I am trying to write my own system call under Arch linux system, the following is the format of the system call:

long getpeuid(pid_t pid, uid_t *uid)

Which is used to get the euid of calling process's parent process.

I know I have to verify three things first:

1. check if the pointer is pointing to the user space. That can be done by access_ok().

2. check if the pointer is pointing to the calling process's address space.

3. check if the calling process has the permission to write to the space the pointer is pointing to.

I found the syscall copy_to_user() can copy the kernel space variable to user space, but I am not sure if the syscall checks the other prerequisites first.

Also, I am not sure how can I get the calling process's parent process euid. I know getppid() could get the parent process ID, but I am not sure how to proceed with that. Can someone give me some hint on this?

Thanks in advance!

EDIT:

A follow up question, if I want to check if the effective uid of parent process is root, I could simply see if euid equals 0, is that right?

EDIT:

Another question, are we allowed to call getppid() and other syscalls inside a syscall? after some googling, it seems like everyone is trying to avoid doing this.

(I'm new to Linux kernel development, please correct this answer as necessary!)

Yes, copy_to_user makes all the needed checks to see if the process is allowed to write to the referenced memory space. That is a major reason why copy_to_user is used so often.

Once you have the PID of the parent process, you will need to get a reference to its task descriptor. I believe you can get that by calling find_task_by_vpid(pid_number).

Now you have a pointer to the parent process' task_struct. It has 2 struct cred * members: cred and real_cred. (I'm not sure which one you should use.) struct cred has a member euid.

If the euid is 0, then yes, the parent process is running as root. Note that if the system uses LXC containers, then it could be root inside a container.