Kernel: Make LocalSocket do chown/chmod through VFS

This ensures that all the permissions checks are made against the provided credentials. Previously we were just calling through directly to the inode setters, which did no security checks!
Author: https://github.com/awesomekling Commit: 8d0bd3f225
2025-09-19 15:58:56 +00:00 · 2022-08-21 16:22:34 +02:00 · 2022-08-21 16:22:34 +02:00 · 8d0bd3f225 · 2024-07-17 08:05:44 +09:00
commit 8d0bd3f225
parent dbe182f1c6
1 changed files with 12 additions and 12 deletions
--- a/Kernel/Net/LocalSocket.cpp
+++ b/Kernel/Net/LocalSocket.cpp
@ -445,25 +445,25 @@ ErrorOr<void> LocalSocket::ioctl(OpenFileDescription& description, unsigned requ
    return EINVAL;
 }
-ErrorOr<void> LocalSocket::chmod(Credentials const&, OpenFileDescription&, mode_t mode)
+ErrorOr<void> LocalSocket::chmod(Credentials const& credentials, OpenFileDescription& description, mode_t mode)
 {
-    // FIXME: Use the credentials.
+    if (m_inode) {
-
+        if (auto custody = description.custody())
-    auto inode = m_inode.strong_ref();
+            return VirtualFileSystem::the().chmod(credentials, *custody, mode);
-    if (inode)
+        VERIFY_NOT_REACHED();
-        return inode->chmod(mode);
+    }
    m_prebind_mode = mode & 0777;
    return {};
 }
-ErrorOr<void> LocalSocket::chown(Credentials const& credentials, OpenFileDescription&, UserID uid, GroupID gid)
+ErrorOr<void> LocalSocket::chown(Credentials const& credentials, OpenFileDescription& description, UserID uid, GroupID gid)
 {
-    // FIXME: Use the credentials.
+    if (m_inode) {
-
+        if (auto custody = description.custody())
-    auto inode = m_inode.strong_ref();
+            return VirtualFileSystem::the().chown(credentials, *custody, uid, gid);
-    if (inode)
+        VERIFY_NOT_REACHED();
-        return inode->chown(uid, gid);
+    }
    if (!credentials.is_superuser() && (credentials.euid() != uid || !credentials.in_group(gid)))
        return set_so_error(EPERM);