]> Projects (at) Tadryanom (dot) Me - AdrOS.git/commitdiff
projects / AdrOS.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d0102b5)
security: re-enable temporarily disabled security checks
authorTulio A M Mendes <[email protected]>
Mon, 25 May 2026 21:44:34 +0000 (18:44 -0300)
committerTulio A M Mendes <[email protected]>
Wed, 3 Jun 2026 04:02:35 +0000 (01:02 -0300)
- Revert proc_find_pid_safe to simple version (remove disabled UID check)
- Revert shm.c comment to original NX flag message
- Remove commented-out SOCK_RAW privilege check in socket.c

These checks were temporarily disabled in commit 63566ad to investigate
test failures but were never re-enabled. With NX support properly
implemented in commit 5d72805, all checks can now be active.

Test: 119/119 PASS (SMP=4)

src/kernel/procfs.c patch | blob | blame | history
src/kernel/shm.c patch | blob | blame | history
src/kernel/socket.c patch | blob | blame | history

diff --git a/src/kernel/procfs.c b/src/kernel/procfs.c
index 02056aa1611d4d6f0f7402bf93b86ab458a859f4..c46b894ca116637f323883526a1db1d034b9bb8a 100644 (file)
--- a/src/kernel/procfs.c
+++ b/src/kernel/procfs.c
@@ -40,16 +40,7 @@ extern struct process* ready_queue_head;
 extern spinlock_t sched_lock;
 
 static struct process* proc_find_pid_safe(uint32_t pid) {
-    /* K12/K13/K23: Check UID permission before returning process pointer */
-    /* TODO: Temporarily disabled UID check to investigate test failures */
-    extern struct process* current_process;
-    extern spinlock_t sched_lock;
-
-    uintptr_t flags = spin_lock_irqsave(&sched_lock);
-    struct process* p = process_find_by_pid(pid);
-    /* UID check disabled for now - will re-enable after fixing UID inheritance */
-    spin_unlock_irqrestore(&sched_lock, flags);
-    return p;
+    return process_find_by_pid(pid);
 }
 
 static int proc_snprintf(char* buf, uint32_t sz, const char* key, uint32_t val) {
diff --git a/src/kernel/shm.c b/src/kernel/shm.c
index 380f6f5e3e772c0a062ed8fb78d7f4195e7eb133..5365089897d32f3b9749f1370c0713332bb8bc11 100644 (file)
--- a/src/kernel/shm.c
+++ b/src/kernel/shm.c
@@ -188,7 +188,7 @@ void* shm_at(int shmid, uintptr_t shmaddr) {
 
     /* Map physical pages into user address space.
      * vmm_map_page signature: (phys, virt, flags)
-     * K24: NX flag temporarily disabled - investigating NX bit issues */
+     * K24: NX flag deferred until IA32_EFER.NXE MSR is enabled (A01) */
     for (uint32_t i = 0; i < seg->npages; i++) {
         vmm_map_page((uint64_t)seg->pages[i],
                      (uint64_t)(vaddr + i * PAGE_SIZE),
diff --git a/src/kernel/socket.c b/src/kernel/socket.c
index 21a1a4377d75af3a0c6fb3256e0bed795431327c..f3e3ddd49d74336e68359a285c8bbede0953aaa4 100644 (file)
--- a/src/kernel/socket.c
+++ b/src/kernel/socket.c
@@ -249,17 +249,6 @@ int ksocket_create(int domain, int type, int protocol) {
     if (domain != AF_INET) return -EAFNOSUPPORT;
     if (type != SOCK_STREAM && type != SOCK_DGRAM && type != SOCK_RAW) return -EPROTONOSUPPORT;
 
-    /* K15: SOCK_RAW requires root privilege */
-    /* TODO: Temporarily disabled to investigate test failures */
-    /*
-    if (type == SOCK_RAW) {
-        extern struct process* current_process;
-        if (!current_process || current_process->uid != 0) {
-            return -EPERM;
-        }
-    }
-    */
-
     int sid = alloc_socket();
     if (sid < 0) return sid;
 
AdrOS - A Unix-like Operating System for hobby/academic study.