Re: kern/41489: setpriority(2) returns EACCES instead of EPERM

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,ekamperi%gmail.com@localhost
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Mon, 25 May 2009 22:25:02 +0000 (UTC)

The following reply was made to PR kern/41489; it has been noted by GNATS.

From: Elad Efrat <elad%NetBSD.org@localhost>
To: M.Drochner%fz-juelich.de@localhost
Cc: gnats-bugs%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Date: Tue, 26 May 2009 00:54:52 +0300

 This is a multi-part message in MIME format.
 --------------000106030105040009010300
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit

 Matthias Drochner wrote:
 > elad%NetBSD.org@localhost said:
 >>  How can you tell I botched it? 
 > 
 > Sorry I usually avoid to point fingers at persons, but in this
 > case it was a nicely fitting reply to the question.
 > 
 > Your change removed a check which returned EPERM in case
 > the owner etc didn't match.

 My bad: I was looking at the wrong part of the code (specifically the 
 EACCES at the bottom rather than the EPERM at the top).

 Anyway, the fix here isn't so obvious; specifically, the original check 
 checked both the effective and the real uid ("root" is a user with 
 effective uid 0). Additionally, the documentation (not ours) doesn't 
 necessarily specify a super-user, but rather a user with the proper 
 privileges, which is more correct. We have to decide if we want to 
 maintain the behavior (uid or euid 0 -> no EPERM, which is IMHO wrong), 
 fix it (euid 0 -> no EPERM, IMHO right, can simply be a 
 KAUTH_GENERIC_ISSUSER for now), or do something completely different 
 (like make listeners return errno values and weigh them, similar to 
 FreeBSD, long-term goal).

 The attached diff is simply restores the original checks.

 -e.

 --------------000106030105040009010300
 Content-Type: text/plain;
  name="kern_resource.c.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="kern_resource.c.diff"

 Index: sys/kern/kern_resource.c
 ===================================================================
 RCS file: /usr/cvs/src/sys/kern/kern_resource.c,v
 retrieving revision 1.151
 diff -u -p -r1.151 kern_resource.c
 --- sys/kern/kern_resource.c   29 Mar 2009 01:02:50 -0000      1.151
 +++ sys/kern/kern_resource.c   25 May 2009 04:05:26 -0000
 @@ -229,6 +229,11 @@ donice(struct lwp *l, struct proc *chgp,

        KASSERT(mutex_owned(chgp->p_lock));

 +      if (kauth_cred_geteuid(cred) && kauth_cred_getuid(cred) &&
 +          kauth_cred_geteuid(cred) != kauth_cred_geteuid(chgp->p_cred) &&
 +          kauth_cred_getuid(cred) != kauth_cred_geteuid(chgp->p_cred))
 +              return (EPERM);
 +
        if (n > PRIO_MAX)
                n = PRIO_MAX;
        if (n < PRIO_MIN)

 --------------000106030105040009010300--

Follow-Ups:
- Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
  - From: Christos Zoulas

Prev by Date: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Next by Date: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Previous by Thread: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Next by Thread: Re: kern/41489: setpriority(2) returns EACCES instead of EPERM
Indexes:

Home | Main Index | Thread Index | Old Index