Subject: issetugid semantics differences
To: None <tech-kern@netbsd.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 07/02/2002 03:47:37
----Next_Part(Tue_Jul__2_03:47:37_2002_160)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
hi.
semantics of issetugid(2) on NetBSD is different from
OpenBSD/FreeBSD. is it intended?
(to untaint the process, only execve is needed on NetBSD,
while setuid+execve are needed on others.)
---
YAMAMOTO Takashi<yamt@mwd.biglobe.ne.jp>
----Next_Part(Tue_Jul__2_03:47:37_2002_160)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="kern_exec.diff"
Index: kern_exec.c
===================================================================
RCS file: /cvs/cvsroot/syssrc/sys/kern/kern_exec.c,v
retrieving revision 1.152
diff -u -p -r1.152 kern_exec.c
--- kern_exec.c 2002/04/23 15:11:25 1.152
+++ kern_exec.c 2002/07/01 18:45:09
@@ -642,7 +642,8 @@ sys_execve(struct proc *p, void *v, regi
p->p_ucred->cr_uid = attr.va_uid;
if (attr.va_mode & S_ISGID)
p->p_ucred->cr_gid = attr.va_gid;
- } else
+ } else if (cred->cr_uid == p->p_cred->p_ruid &&
+ cred->cr_gid == p->p_cred->p_rgid)
p->p_flag &= ~P_SUGID;
p->p_cred->p_svuid = p->p_ucred->cr_uid;
p->p_cred->p_svgid = p->p_ucred->cr_gid;
----Next_Part(Tue_Jul__2_03:47:37_2002_160)----