, NULL_CRED_OKAY))) /* root only */
|
||
if (!(error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY))) /* root only */
|
||
bzero(&sc->in_stats, sizeof(struct sbni_in_stats));
|
||
break;
|
||
sys/dev/netif/sbsh/if_sbsh.c | ||
---|---|---|
#include <sys/malloc.h>
|
||
#include <sys/kernel.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/socket.h>
|
||
#include <sys/random.h>
|
||
#include <sys/serialize.h>
|
||
... | ... | |
switch(cmd) {
|
||
case SIOCLOADFIRMW:
|
||
if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
|
||
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
|
||
break;
|
||
if (ifp->if_flags & IFF_UP)
|
||
error = EBUSY;
|
||
... | ... | |
break;
|
||
case SIOCGETSTATS :
|
||
if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
|
||
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
|
||
break;
|
||
t = 0;
|
||
... | ... | |
break;
|
||
case SIOCCLRSTATS :
|
||
if (!(error = suser_cred(cr, NULL_CRED_OKAY))) {
|
||
if (!(error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY))) {
|
||
bzero(&sc->in_stats, sizeof(struct sbni16_stats));
|
||
t = 2;
|
||
if (issue_cx28975_cmd(sc, _DSL_CLEAR_ERROR_CTRS, &t, 1))
|
sys/dev/netif/wi/if_wi.c | ||
---|---|---|
#include <sys/sockio.h>
|
||
#include <sys/mbuf.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/kernel.h>
|
||
#include <sys/socket.h>
|
||
#include <sys/module.h>
|
||
... | ... | |
error = wi_get_cfg(ifp, cmd, data, cr);
|
||
break;
|
||
case SIOCSIFGENERIC:
|
||
error = suser_cred(cr, NULL_CRED_OKAY);
|
||
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
|
||
if (error)
|
||
break;
|
||
error = wi_set_cfg(ifp, cmd, data);
|
||
... | ... | |
error = copyout(&wreq, ifr->ifr_data, sizeof(wreq));
|
||
break;
|
||
case SIOCSPRISM2DEBUG:
|
||
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
|
||
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
|
||
goto out;
|
||
error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
|
||
if (error)
|
||
... | ... | |
}
|
||
break;
|
||
case SIOCS80211:
|
||
error = suser_cred(cr, NULL_CRED_OKAY);
|
||
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
|
||
if (error)
|
||
break;
|
||
ireq = (struct ieee80211req *) data;
|
sys/dev/netif/wl/if_wl.c | ||
---|---|---|
#include <sys/socket.h>
|
||
#include <sys/syslog.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/serialize.h>
|
||
#include <sys/sysctl.h>
|
||
#include <sys/bus.h>
|
||
... | ... | |
/* pointer to buffer in user space */
|
||
up = (void *)ifr->ifr_data;
|
||
/* work out if they're root */
|
||
isroot = (suser(td) == 0);
|
||
isroot = (priv_check(td, PRIV_ROOT) == 0);
|
||
|
||
for (i = 0; i < 0x40; i++) {
|
||
/* don't hand the DES key out to non-root users */
|
||
... | ... | |
/* copy the PSA in from the caller; we only copy _some_ values */
|
||
case SIOCSWLPSA:
|
||
/* root only */
|
||
if ((error = suser(td)))
|
||
if ((error = priv_check(td, PRIV_ROOT)))
|
||
break;
|
||
error = EINVAL; /* assume the worst */
|
||
/* pointer to buffer in user space containing data */
|
||
... | ... | |
*/
|
||
case SIOCSWLCNWID:
|
||
/* root only */
|
||
if ((error = suser(td)))
|
||
if ((error = priv_check(td, PRIV_ROOT)))
|
||
break;
|
||
if (!(ifp->if_flags & IFF_UP)) {
|
||
error = EIO; /* only allowed while up */
|
||
... | ... | |
/* copy the EEPROM in 2.4 Gz WaveMODEM out to the caller */
|
||
case SIOCGWLEEPROM:
|
||
/* root only */
|
||
if ((error = suser(td)))
|
||
if ((error = priv_check(td; PRIV_ROOT)))
|
||
break;
|
||
/* pointer to buffer in user space */
|
||
up = (void *)ifr->ifr_data;
|
||
... | ... | |
/* zero (Delete) the wl cache */
|
||
case SIOCDWLCACHE:
|
||
/* root only */
|
||
if ((error = suser(td)))
|
||
if ((error = priv_check(td, PRIV_ROOT)))
|
||
break;
|
||
wl_cache_zero(sc);
|
||
break;
|
sys/dev/raid/asr/asr.c | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/malloc.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/bus.h>
|
||
#include <sys/rman.h>
|
||
... | ... | |
crit_enter();
|
||
if (ASR_ctlr_held) {
|
||
error = EBUSY;
|
||
} else if ((error = suser_cred(ap->a_cred, 0)) == 0) {
|
||
} else if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0) {
|
||
++ASR_ctlr_held;
|
||
}
|
||
crit_exit();
|
sys/dev/raid/vinum/vinum.c | ||
---|---|---|
}
|
||
case VINUM_SUPERDEV_TYPE:
|
||
error = suser_cred(ap->a_cred, 0); /* are we root? */
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0); /* are we root? */
|
||
if (error == 0) { /* yes, can do */
|
||
if (devminor == VINUM_DAEMON_DEV) /* daemon device */
|
||
vinum_conf.flags |= VF_DAEMONOPEN; /* we're open */
|
sys/dev/raid/vinum/vinumhdr.h | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/kernel.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/mount.h>
|
||
#include <sys/vnode.h>
|
sys/dev/serial/cy/cy.c | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/tty.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/dkstat.h>
|
||
#include <sys/fcntl.h>
|
||
... | ... | |
}
|
||
}
|
||
if (tp->t_state & TS_XCLUDE &&
|
||
suser_cred(ap->a_cred, 0)) {
|
||
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
error = EBUSY;
|
||
goto out;
|
||
}
|
||
... | ... | |
}
|
||
switch (cmd) {
|
||
case TIOCSETA:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0)
|
||
return (error);
|
||
*ct = *(struct termios *)data;
|
||
... | ... | |
break;
|
||
case TIOCMSDTRWAIT:
|
||
/* must be root since the wait applies to following logins */
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0) {
|
||
crit_exit();
|
||
return (error);
|
sys/dev/serial/dgb/dgm.c | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/dkstat.h>
|
||
#include <sys/fcntl.h>
|
||
... | ... | |
crit_exit();
|
||
goto open_top;
|
||
}
|
||
if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
|
||
if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
error = EBUSY;
|
||
goto out;
|
||
}
|
||
... | ... | |
}
|
||
switch (cmd) {
|
||
case TIOCSETA:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0)
|
||
return (error);
|
||
*ct = *(struct termios *)data;
|
||
... | ... | |
break;
|
||
case TIOCMSDTRWAIT:
|
||
/* must be root since the wait applies to following logins */
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0) {
|
||
crit_exit();
|
||
return (error);
|
sys/dev/serial/digi/digi.c | ||
---|---|---|
#include <sys/param.h>
|
||
#include <sys/systm.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/linker.h>
|
||
#include <sys/kernel.h>
|
||
... | ... | |
}
|
||
goto open_top;
|
||
}
|
||
if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0) != 0) {
|
||
if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0) {
|
||
error = EBUSY;
|
||
goto out;
|
||
}
|
||
... | ... | |
switch (cmd) {
|
||
case TIOCSETA:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0)
|
||
return (error);
|
||
*ct = *(struct termios *)data;
|
||
... | ... | |
*(int *)data = digimctl(port, 0, DMGET);
|
||
break;
|
||
case TIOCMSDTRWAIT:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0) {
|
||
crit_exit();
|
||
return (error);
|
sys/dev/serial/rc/rc.c | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/tty.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/dkstat.h>
|
||
#include <sys/fcntl.h>
|
||
... | ... | |
}
|
||
}
|
||
if (tp->t_state & TS_XCLUDE &&
|
||
suser_cred(ap->a_cred, 0)) {
|
||
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
error = EBUSY;
|
||
goto out;
|
||
}
|
||
... | ... | |
break;
|
||
case TIOCMSDTRWAIT:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0) {
|
||
crit_exit();
|
||
return (error);
|
sys/dev/serial/rp/rp.c | ||
---|---|---|
#include <sys/malloc.h>
|
||
#include <sys/tty.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/dkstat.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/kernel.h>
|
||
... | ... | |
goto open_top;
|
||
}
|
||
}
|
||
if(tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0) != 0) {
|
||
if(tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0) {
|
||
crit_exit();
|
||
error = EBUSY;
|
||
goto out2;
|
||
... | ... | |
}
|
||
switch (cmd) {
|
||
case TIOCSETA:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if(error != 0)
|
||
return(error);
|
||
*ct = *(struct termios *)data;
|
||
... | ... | |
*(int *)data = result;
|
||
break;
|
||
case TIOCMSDTRWAIT:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if(error != 0) {
|
||
crit_exit();
|
||
return(error);
|
sys/dev/serial/si/si.c | ||
---|---|---|
#endif
|
||
#include <sys/tty.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/fcntl.h>
|
||
#include <sys/dkstat.h>
|
||
... | ... | |
/* quickly let in /dev/si_control */
|
||
if (IS_CONTROLDEV(mynor)) {
|
||
if ((error = suser_cred(ap->a_cred, 0)))
|
||
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
|
||
return(error);
|
||
return(0);
|
||
}
|
||
... | ... | |
}
|
||
}
|
||
if (tp->t_state & TS_XCLUDE &&
|
||
suser_cred(ap->a_cred, 0)) {
|
||
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
DPRINT((pp, DBG_OPEN|DBG_FAIL,
|
||
"already open and EXCLUSIVE set\n"));
|
||
error = EBUSY;
|
||
... | ... | |
}
|
||
switch (cmd) {
|
||
case TIOCSETA:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0)
|
||
return (error);
|
||
*ct = *(struct termios *)data;
|
||
... | ... | |
break;
|
||
case TIOCMSDTRWAIT:
|
||
/* must be root since the wait applies to following logins */
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error == 0)
|
||
pp->sp_dtr_wait = *(int *)data * hz / 100;
|
||
break;
|
||
... | ... | |
ip = (int *)data;
|
||
#define SUCHECK if ((error = suser_cred(cred, 0))) goto out
|
||
#define SUCHECK if ((error = priv_check_cred(cred, PRIV_ROOT, 0))) goto out
|
||
switch (cmd) {
|
||
case TCSIPORTS:
|
sys/dev/serial/sio/sio.c | ||
---|---|---|
#include <sys/malloc.h>
|
||
#include <sys/tty.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/module.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/dkstat.h>
|
||
... | ... | |
goto open_top;
|
||
}
|
||
}
|
||
if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
|
||
if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
error = EBUSY;
|
||
goto out;
|
||
}
|
||
... | ... | |
}
|
||
switch (ap->a_cmd) {
|
||
case TIOCSETA:
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0)
|
||
return (error);
|
||
*ct = *(struct termios *)data;
|
||
... | ... | |
break;
|
||
case TIOCMSDTRWAIT:
|
||
/* must be root since the wait applies to following logins */
|
||
error = suser_cred(ap->a_cred, 0);
|
||
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
|
||
if (error != 0) {
|
||
crit_exit();
|
||
return (error);
|
sys/dev/serial/stl/stallion.c | ||
---|---|---|
#include <sys/malloc.h>
|
||
#include <sys/tty.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/fcntl.h>
|
||
#include <sys/thread2.h>
|
||
... | ... | |
goto stlopen_restart;
|
||
}
|
||
}
|
||
if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
|
||
if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
error = EBUSY;
|
||
goto stlopen_end;
|
||
}
|
||
... | ... | |
switch (cmd) {
|
||
case TIOCSETA:
|
||
if ((error = suser_cred(ap->a_cred, 0)) == 0)
|
||
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
|
||
*localtios = *((struct termios *) data);
|
||
break;
|
||
case TIOCGETA:
|
||
... | ... | |
*((int *) data) = (stl_getsignals(portp) | TIOCM_LE);
|
||
break;
|
||
case TIOCMSDTRWAIT:
|
||
if ((error = suser_cred(ap->a_cred, 0)) == 0)
|
||
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
|
||
portp->dtrwait = *((int *) data) * hz / 100;
|
||
break;
|
||
case TIOCMGDTRWAIT:
|
sys/dev/serial/stli/istallion.c | ||
---|---|---|
#include <sys/malloc.h>
|
||
#include <sys/tty.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/conf.h>
|
||
#include <sys/fcntl.h>
|
||
#include <sys/uio.h>
|
||
... | ... | |
}
|
||
}
|
||
if ((tp->t_state & TS_XCLUDE) &&
|
||
suser_cred(ap->a_cred, 0)) {
|
||
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
|
||
error = EBUSY;
|
||
goto stliopen_end;
|
||
}
|
||
... | ... | |
switch (cmd) {
|
||
case TIOCSETA:
|
||
if ((error = suser_cred(ap->a_cred, 0)) == 0)
|
||
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
|
||
*localtios = *((struct termios *) data);
|
||
break;
|
||
case TIOCGETA:
|
||
... | ... | |
*((int *) data) = (portp->sigs | TIOCM_LE);
|
||
break;
|
||
case TIOCMSDTRWAIT:
|
||
if ((error = suser_cred(ap->a_cred, 0)) == 0)
|
||
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
|
||
portp->dtrwait = *((int *) data) * hz / 100;
|
||
break;
|
||
case TIOCMGDTRWAIT:
|
sys/dev/usbmisc/ucom/ucom.c | ||
---|---|---|
#include <sys/file.h>
|
||
#include <sys/select.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/poll.h>
|
||
#include <sys/sysctl.h>
|
||
#include <sys/thread2.h>
|
||
... | ... | |
if (ISSET(tp->t_state, TS_ISOPEN) &&
|
||
ISSET(tp->t_state, TS_XCLUDE) &&
|
||
suser_cred(ap->a_cred, 0)
|
||
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)
|
||
) {
|
||
return (EBUSY);
|
||
}
|
sys/emulation/43bsd/43bsd_hostinfo.c | ||
---|---|---|
#include <sys/sysproto.h>
|
||
#include <sys/kernel.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/socket.h>
|
||
#include <sys/sysctl.h>
|
||
#include <vm/vm_param.h>
|
||
... | ... | |
KKASSERT(p);
|
||
name[0] = CTL_KERN;
|
||
name[1] = KERN_HOSTNAME;
|
||
error = suser_cred(p->p_ucred, PRISON_ROOT);
|
||
error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT);
|
||
if (error)
|
||
return (error);
|
||
len = MIN(uap->len, MAXHOSTNAMELEN);
|
||
... | ... | |
struct thread *td = curthread;
|
||
int error;
|
||
error = suser(td);
|
||
error = priv_check(td, PRIV_ROOT);
|
||
if (error)
|
||
return (error);
|
||
hostid = uap->hostid;
|
sys/emulation/dragonfly12/dfbsd12_stat.c | ||
---|---|---|
#include <sys/mount.h>
|
||
#include <sys/nlookup.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/stat.h>
|
||
#include <sys/sysproto.h>
|
||
#include <sys/systm.h>
|
||
... | ... | |
/*
|
||
* Must be super user
|
||
*/
|
||
error = suser(td);
|
||
error = priv_check(td, PRIV_ROOT);
|
||
if (error)
|
||
return (error);
|
||
|
sys/emulation/linux/i386/linprocfs/linprocfs_vnops.c | ||
---|---|---|
#include <sys/lock.h>
|
||
#include <sys/fcntl.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/signalvar.h>
|
||
#include <sys/vnode.h>
|
||
#include <sys/mount.h>
|
||
... | ... | |
*/
|
||
#define NFLAGS (PF_ISUGID)
|
||
flags = (unsigned char)*(unsigned int*)ap->a_data;
|
||
if (flags & NFLAGS && (error = suser_cred(ap->a_cred, 0)))
|
||
if (flags & NFLAGS && (error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
|
||
return error;
|
||
procp->p_pfsflags = flags;
|
||
break;
|
sys/emulation/linux/i386/linux_machdep.c | ||
---|---|---|
#include <sys/mman.h>
|
||
#include <sys/nlookup.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/resource.h>
|
||
#include <sys/resourcevar.h>
|
||
#include <sys/sysproto.h>
|
||
... | ... | |
if (args->level < 0 || args->level > 3)
|
||
return (EINVAL);
|
||
if ((error = suser(td)) != 0)
|
||
if ((error = priv_check(td, PRIV_ROOT)) != 0)
|
||
return (error);
|
||
if (securelevel > 0)
|
||
return (EPERM);
|
sys/emulation/linux/linux_misc.c | ||
---|---|---|
#include <sys/mount.h>
|
||
#include <sys/poll.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/nlookup.h>
|
||
#include <sys/blist.h>
|
||
#include <sys/reboot.h>
|
||
... | ... | |
* Keep cr_groups[0] unchanged to prevent that.
|
||
*/
|
||
if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0)
|
||
if ((error = priv_check_cred(oldcred, PRIV_ROOT, PRISON_ROOT)) != 0)
|
||
return (error);
|
||
if (ngrp >= NGROUPS)
|
sys/emulation/linux/linux_uid16.c | ||
---|---|---|
#include <sys/kern_syscall.h>
|
||
#include <sys/nlookup.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/sysproto.h>
|
||
#include <sys/thread.h>
|
||
... | ... | |
* Keep cr_groups[0] unchanged to prevent that.
|
||
*/
|
||
if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0)
|
||
if ((error = priv_check_cred(oldcred, PRIV_ROOT, PRISON_ROOT)) != 0)
|
||
return (error);
|
||
if (ngrp >= NGROUPS)
|
sys/kern/imgact_resident.c | ||
---|---|---|
#include <sys/imgact_aout.h>
|
||
#include <sys/mman.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/resourcevar.h>
|
||
#include <sys/sysent.h>
|
||
#include <sys/systm.h>
|
||
... | ... | |
/* only super-user should call this sysctl */
|
||
td = req->td;
|
||
if ((suser(td)) != 0)
|
||
if ((priv_check(td, PRIV_ROOT)) != 0)
|
||
return EPERM;
|
||
error = count = 0;
|
||
... | ... | |
int error;
|
||
p = curproc;
|
||
if ((error = suser_cred(p->p_ucred, 0)) != 0)
|
||
if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0)
|
||
return(error);
|
||
if ((vp = p->p_textvp) == NULL)
|
||
return(ENOENT);
|
||
... | ... | |
int count;
|
||
p = curproc;
|
||
if ((error = suser_cred(p->p_ucred, 0)) != 0)
|
||
if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0)
|
||
return(error);
|
||
/*
|
sys/kern/kern_acct.c | ||
---|---|---|
#include <sys/systm.h>
|
||
#include <sys/sysproto.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/mount.h>
|
||
#include <sys/vnode.h>
|
||
#include <sys/fcntl.h>
|
||
... | ... | |
int error;
|
||
/* Make sure that the caller is root. */
|
||
error = suser(td);
|
||
error = priv_check(td, PRIV_ROOT);
|
||
if (error)
|
||
return (error);
|
||
sys/kern/kern_exec.c | ||
---|---|---|
#include <sys/wait.h>
|
||
#include <sys/malloc.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/ktrace.h>
|
||
#include <sys/signalvar.h>
|
||
#include <sys/pioctl.h>
|
||
... | ... | |
* we do not regain any tracing during a possible block.
|
||
*/
|
||
setsugid();
|
||
if (p->p_tracenode && suser(td) != 0) {
|
||
if (p->p_tracenode && priv_check(td, PRIV_ROOT) != 0) {
|
||
ktrdestroy(&p->p_tracenode);
|
||
p->p_traceflag = 0;
|
||
}
|
sys/kern/kern_fp.c | ||
---|---|---|
#include <sys/sysctl.h>
|
||
#include <sys/vnode.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/nlookup.h>
|
||
#include <sys/file.h>
|
||
#include <sys/stat.h>
|
||
... | ... | |
if (securelevel >= 1)
|
||
disablexworkaround = 1;
|
||
else
|
||
disablexworkaround = suser(td);
|
||
disablexworkaround = priv_check(td, PRIV_ROOT);
|
||
if (vp->v_type == VCHR && disablexworkaround &&
|
||
(flags & (MAP_PRIVATE|MAP_COPY))) {
|
||
error = EINVAL;
|
sys/kern/kern_jail.c | ||
---|---|---|
#include <sys/nlookup.h>
|
||
#include <sys/namecache.h>
|
||
#include <sys/proc.h>
|
||
#include <sys/priv.h>
|
||
#include <sys/jail.h>
|
||
#include <sys/socket.h>
|
||
#include <sys/sysctl.h>
|
||
... | ... | |
struct jail_ip_storage *jip;
|
||
/* Multiip */
|
||
error = suser(td);
|
||
error = priv_check(td, PRIV_ROOT);
|