日期:2014-05-16 浏览次数:21125 次
/* * This is done BSD-style, with no consideration of the saved gid, except * that if you set the effective gid, it sets the saved gid too. This * makes it possible for a setgid program to completely drop its privileges, * which is often a useful assertion to make when you are doing a security * audit over a program. * * The general idea is that a program which uses just setregid() will be * 100% compatible with BSD. A program which uses just setgid() will be * 100% compatible with POSIX w/ Saved ID's. */ int sys_setregid(int rgid, int egid)//设置real group ID ,effective group ID { if (rgid>0) { if ((current->gid == rgid) || suser()) //如果当前进程的gid == real group ID 或者拥有超级用户权限,就可以把当前进程的group ID更改为 real Group ID current->gid = rgid; else //否则setregid是不允许的,返回错误值 return(-EPERM); } if (egid>0) { if ((current->gid == egid) || //如果当前进程的gid 或者effective gid 等于egid 或者拥有超级用户权限,则可以修改当前进程的egid和sgid (current->egid == egid) || suser()) { current->egid = egid; current->sgid = egid; } else return(-EPERM); } return 0; }
/* * setgid() is implemeneted like SysV w/ SAVED_IDS */ int sys_setgid(int gid) //设置当前进程的group ID { if (suser()) //有超级用户权限就可以更改当前进程的gid,egid(effective gid) ,sgid(saved gid)都设置为gid current->gid = current->egid = current->sgid = gid; else if ((gid == current->gid) || (gid == current->sgid)) //如果当前进程的sgid 或者gid(current) 等于 gid(传入参数) ,那么把当前进程的effective gid 设置为gid current->egid = gid; else return -EPERM; return 0; }
int sys_time(long * tloc) //设置系统时间 { int i; i = CURRENT_TIME; if (tloc) { verify_area(tloc,4); put_fs_long(i,(unsigned long *)tloc); } return i; }
/* * Unprivileged users may change the real user id to the effective uid * or vice versa. (BSD-style) * * When you set the effective uid, it sets the saved uid too. This * makes it possible for a setuid program to completely drop its privileges, * which is often a useful assertion to make when you are doing a security * audit over a program. * * The general idea is that a program which uses just setreuid() will be * 100% compatible with BSD. A program which uses just setuid() will be * 100% compatible with POSIX w/ Saved ID's. */ int sys_setreuid(int ruid, int euid) //uid == user ID 设置real 和 effective user ID { int old_ruid = current->uid; if (ruid>0) { if ((current->euid==ruid) || (old_ruid == ruid) || suser()) current->uid = ruid; else return(-EPERM); } if (euid>0) { if ((old_ruid