From 5e4aa75e034f1be1fe661fde40cc83b9ef5c4ecf Mon Sep 17 00:00:00 2001
From: Bananymous <oskari.alaranta@bananymous.com>
Date: Tue, 17 Sep 2024 15:57:07 +0300
Subject: [PATCH] Kernel: Perform access checks when creating a file or a
 directory

Also SYS_CREATE_DIR now uses correct relative path. It used to always
create files relative to root. And as no permission checks were tested,
file creation succeeded to root as long as path did not contain '/' :D
---
 kernel/kernel/Process.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/kernel/kernel/Process.cpp b/kernel/kernel/Process.cpp
index 2229d3ef..38de3ba6 100644
--- a/kernel/kernel/Process.cpp
+++ b/kernel/kernel/Process.cpp
@@ -807,6 +807,8 @@ namespace Kernel
 		{
 			parent_inode = parent.inode;
 			file_name = path;
+			if (!parent_inode->can_access(m_credentials, O_WRONLY))
+				return BAN::Error::from_errno(EACCES);
 		}
 
 		if (Inode::Mode(mode).ifdir())
@@ -977,7 +979,12 @@ namespace Kernel
 		BAN::StringView path_sv(path);
 		if (!path_sv.empty() && path_sv.back() == '/')
 			path_sv = path_sv.substring(0, path_sv.size() - 1);
-		TRY(create_file_or_dir(VirtualFileSystem::get().root_file(), path_sv, Inode::Mode::IFDIR | mode));
+		if (path_sv.empty())
+			return BAN::Error::from_errno(EINVAL);
+		if (path[0] == '/')
+			TRY(create_file_or_dir(VirtualFileSystem::get().root_file(), path_sv, Inode::Mode::IFDIR | mode));
+		else
+			TRY(create_file_or_dir(m_working_directory, path_sv, Inode::Mode::IFDIR | mode));
 		return 0;
 	}