Re: kern/41489: setpriority(2) returns EACCES instead of EPERM

[Elad Efrat <elad%NetBSD.org@localhost>]

Matthias Drochner wrote:
> elad%NetBSD.org@localhost said:
> >  How can you tell I botched it? 
>
> Sorry I usually avoid to point fingers at persons, but in this
> case it was a nicely fitting reply to the question.
>
> Your change removed a check which returned EPERM in case
> the owner etc didn't match.

My bad: I was looking at the wrong part of the code (specifically the 
EACCES at the bottom rather than the EPERM at the top).

Anyway, the fix here isn't so obvious; specifically, the original check 
checked both the effective and the real uid ("root" is a user with 
effective uid 0). Additionally, the documentation (not ours) doesn't 
necessarily specify a super-user, but rather a user with the proper 
privileges, which is more correct. We have to decide if we want to 
maintain the behavior (uid or euid 0 -> no EPERM, which is IMHO wrong), 
fix it (euid 0 -> no EPERM, IMHO right, can simply be a 
KAUTH_GENERIC_ISSUSER for now), or do something completely different 
(like make listeners return errno values and weigh them, similar to 
FreeBSD, long-term goal).

The attached diff is simply restores the original checks.

-e.

Index: sys/kern/kern_resource.c
===================================================================
RCS file: /usr/cvs/src/sys/kern/kern_resource.c,v
retrieving revision 1.151
diff -u -p -r1.151 kern_resource.c
--- sys/kern/kern_resource.c    29 Mar 2009 01:02:50 -0000      1.151
+++ sys/kern/kern_resource.c    25 May 2009 04:05:26 -0000
@@ -229,6 +229,11 @@ donice(struct lwp *l, struct proc *chgp,
 
        KASSERT(mutex_owned(chgp->p_lock));
 
+       if (kauth_cred_geteuid(cred) && kauth_cred_getuid(cred) &&
+           kauth_cred_geteuid(cred) != kauth_cred_geteuid(chgp->p_cred) &&
+           kauth_cred_getuid(cred) != kauth_cred_geteuid(chgp->p_cred))
+               return (EPERM);
+
        if (n > PRIO_MAX)
                n = PRIO_MAX;
        if (n < PRIO_MIN)