sys.c 代码分析

setregid

/*
 * This is done BSD-style, with no consideration of the saved gid, except
 * that if you set the effective gid, it sets the saved gid too.  This
 * makes it possible for a setgid program to completely drop its privileges,
 * which is often a useful assertion to make when you are doing a security
 * audit over a program.
 *
 * The general idea is that a program which uses just setregid() will be
 * 100% compatible with BSD.  A program which uses just setgid() will be
 * 100% compatible with POSIX w/ Saved ID's.
 */
int sys_setregid(int rgid, int egid)//设置real group ID ，effective group ID
{
    if (rgid>0) {
        if ((current->gid == rgid) ||
            suser())
        //如果当前进程的gid == real group ID 或者拥有超级用户权限，就可以把当前进程的group ID更改为 real Group ID　
            current->gid = rgid;
        else //否则setregid是不允许的，返回错误值
            return(-EPERM);
    }
    if (egid>0) {
        if ((current->gid == egid) ||
        //如果当前进程的gid 或者effective gid 等于egid 或者拥有超级用户权限，则可以修改当前进程的egid和sgid
            (current->egid == egid) ||
            suser()) {
            current->egid = egid;
            current->sgid = egid;
        } else
            return(-EPERM);
    }
    return 0;
}

setgid

/*
 * setgid() is implemeneted like SysV w/ SAVED_IDS
 */
int sys_setgid(int gid) //设置当前进程的group ID
{
    if (suser()) //有超级用户权限就可以更改当前进程的gid,egid（effective gid） ,sgid(saved gid)都设置为gid
        current->gid = current->egid = current->sgid = gid;
    else if ((gid == current->gid) || (gid == current->sgid))
    //如果当前进程的sgid 或者gid(current) 等于 gid(传入参数) ,那么把当前进程的effective gid 设置为gid
        current->egid = gid;
    else
        return -EPERM;
    return 0;
}

sys_time

int sys_time(long * tloc) //设置系统时间
{
    int i;

    i = CURRENT_TIME;
    if (tloc) {
        verify_area(tloc,4);
        put_fs_long(i,(unsigned long *)tloc);
    }
    return i;
}

sys_setreuid

/*
 * Unprivileged users may change the real user id to the effective uid
 * or vice versa.  (BSD-style)
 *
 * When you set the effective uid, it sets the saved uid too.  This
 * makes it possible for a setuid program to completely drop its privileges,
 * which is often a useful assertion to make when you are doing a security
 * audit over a program.
 *
 * The general idea is that a program which uses just setreuid() will be
 * 100% compatible with BSD.  A program which uses just setuid() will be
 * 100% compatible with POSIX w/ Saved ID's.
 */
int sys_setreuid(int ruid, int euid) //uid == user ID 设置real 和 effective user ID
{
    int old_ruid = current->uid;
    
    if (ruid>0) {
        if ((current->euid==ruid) ||
                    (old_ruid == ruid) ||
            suser())
            current->uid = ruid;
        else
            return(-EPERM);
    }
    if (euid>0) {
        if ((old_ruid