Re: [PATCH 9/9] make net/core/scm.c uid comparisons user namespaceaware
From: Serge E. Hallyn
Date: Tue Oct 18 2011 - 19:22:27 EST
Quoting Joe Perches (joe@xxxxxxxxxxx):
> On Tue, 2011-10-18 at 21:54 +0000, Serge Hallyn wrote:
> > From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxxxxx>
>
> Hi Serge.
>
> Just some trivial style notes.
>
> > Currently uids are compared without regard for the user namespace.
> > Fix that to prevent tasks in a different user namespace from
> > wrongly matching on SCM_CREDENTIALS.
> []
> > diff --git a/net/core/scm.c b/net/core/scm.c
>
> > -static __inline__ int scm_check_creds(struct ucred *creds)
> > +static __inline__ bool uidequiv(const struct cred *src, struct ucred *tgt,
> > + struct user_namespace *ns)
>
> Perhaps inline is better than __inline__ and do these
> functions really need to be marked inline at all?
Dunno, I was just sticking with the current style.
> > +{
> > + if (src->user_ns != ns)
> > + goto check_capable;
> > + if (src->uid == tgt->uid || src->euid == tgt->uid ||
> > + src->suid == tgt->uid)
>
> Perhaps this is less prone to typo errors and are a bit
> more readable as:
>
> if (tgt->uid == src->uid ||
> tgt->uid == src->euid ||
> tgt->uid == src->suid)
I do like that better.
thanks,
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/