问题
I am trying to write my own system call under Arch linux system, the following is the format of the system call:
long getpeuid(pid_t pid, uid_t *uid)
Which is used to get the euid of calling process's parent process.
I know I have to verify three things first:
check if the pointer is pointing to the user space. That can be done by
access_ok().check if the pointer is pointing to the calling process's address space.
check if the calling process has the permission to write to the space the pointer is pointing to.
I found the syscall copy_to_user() can copy the kernel space variable to user space, but I am not sure if the syscall checks the other prerequisites first.
Also, I am not sure how can I get the calling process's parent process euid. I know getppid() could get the parent process ID, but I am not sure how to proceed with that. Can someone give me some hint on this?
Thanks in advance!
EDIT:
A follow up question, if I want to check if the effective uid of parent process is root, I could simply see if euid equals 0, is that right?
EDIT:
Another question, are we allowed to call getppid() and other syscalls inside a syscall? after some googling, it seems like everyone is trying to avoid doing this.
回答1:
(I'm new to Linux kernel development, please correct this answer as necessary!)
Yes, copy_to_user makes all the needed checks to see if the process is allowed to write to the referenced memory space. That is a major reason why copy_to_user is used so often.
Once you have the PID of the parent process, you will need to get a reference to its task descriptor. I believe you can get that by calling find_task_by_vpid(pid_number).
Now you have a pointer to the parent process' task_struct. It has 2 struct cred * members: cred and real_cred. (I'm not sure which one you should use.) struct cred has a member euid.
If the euid is 0, then yes, the parent process is running as root. Note that if the system uses LXC containers, then it could be root inside a container.
来源:https://stackoverflow.com/questions/29442666/how-to-verify-if-the-pointer-is-pointing-to-the-process-address-table