mdo(1): Use setcred() to change credentials
Needs ReviewPublic
Actions

Authored by olce on Fri, Nov 15, 5:08 PM.

Details

Reviewers

Summary

This revision is part of a series. Click on the Stack tab below to see the context.
This series has also been squeezed into D47633 to provide an overall view.

Commit message:
As this is the only system call that MAC/do currently supports, and the
only one that really can be for transitions involving simultaneous
changes of user and group IDs.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 60612
Build 57496: arc lint + arc unit

Event Timeline

olce created this revision.Fri, Nov 15, 5:08 PM

Herald added a subscriber: imp. · View Herald TranscriptFri, Nov 15, 5:08 PM

olce requested review of this revision.Fri, Nov 15, 5:08 PM

Harbormaster completed remote builds in B60612: Diff 146554.Fri, Nov 15, 5:08 PM

olce edited the summary of this revision. (Show Details)Fri, Nov 15, 10:45 PM

olce added a parent revision: D47620: MAC/do: Interpret the new rules specification; Monitor setcred().Fri, Nov 15, 10:47 PM

olce added a child revision: D47622: MAC/do: toast_rules(): Minor simplification.

olce added a reviewer: bapt.Fri, Nov 15, 10:50 PM

olce added subscribers: lwhsu, emaste.Fri, Nov 15, 10:52 PM

olce added a subscriber: jlduran.Mon, Nov 18, 8:51 AM

brooks added a subscriber: brooks.Mon, Nov 18, 9:31 PM

brooks added inline comments.

usr.bin/mdo/mdo.c
31	Technically a C23 extension, but probably ok? Could explicitly set one member to stay C99 compatible. Maybe better yet would be an initializer that sets everything to an invalid value (-1 or the like) so accidentally setting a uid or gid flag without setting the value doesn't lead to root.

Revision Contents
Changeset List

Path

Size

usr.bin/

mdo/

mdo.c

42 lines

Diff 146554

View Options

mdo(1): Use setcred() to change credentialsNeeds ReviewPublicActions