[patch] getting rid of suser/fsuser for good, first part

[patch] getting rid of suser/fsuser for good, first part

[David Weinehall]

It is after all 2.5-time, and hence time for a spring-cleaning.

This patch removes suser/fsuser, and while at it,
fixes ufs/balloc.c to use capable instead.

I figured that the only way to get people to fix their files was
to break them ;-P

These files are still naughty (feel free to fix!):

arch/i386/kernel/mtrr.c
arch/sparc64/kernel/ioctl32.c
drivers/net/wan/lmc/lmc_main.c
drivers/net/fealnx.c
drivers/block/cciss.c
drivers/block/cpqarray.c
drivers/block/swim3.c
drivers/block/swim_iop.c
drivers/char/tty_io.c
drivers/char/vt.c
drivers/char/mxser.c
drivers/char/serial167.c
drivers/char/ip2main.c
drivers/char/rio/rio_linux.c
drivers/char/moxa.c
drivers/scsi/cpqfcTSinit.c
drivers/pcmcia/ds.c
drivers/s390/char/tubtty.c

I hope I didn't miss anything.


Regards: David Weinehall
  _                                                                 _
 // David Weinehall <tao@acc.umu.se> /> Northern lights wander      \\
//  Maintainer of the v2.0 kernel   //  Dance across the winter sky //
\>  http://www.acc.umu.se/~tao/    </   Full colour fire           </

--- linux-2.5.3-pre1/fs/ufs/balloc.c.old	Thu Jan 17 08:44:17 2002
+++ linux-2.5.3-pre1/fs/ufs/balloc.c	Thu Jan 17 08:45:37 2002
@@ -284,16 +284,16 @@
 			return 0;
 		}
 	}
-	
+
 	/*
 	 * There is not enough space for user on the device
 	 */
-	if (!fsuser() && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
+	if (!capable(CAP_SYS_RESOURCE) && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
 		unlock_super (sb);
 		UFSD(("EXIT (FAILED)\n"))
 		return 0;
-	} 
-	
+	}
+
 	if (goal >= uspi->s_size) 
 		goal = 0;
 	if (goal == 0) 
--- linux-2.5.3-pre1/include/linux/sched.h.old	Thu Jan 17 08:35:21 2002
+++ linux-2.5.3-pre1/include/linux/sched.h	Thu Jan 17 08:37:53 2002
@@ -727,52 +727,15 @@
 		       unsigned long, const char *, void *);
 extern void free_irq(unsigned int, void *);
 
-/*
- * This has now become a routine instead of a macro, it sets a flag if
- * it returns true (to do BSD-style accounting where the process is flagged
- * if it uses root privs). The implication of this is that you should do
- * normal permissions checks first, and check suser() last.
- *
- * [Dec 1997 -- Chris Evans]
- * For correctness, the above considerations need to be extended to
- * fsuser(). This is done, along with moving fsuser() checks to be
- * last.
- *
- * These will be removed, but in the mean time, when the SECURE_NOROOT 
- * flag is set, uids don't grant privilege.
- */
-static inline int suser(void)
-{
-	if (!issecure(SECURE_NOROOT) && current->euid == 0) { 
-		current->flags |= PF_SUPERPRIV;
-		return 1;
-	}
-	return 0;
-}
-
-static inline int fsuser(void)
-{
-	if (!issecure(SECURE_NOROOT) && current->fsuid == 0) {
-		current->flags |= PF_SUPERPRIV;
-		return 1;
-	}
-	return 0;
-}
 
 /*
- * capable() checks for a particular capability.  
- * New privilege checks should use this interface, rather than suser() or
- * fsuser(). See include/linux/capability.h for defined capabilities.
+ * capable() checks for a particular capability.
+ * See include/linux/capability.h for defined capabilities.
  */
 
 static inline int capable(int cap)
 {
-#if 1 /* ok now */
-	if (cap_raised(current->cap_effective, cap))
-#else
-	if (cap_is_fs_cap(cap) ? current->fsuid == 0 : current->euid == 0)
-#endif
-	{
+	if (cap_raised(current->cap_effective, cap)) {
 		current->flags |= PF_SUPERPRIV;
 		return 1;
 	}
--- linux-2.5.3-pre1/include/linux/capability.h.old	Thu Jan 17 08:40:59 2002
+++ linux-2.5.3-pre1/include/linux/capability.h	Thu Jan 17 08:41:05 2002
@@ -99,10 +99,6 @@
 
 #define CAP_FSETID           4
 
-/* Used to decide between falling back on the old suser() or fsuser(). */
-
-#define CAP_FS_MASK          0x1f
-
 /* Overrides the restriction that the real or effective user ID of a
    process sending a signal must match the real or effective user ID
    of the process receiving the signal. */
@@ -345,8 +341,6 @@
 #define cap_clear(c)         do { cap_t(c) =  0; } while(0)
 #define cap_set_full(c)      do { cap_t(c) = ~0; } while(0)
 #define cap_mask(c,mask)     do { cap_t(c) &= cap_t(mask); } while(0)
-
-#define cap_is_fs_cap(c)     (CAP_TO_MASK(c) & CAP_FS_MASK)
 
 #endif /* __KERNEL__ */
 

Re: [patch] getting rid of suser/fsuser for good, first part

[Dave Jones]

On Thu, Jan 17, 2002 at 09:12:03AM +0100, David Weinehall wrote:
 > It is after all 2.5-time, and hence time for a spring-cleaning.
 > These files are still naughty (feel free to fix!):
 > 
 > arch/i386/kernel/mtrr.c

 This file in particular needs more than just a spring clean imo.
 As extra support was added for the different MTRR lookalikes,
 it got messier and messier until it turned into the goop we
 have now.  Doing a real cleanup on this has been on my TODO for
 months now. Hopefully I'll get around to it in the 2.5 timeframe.

-- 
| Dave Jones.        http://www.codemonkey.org.uk
| SuSE Labs

Re: [patch] getting rid of suser/fsuser for good, first part

[David Weinehall]

On Thu, Jan 17, 2002 at 12:27:04PM +0100, Dave Jones wrote:
> On Thu, Jan 17, 2002 at 09:12:03AM +0100, David Weinehall wrote:
>  > It is after all 2.5-time, and hence time for a spring-cleaning.
>  > These files are still naughty (feel free to fix!):
>  > 
>  > arch/i386/kernel/mtrr.c
> 
>  This file in particular needs more than just a spring clean imo.
>  As extra support was added for the different MTRR lookalikes,
>  it got messier and messier until it turned into the goop we
>  have now.  Doing a real cleanup on this has been on my TODO for
>  months now. Hopefully I'll get around to it in the 2.5 timeframe.

Agreed. I had a look in it, and it looked like a horrible mess.


/David
  _                                                                 _
 // David Weinehall <tao@acc.umu.se> /> Northern lights wander      \\
//  Maintainer of the v2.0 kernel   //  Dance across the winter sky //
\>  http://www.acc.umu.se/~tao/    </   Full colour fire           </