diff options
| author | Olivier Certner <olce@FreeBSD.org> | 2025-08-27 16:53:14 +0000 |
|---|---|---|
| committer | Olivier Certner <olce@FreeBSD.org> | 2025-09-17 12:16:03 +0000 |
| commit | f75d0dc533923345c653dcdcd5ebd1e53377a7c5 (patch) | |
| tree | 1911f2f1cf331c6fc1d47cb8c40dd5c6238f435f | |
| parent | d39756f23fe223d14ff00b1392ba39e94d5eadbc (diff) | |
cr_canseeothergids(): Make the logic easier to grasp
Invert the initial test on whether the policy is in force so that, if
there are no restrictions, the function bails out early, allowing to
de-indent the rest of the code and have it finish with a non-zero (deny)
'return'.
No functional change (intended).
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52272
| -rw-r--r-- | sys/kern/kern_prot.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 6485254d300d..a4c5bcc52529 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1885,19 +1885,22 @@ SYSCTL_INT(_security_bsd, OID_AUTO, see_other_gids, CTLFLAG_RW, static int cr_canseeothergids(struct ucred *u1, struct ucred *u2) { - if (!see_other_gids) { - if (realgroupmember(u1->cr_rgid, u2)) - return (0); + if (see_other_gids) + return (0); - for (int i = 0; i < u1->cr_ngroups; i++) - if (realgroupmember(u1->cr_groups[i], u2)) - return (0); + /* Restriction in force. */ - if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0) - return (ESRCH); - } + if (realgroupmember(u1->cr_rgid, u2)) + return (0); - return (0); + for (int i = 0; i < u1->cr_ngroups; i++) + if (realgroupmember(u1->cr_groups[i], u2)) + return (0); + + if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) == 0) + return (0); + + return (ESRCH); } /* |