Instead of contacting PID 1 for dynamic UID/GID lookups for all
UIDs/GIDs that do not qualify as "system" do the more precise check
instead: check if they actually qualify for the "dynamic" range.
return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX;
}
+static inline bool gid_is_dynamic(gid_t gid) {
+ return uid_is_dynamic((uid_t) gid);
+}
+
static inline bool uid_is_system(uid_t uid) {
return uid <= SYSTEM_UID_MAX;
}
}
}
- if (uid_is_system(uid))
+ if (!uid_is_dynamic(uid))
goto not_found;
if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
}
}
- if (gid_is_system(gid))
+ if (!gid_is_dynamic(gid))
goto not_found;
if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
direct_lookup:
if (bypass > 0) {
-
r = direct_lookup_uid(gid, &direct);
if (r == -ENOENT)
goto not_found;
projects / platform / upstream / systemd.git / commitdiff