sys.c 代码分析

setregid

/*

 * This is done BSD-style, with no consideration of the saved gid, except

 * that if you set the effective gid, it sets the saved gid too.  This

 * makes it possible for a setgid program to completely drop its privileges,

 * which is often a useful assertion to make when you are doing a security

 * audit over a program.

 *

 * The general idea is that a program which uses just setregid() will be

 * 100% compatible with BSD.  A program which uses just setgid() will be

 * 100% compatible with POSIX w/ Saved ID's.

 */

int sys_setregid(int rgid, int egid)//设置real group ID 。effective group ID

{

    if (rgid>0) {

        if ((current->gid == rgid) ||

            suser())

        //假设当前进程的gid == real group ID 或者拥有超级用户权限,就能够把当前进程的group ID更改为 real Group ID 

            current->gid = rgid;

        else //否则setregid是不同意的,返回错误值

            return(-EPERM);

    }

    if (egid>0) {

        if ((current->gid == egid) ||

        //假设当前进程的gid 或者effective gid 等于egid 或者拥有超级用户权限,则能够改动当前进程的egid和sgid

            (current->egid == egid) ||

            suser()) {

            current->egid = egid;

            current->sgid = egid;

        } else

            return(-EPERM);

    }

    return 0;

}

setgid

/*

 * setgid() is implemeneted like SysV w/ SAVED_IDS

 */

int sys_setgid(int gid) //设置当前进程的group ID

{

    if (suser()) //有超级用户权限就能够更改当前进程的gid,egid(effective gid) ,sgid(saved gid)都设置为gid

        current->gid = current->egid = current->sgid = gid;

    else if ((gid == current->gid) || (gid == current->sgid))

    //假设当前进程的sgid 或者gid(current) 等于 gid(传入參数) ,那么把当前进程的effective gid 设置为gid

        current->egid = gid;

    else

        return -EPERM;

    return 0;

}

sys_time

int sys_time(long * tloc) //设置系统时间

{

    int i;

    i = CURRENT_TIME;

    if (tloc) {

        verify_area(tloc,4);

        put_fs_long(i,(unsigned long *)tloc);

    }

    return i;

}

sys_setreuid

/*

 * Unprivileged users may change the real user id to the effective uid

 * or vice versa.  (BSD-style)

 *

 * When you set the effective uid, it sets the saved uid too.  This

 * makes it possible for a setuid program to completely drop its privileges,

 * which is often a useful assertion to make when you are doing a security

 * audit over a program.

 *

 * The general idea is that a program which uses just setreuid() will be

 * 100% compatible with BSD.  A program which uses just setuid() will be

 * 100% compatible with POSIX w/ Saved ID's.

 */

int sys_setreuid(int ruid, int euid) //uid == user ID 设置real 和 effective user ID

{

    int old_ruid = current->uid;

    if (ruid>0) {

        if ((current->euid==ruid) ||

                    (old_ruid == ruid) ||

            suser())

            current->uid = ruid;

        else

            return(-EPERM);

    }

    if (euid>0) {

        if ((old_ruid == euid) ||

                    (current->euid == euid) ||

            suser()) {

            current->euid = euid;

            current->suid = euid;

        } else {

            current->uid = old_ruid;

            return(-EPERM);

        }

    }

    return 0;

}

setuid()

/*

 * setuid() is implemeneted like SysV w/ SAVED_IDS

 *

 * Note that SAVED_ID's is deficient in that a setuid root program

 * like sendmail, for example, cannot set its uid to be a normal

 * user and then switch back, because if you're root, setuid() sets

 * the saved uid too.  If you don't like this, blame the bright people

 * in the POSIX commmittee and/or USG.  Note that the BSD-style setreuid()

 * will allow a root program to temporarily drop privileges and be able to

 * regain them by swapping the real and effective uid.

 */

int sys_setuid(int uid) //设置user ID

{

    if (suser())

        current->uid = current->euid = current->suid = uid;

    else if ((uid == current->uid) || (uid == current->suid))

        current->euid = uid;

    else

        return -EPERM;

    return(0);

}

int sys_stime(long * tptr) //设置系统时间

{

    if (!suser())

        return -EPERM;

    startup_time = get_fs_long((unsigned long *)tptr) - jiffies/HZ;

    jiffies_offset = 0;

    return 0;

}

sys_times

int sys_times(struct tms * tbuf) //获取系统时间把内核数据段的数据读到tbuf里去

{

    if (tbuf) {

        verify_area(tbuf,sizeof *tbuf);

        put_fs_long(current->utime,(unsigned long *)&tbuf->tms_utime);

        put_fs_long(current->stime,(unsigned long *)&tbuf->tms_stime);

        put_fs_long(current->cutime,(unsigned long *)&tbuf->tms_cutime);

        put_fs_long(current->cstime,(unsigned long *)&tbuf->tms_cstime);

    }

    return jiffies;

}

sys_brk

int sys_brk(unsigned long end_data_seg) //brk 数据段结尾

{

    if (end_data_seg >= current->end_code &&

    //假设end_data_seg大于当前进程的代码段结尾而且小于当前进程的(堆栈-16K)。于是

        //把end_date_seg作为新的数据段结尾

        end_data_seg < current->start_stack - 16384)

        current->brk = end_data_seg;

    return current->brk;

}

sys_setpgid

/*

 * This needs some heave checking ...

 * I just haven't get the stomach for it. I also don't fully

 * understand sessions/pgrp etc. Let somebody who does explain it.

 *

 * OK, I think I have the protection semantics right.... this is really

 * only important on a multi-user system anyway, to make sure one user

 * can't send a signal to a process owned by another.  -TYT, 12/12/91

 */

int sys_setpgid(int pid, int pgid)

{

    int i;

    if (!pid)

        pid = current->pid;

    if (!pgid)

        pgid = current->pid;

    if (pgid < 0)

        return -EINVAL;

    for (i=0 ; i<NR_TASKS ; i++)

        if (task[i] && (task[i]->pid == pid) &&

            ((task[i]->p_pptr == current) ||

             (task[i] == current))) {

            if (task[i]->leader)

                return -EPERM;

            if ((task[i]->session != current->session) ||

                ((pgid != pid) &&

                 (session_of_pgrp(pgid) != current->session)))

                return -EPERM;

            task[i]->pgrp = pgid;

            return 0;

        }

    return -ESRCH;

}

getpgrp

int sys_getpgrp(void) //获得当前进程的pgrp == process group

{

    return current->pgrp;

}

setsid

int sys_setsid(void) //设置session ID

{

    if (current->leader && !suser()) //当前进程不是session leader或者拥有超级权限的话是无法更改session ID的

        return -EPERM;

    current->leader = 1; //当前进程被确觉得session leader

    current->session = current->pgrp = current->pid;

    current->tty = -1;

    return current->pgrp;

}

getgroups

/*

 * Supplementary group ID's

 */

int sys_getgroups(int gidsetsize, gid_t *grouplist)

//这里应该有问题,一个进程不可能属于多一个进程组

//原因非常easy,一个进程的group id仅仅能是一个值!这就约束了它就仅仅能属于一个进程组。他的group leader仅仅能有一个!

{

    int    i;

    if (gidsetsize)

        verify_area(grouplist, sizeof(gid_t) * gidsetsize);

    for (i = 0; (i < NGROUPS) && (current->groups[i] != NOGROUP);

         i++, grouplist++) {

        if (gidsetsize) {

            if (i >= gidsetsize)

                return -EINVAL;

            put_fs_word(current->groups[i], (short *) grouplist);

        }

    }

    return(i);

}

uname

static struct utsname thisname = {

    UTS_SYSNAME, UTS_NODENAME, UTS_RELEASE, UTS_VERSION, UTS_MACHINE

};

int sys_uname(struct utsname * name) //获取系统名称信息

{

    int i;

    if (!name) return -ERROR;

    verify_area(name,sizeof *name);

    for(i=0;i<sizeof *name;i++)

        put_fs_byte(((char *) &thisname)[i],i+(char *) name);

    return 0;

}

sethostname

/*

 * Only sethostname; gethostname can be implemented by calling uname()

 */

int sys_sethostname(char *name, int len) //设置系统名词信息

{

    int    i;

    if (!suser())

        return -EPERM;

    if (len > MAXHOSTNAMELEN)

        return -EINVAL;

    for (i=0; i < len; i++) {

        if ((thisname.nodename[i] = get_fs_byte(name+i)) == 0)

            break;

    }

    if (thisname.nodename[i]) {

        thisname.nodename[i>MAXHOSTNAMELEN ? MAXHOSTNAMELEN : i] = 0;

    }

    return 0;

}

getrlimit

int sys_getrlimit(int resource, struct rlimit *rlim) //获取当前进程的资源界限值

{

    if (resource >= RLIM_NLIMITS)

        return -EINVAL;

    verify_area(rlim,sizeof *rlim);

    put_fs_long(current->rlim[resource].rlim_cur,

            (unsigned long *) rlim);

    put_fs_long(current->rlim[resource].rlim_max,

            ((unsigned long *) rlim)+1);

    return 0;

}

setrlimit

int sys_setrlimit(int resource, struct rlimit *rlim)

{

    struct rlimit new, *old;

    if (resource >= RLIM_NLIMITS)

        return -EINVAL;

    old = current->rlim + resource;

    new.rlim_cur = get_fs_long((unsigned long *) rlim);

    new.rlim_max = get_fs_long(((unsigned long *) rlim)+1);

    if (((new.rlim_cur > old->rlim_max) ||

         (new.rlim_max > old->rlim_max)) &&

        !suser())

        return -EPERM;

    *old = new;

    return 0;

}

umask

int sys_umask(int mask)//当设置当前进程创建文件的属性

{

    int old = current->umask;

    current->umask = mask & 0777;

    return (old);

}

《linux 内核全然剖析》 sys.c 代码分析的更多相关文章

  1. 《linux 内核全然剖析》sched.c sched.h 代码分析笔记

    版权声明:本文为博主原创文章.未经博主同意不得转载. https://blog.csdn.net/u011368821/article/details/25129835 sched.c sched.h ...

  2. 《linux 内核全然剖析》 fork.c 代码分析笔记

    fork.c 代码分析笔记 verifiy_area long last_pid=0; //全局变量,用来记录眼下最大的pid数值 void verify_area(void * addr,int s ...

  3. 《linux 内核全然剖析》 笔记 CODE_SPACE 宏定义分析

    在memory.c里面.遇到一个宏定义,例如以下: #define CODE_SPACE(addr) ((((addr)+4095)&~4095) < \ current->sta ...

  4. 《linux 内核全然剖析》编译linux 0.12 内核 Ubuntu 64bits 环境

    我×.. . 最终好了,大概3 4个小时吧...各种毛刺问题.终究还是闯过来了.. .. ubuntu2@ubuntu:~/Downloads/linux-0.00-050613/linux-0.00 ...

  5. 《linux 内核全然剖析》 chapter 2 微型计算机组成结构

    微型计算机组成结构 系统的基本组成: 软件是一种控制硬件操作和动作的指令流. 2.1 微型计算机的组成原理 当中CPU通过地址线,数据线,和控制信号线组成的内部总线与系统其它部分进行数据通信.地址线用 ...

  6. 《linux 内核全然剖析》 chapter 4 80x86 保护模式极其编程

    80x86 保护模式极其编程       首先我不得不说.看这章真的非常纠结...看了半天.不知道这个东西能干嘛.我感觉唯一有点用的就是对于内存映射的理解...我假设不在底层给80x86写汇编的话.我 ...

  7. 《linux 内核全然剖析》 mktime.c

    tm结构体的定义在time.h里面 struct tm { int tm_sec; int tm_min; int tm_hour; int tm_mday; int tm_mon; int tm_y ...

  8. 《linux 内核全然剖析》 include/asm/io.h

    include/asm/io.h #define outb(value,port) \ __asm__ ("outb %%al,%%dx"::"a" (valu ...

  9. Linux内核2.6.14源码分析-双向循环链表代码分析(巨详细)

    Linux内核源码分析-链表代码分析 分析人:余旭 分析时间:2005年11月17日星期四 11:40:10 AM 雨 温度:10-11度 编号:1-4 类别:准备工作 Email:yuxu97101 ...

随机推荐

  1. 【HDU 3662】3D Convex Hull

    http://acm.hdu.edu.cn/showproblem.php?pid=3662 求给定空间中的点的三维凸包上有多少个面. 用增量法,不断加入点,把新加的点能看到的面都删掉,不能看到的面与 ...

  2. 理解onPause和onStop

    onPause 用于由一个Activity转到另一个Activity.设备进入休眠状态(屏幕锁住了).或者有dialog弹出时 onStop 用于不可见的Activity(有对话框弹出时,这时底下的a ...

  3. hdu 2110 基础母函数

    题意:退出本身并不麻烦,麻烦的是,退出的人需要取走相应比例(1/3)金额的资产.假设公司此时一共有n种价值的资产,每种价值的资产数量已知,请帮助心烦意乱的XHD夫妇计算一共有多少种分割资产的方法.   ...

  4. the elements of computing systems 的读书笔记2

    懒癌发作,本来计划是两到三天就一个unit的,没想到一直拖到今天才完成第二部分(6-8章). 第6章,介绍了hack汇编到二进制,也就是用翻译到01来表示.从课后习题来看,这一章目的就是设计一个程序( ...

  5. TSQL update 简单应用小总结

    UPDATE 有两种基本的格式.一种是用静态数据来修改表,另一种是用其他表中的数据来修改表.下面是第一种格式: UPDATE #famousjaycees SET jc = 'Jhony cash', ...

  6. 安卓中WebKit的使用

    1.在安卓开发中,使用webkit显示网页 步骤: ①初始化一个webkit控件: ②获取webkit的WebSettings对象: ③设置javascript为enable ④为webkit设置&q ...

  7. HDU 2553 N皇后问题(深搜DFS)

    N皇后问题 Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)Total Submi ...

  8. 推荐C#网站、书籍、资源

    推荐博客: 极简的随笔 http://www.cnblogs.com/guwei4037/p/3499135.html 见证大牛成长之路的专栏 http://blog.csdn.net/shanyon ...

  9. 实现多线程的另一种方式-Callable

    package com.mldn.thread; import java.util.concurrent.ExecutionException; import java.util.concurrent ...

  10. jQuery动画高级用法(上)——详解animation中的.queue()函数

    如果你拿着一个疑问去找专业人士寻找答案,那么你的一个疑问会变成三个,因为他会用另外两个令你更加一头雾水的名词来解释你的这个疑问. 我想这是大多数,包括我在内,IT人在学习过程中碰到的最大问题.当你有一 ...