summaryrefslogtreecommitdiffstats
path: root/main/ipfw-grsec/ipfw-strict-uidgid.patch
blob: cf4376b9569c455f6971bb7cbad1c37ca05f8c90 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
--- ipfw3-2012.orig/glue.h
+++ ipfw3-2012/glue.h
@@ -102,6 +102,24 @@
 #include <linux/in.h>		/* struct in_addr */
 #include <linux/in6.h>		/* struct in6_addr */
 #include <linux/icmp.h>
+
+#ifdef CONFIG_UIDGID_STRICT_TYPE_CHECKS
+#include <linux/uidgid.h>
+
+#define KUID_TO_SUID(x) (__kuid_val(x))
+#define KGID_TO_SGID(x) (__kgid_val(x))
+#define SUID_TO_KUID(x) (KUIDT_INIT(x))
+#define SGID_TO_KGID(x) (KGIDT_INIT(x))
+
+#else
+
+#define KUID_TO_SUID(x) (x)
+#define KGID_TO_SGID(x) (x)
+#define SUID_TO_KUID(x) (x)
+#define SGID_TO_KGID(x) (x)
+
+#endif
+
 /*
  * LIST_HEAD in queue.h conflict with linux/list.h
  * some previous linux include need list.h definition
--- ipfw3-2012.orig/kipfw/ipfw2_mod.c
+++ ipfw3-2012/kipfw/ipfw2_mod.c
@@ -737,8 +737,8 @@
 	if ((1<<st) & GOOD_STATES) {
 		read_lock_bh(&sk->sk_callback_lock);
 		if (sk->sk_socket && sk->sk_socket->file) {
-			u->uid = sk->sk_socket->file->_CURR_UID;
-			u->gid = sk->sk_socket->file->_CURR_GID;
+			u->uid = KUID_TO_SUID(sk->sk_socket->file->_CURR_UID);
+			u->gid = KGID_TO_SGID(sk->sk_socket->file->_CURR_GID);
 		}
 		read_unlock_bh(&sk->sk_callback_lock);
 	} else {