|
|
@@ -12,6 +12,12 @@
|
|
|
*/
|
|
|
#define SCM_MAX_FD 253
|
|
|
|
|
|
+struct scm_creds {
|
|
|
+ u32 pid;
|
|
|
+ kuid_t uid;
|
|
|
+ kgid_t gid;
|
|
|
+};
|
|
|
+
|
|
|
struct scm_fp_list {
|
|
|
short count;
|
|
|
short max;
|
|
|
@@ -22,7 +28,7 @@ struct scm_cookie {
|
|
|
struct pid *pid; /* Skb credentials */
|
|
|
const struct cred *cred;
|
|
|
struct scm_fp_list *fp; /* Passed files */
|
|
|
- struct ucred creds; /* Skb credentials */
|
|
|
+ struct scm_creds creds; /* Skb credentials */
|
|
|
#ifdef CONFIG_SECURITY_NETWORK
|
|
|
u32 secid; /* Passed security ID */
|
|
|
#endif
|
|
|
@@ -49,7 +55,9 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm,
|
|
|
{
|
|
|
scm->pid = get_pid(pid);
|
|
|
scm->cred = cred ? get_cred(cred) : NULL;
|
|
|
- cred_to_ucred(pid, cred, &scm->creds);
|
|
|
+ scm->creds.pid = pid_vnr(pid);
|
|
|
+ scm->creds.uid = cred ? cred->euid : INVALID_UID;
|
|
|
+ scm->creds.gid = cred ? cred->egid : INVALID_GID;
|
|
|
}
|
|
|
|
|
|
static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
|
|
|
@@ -112,8 +120,15 @@ static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- if (test_bit(SOCK_PASSCRED, &sock->flags))
|
|
|
- put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds);
|
|
|
+ if (test_bit(SOCK_PASSCRED, &sock->flags)) {
|
|
|
+ struct user_namespace *current_ns = current_user_ns();
|
|
|
+ struct ucred ucreds = {
|
|
|
+ .pid = scm->creds.pid,
|
|
|
+ .uid = from_kuid_munged(current_ns, scm->creds.uid),
|
|
|
+ .gid = from_kgid_munged(current_ns, scm->creds.gid),
|
|
|
+ };
|
|
|
+ put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds);
|
|
|
+ }
|
|
|
|
|
|
scm_destroy_cred(scm);
|
|
|
|
Eric W. Biederman