[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <17885.1262707233@redhat.com>
Date: Tue, 05 Jan 2010 16:00:33 +0000
From: David Howells <dhowells@...hat.com>
To: Kevin Qu <rofail@...il.com>, Jeff Epler <jepler@...ythonic.net>
Cc: dhowells@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: how to get right euid?
Kevin Qu <rofail@...il.com> wrote:
> I wrote a kernel module and it create a "file" in /proc.
> The "file" permission is set to 644.
> When check access permission, I use :
Check where? In file_operations::open(), in file_operations::write() or in
inode_operations::permission()?
> if( op == 4 || (op ==2 && current->euid == 0) )
> return 0;
>
> But it does not work on 2.6.29,
> so I changed it like below:
>
> if( op & 0x4 || (op & 0x2 && current_euid() == 0) )
> return 0;
What is op? Is "op == N" equivalent to "op & N"? Should N be a symbolic
constant (MAY_READ or MAY_WRITE)?
> It works when read from the "file" in /proc,
> but when write to it with sudo, like:
>
> sudo echo "some thing" > /proc/my_file
>
> It denied. (But it works when I su to superuser and do so.)
>
> So I checked the current_euid(),
> but it returns 1000 (not 0),Why?
As Jeff said, where you're making the check matters.
In the above sudo command, the open() call is done by the shell, under the
EUID of whoever is logged in, whereas the write() call is done by the echo
command as executed by sudo, under the EUID set by sudo.
Note that if you're making the check in write(), the UID that you're checking
should be the one in struct file::f_cred.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists