SYS.C Code Analysis for the complete anatomy of the Linux kernel

Source: Internet
Author: User
Tags session id posix

SYS.C Code Analysis




Setregid

/* * This is do bsd-style, with no consideration of the saved GID, except * so if you set the effective GID, it sets t  He saved GID too. This * makes it possible for a setgid-completely drop its privileges, * which is often a useful assertion to MA Ke when is doing a security * audit over a program.  * * The general idea is, a program which uses just Setregid () would be * 100% compatible with BSD. A program which uses just Setgid () would be is * 100% compatible with POSIX w/saved ID ' s. */int sys_setregid (int rgid, int eg ID)//SET Real group ID.            Effective group id{if (rgid>0) {if (Current->gid = = Rgid) | | Suser ())//assuming the GID = = Real Group ID of the current process or having superuser privileges, it is possible to change the group ID of the current process to real group ID Current->gid =        Rgid;    else//Otherwise setregid is not agreeable and returns the error value return (-eperm);        } if (egid>0) {if (Current->gid = = Egid) | | Assuming that the GID or effective GID of the current process equals egid or has superuser privileges, it is possible to change the Egid and Sgid of the current process (Current->egid = = Egid) | |            Suser ()) {current->egid = Egid;        Current->sgid = Egid;    } else return (-eperm); } return 0;}


Setgid

/* * SETGID () is implemeneted like SysV w/saved_ids */int sys_setgid (int gid)//Set the current process's group id{    if (suser ())//Have Superuser Permissions are able to change the current process's gid,egid (effective GID), sgid (saved GID) is set to gid        current->gid = Current->egid = Current->sgid = GID;    else if (gid = = Current->gid) | | (gid = = Current->sgid))    Assuming that the current process sgid or GID is equal to the GID (incoming parameter), then the effective GID of the current process is set to gid        current->egid = gid;    else        return-eperm;    return 0;}




Sys_time

int Sys_time (LONG * tloc)//Set system time {    int i;    i = Current_time;    if (tloc) {        verify_area (tloc,4);        Put_fs_long (i, (unsigned long *) tloc);    }    return i;}


Sys_setreuid

/* * unprivileged users may change the real user ID to the effective UID * or vice versa.  (bsd-style) * When you set the effective UID, it sets the saved UID too. This * makes it possible for a setuid-completely drop its privileges, * which is often a useful assertion to MA Ke when is doing a security * audit over a program.  * * The general idea is, a program which uses just Setreuid () would be * 100% compatible with BSD. A program which uses just Setuid () would be is * 100% compatible with POSIX w/saved ID ' s. */int sys_setreuid (int ruid, int EU        ID)//uid = = User ID set real and effective user id{int old_ruid = current->uid;                    if (ruid>0) {if (current->euid==ruid) | | |            (Old_ruid = = Ruid) | |        Suser ()) Current->uid = Ruid;    else return (-eperm);                    } if (euid>0) {if (Old_ruid = = Euid) | |            (Current->euid = = Euid) | | Suser ()) {current->euid = Euid;        Current->suid = Euid;            } else {current->uid = Old_ruid;        return (-eperm); }} return 0;}

setuid ()


/* * SETUID () is implemeneted like SysV w/saved_ids * * Note this saved_id ' is deficient in, a setuid root program * Like SendMail, for example, cannot set it UID to is a normal * user and then switch back, because if you ' re root, setuid  () sets * the saved UID too.  If You don't like this, blame the bright people * in the POSIX commmittee and/or USG.  Note that the Bsd-style setreuid () * would allow a root program to temporarily drop privileges and is able to * regain them   By swapping the real and effective UID.     */int sys_setuid (int uid)//Set User id{if (suser ()) Current->uid = Current->euid = Current->suid = UID; else if (uid = = Current->uid) | |        (uid = = Current->suid))    Current->euid = UID;    else return-eperm; return (0);}    int Sys_stime (LONG * tptr)//Set system time {if (!suser ()) return-eperm;    Startup_time = Get_fs_long ((unsigned long *) tptr)-jiffies/hz;    Jiffies_offset = 0; return 0;}

Sys_times

int sys_times (struct TMS * tbuf)//Get system time read the data of the kernel data section into the tbuf {    if (tbuf) {        Verify_area (tbuf,sizeof *tbuf);        Put_fs_long (Current->utime, (unsigned long) &tbuf->tms_utime);        Put_fs_long (Current->stime, (unsigned long) &tbuf->tms_stime);        Put_fs_long (Current->cutime, (unsigned long) &tbuf->tms_cutime);        Put_fs_long (Current->cstime, (unsigned long *) &tbuf->tms_cstime);    }    return jiffies;}

sys_brk

int sys_brk (unsigned long end_data_seg)//BRK data segment End {    if (end_data_seg >= current->end_code &&    // Assume that end_data_seg is larger than the end of the current process's code snippet and less than the current process (stack -16k). So        //Take end_date_seg as new data segment end        End_data_seg < current->start_stack-16384)        current->brk = End_ data_seg;    return CURRENT->BRK;}


Sys_setpgid

/* * This needs some heave checking ... * I just haven ' t get the stomach for it. I also don ' t fully * understand SESSIONS/PGRP etc. Let's somebody who does explain it. * OK, I think I have the protection semantics right .... This is really * only important on a multi-user system anyway, t  o Make sure one user * can ' t "send a signal to a" process owned by another.    -tyt, 12/12/91 */int sys_setpgid (int pid, int pgid) {int i;    if (!pid) PID = current->pid;    if (!pgid) Pgid = current->pid;    if (Pgid < 0) Return-einval; for (i=0; i<nr_tasks; i++) if (Task[i] && (task[i]->pid = = pid) && ((Task[i]-&gt             ;p _pptr = = current) | | (Task[i] = = current)))            {if (task[i]->leader) return-eperm;                if ((task[i]->session! = current->session) | |                ((Pgid! = pid) && (Session_of_pgrp (pgid)! = current->session))) Return-eperm;            TASK[I]-&GT;PGRP = Pgid;        return 0; } Return-esrch;}


Getpgrp

int sys_getpgrp (void)//Get the current process pgrp = = Process group{    return current->pgrp;}

Setsid

int Sys_setsid (void)//Set session id{    if (Current->leader &&!suser ())//current process is not session Leader can not change the        return-eperm    of Session ID if you have super privilege. Current->leader = 1; The current process is actually feeling session leader    current->session = CURRENT->PGRP = current->pid;    Current->tty =-1;    return CURRENT->PGRP;}


getgroups

/* * Supplementary group ID ' s */int sys_getgroups (int gidsetsize, gid_t *grouplist)//There should be a problem here, a process cannot belong to more than one process group//reason very easy, The group ID of a process can only be a value! This constrains it to belong to only one process group. His group leader can only have one!

{ int i; if (gidsetsize) Verify_area (grouplist, sizeof (gid_t) * gidsetsize); for (i = 0; (I < ngroups) && (current->groups[i]! = nogroup); i++, grouplist++) { if (gidsetsize) { if (i >= gidsetsize) return-einval; Put_fs_word (Current->groups[i], (short *) grouplist); } } return (i);}


uname
static struct Utsname thisname = {    uts_sysname, uts_nodename, Uts_release, Uts_version, Uts_machine};int sys_uname ( struct Utsname * name)//Get system name information {    int i;    if (!name) return-error;    Verify_area (name,sizeof *name);    for (i=0;i<sizeof *name;i++)        Put_fs_byte (((char *) &thisname) [i],i+ (char *) name);    return 0;}

SetHostName
/* * only sethostname; GetHostName can implemented by calling uname () */int sys_sethostname (char *name, int len)//Set system noun information {    int    i;
   if (!suser ())        return-eperm;    if (Len > Maxhostnamelen)        return-einval;    For (i=0, i < Len; i++) {        if ((thisname.nodename[i] = Get_fs_byte (name+i)) = = 0) break            ;    }    if (Thisname.nodename[i]) {        Thisname.nodename[i>maxhostnamelen? MAXHOSTNAMELEN:I] = 0;    }    return 0;}

Getrlimit
int sys_getrlimit (int resource, struct rlimit *rlim)//Gets the resource bounds value of the current process {    if (Resource >= rlim_nlimits)        return- EINVAL;    Verify_area (rlim,sizeof *rlim);    Put_fs_long (Current->rlim[resource].rlim_cur,            (unsigned long) rlim);    Put_fs_long (Current->rlim[resource].rlim_max, (            (unsigned long *) rlim) +1);    return 0;    }

Setrlimit
int sys_setrlimit (int resource, struct rlimit *rlim) {    struct rlimit new, *old;    if (Resource >= rlim_nlimits)        return-einval;    Old = Current->rlim + resource;    New.rlim_cur = Get_fs_long ((unsigned long *) rlim);    New.rlim_max = Get_fs_long (((unsigned long *) rlim) +1);    if (((New.rlim_cur > Old->rlim_max) | |         (New.rlim_max > Old->rlim_max)) &&        !suser ())        return-eperm;    *old = new;    return 0;}

umask
int sys_umask (int mask)//When setting the current process Create file property {    int old = current->umask;    Current->umask = mask & 0777;    return (old);}















SYS.C Code Analysis for the complete anatomy of the Linux kernel

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.