Bug #1191

suser to priv conversion patch

Added by mneumann almost 6 years ago. Updated almost 6 years ago.

Status:ClosedStart date:
Priority:LowDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Hi,

I've attached a patch that replaces suser(9) with priv(9). Priv(9) is a
new API used by FreeBSD, and what it adds is fine-grained control over
which privelges are requested (and granted in turn).

So instead of

suser(td)

you write:

priv_check(td, PRIV_ROOT);

This will request ROOT privileges (which is equivalent to the suser()
call above). Of course PRIV_ROOT is not recommended and only serves
until all privileges are replaced by more fine grained privileges.

In sys/priv.h all existing privileges are defined.

The new API is as follows:

int priv_check(struct thread *td, int priv);
int priv_check_cred(struct ucred *cred, int priv, int flag);

Old suser calls still work, but should be avoided and replaced by the
corresponding priv_* call.

The patch does not (yet) modify the way privileges are granted, i.e.
the implementation is identical to the corresponding suser_*() function.

If no one objects, I'd like to commit this soon to then concentrate on
introducing fine-grained privileges. If possible, I'd like to (later)
get rid of the flags argument of priv_check_cred() (or suser_cred()),
which can be either NULL_CRED_OKAY or PRISON_ROOT, but I've not yet
thought about it throrrowly enough.

Regards,

Michael

suser_to_priv.patch Magnifier (155 KB) mneumann, 12/29/2008 06:29 PM

History

#1 Updated by mneumann almost 6 years ago

Am 29.12.2008 19:16, schrieb Michael Neumann:
> Hi,
>
> I've attached a patch that replaces suser(9) with priv(9). Priv(9) is a
> new API used by FreeBSD, and what it adds is fine-grained control over
> which privelges are requested (and granted in turn).

Just commited :)

Regards,

Michael

Also available in: Atom PDF