From owner-freebsd-bugs@FreeBSD.ORG  Sat Dec 15 20:57:31 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BFF8816A418;
	Sat, 15 Dec 2007 20:57:31 +0000 (UTC)
	(envelope-from jhein@timing.com)
Received: from Daffy.timing.com (ns2.timing.com [206.168.13.218])
	by mx1.freebsd.org (Postfix) with ESMTP id 7577613C44B;
	Sat, 15 Dec 2007 20:57:31 +0000 (UTC)
	(envelope-from jhein@timing.com)
Received: from gromit.timing.com (gromit.timing.com [206.168.13.209])
	by Daffy.timing.com (8.13.1/8.13.1) with ESMTP id lBFKYHZQ061606;
	Sat, 15 Dec 2007 13:34:17 -0700 (MST)
	(envelope-from jhein@timing.com)
Received: from gromit.timing.com (localhost [127.0.0.1])
	by gromit.timing.com (8.14.1/8.14.1) with ESMTP id lBFKYCcf063357;
	Sat, 15 Dec 2007 13:34:12 -0700 (MST)
	(envelope-from jhein@gromit.timing.com)
Received: (from jhein@localhost)
	by gromit.timing.com (8.14.1/8.14.1/Submit) id lBFKYCCZ063354;
	Sat, 15 Dec 2007 13:34:12 -0700 (MST) (envelope-from jhein)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <18276.14916.558608.558552@gromit.timing.com>
Date: Sat, 15 Dec 2007 13:34:12 -0700
From: John E Hein <jhein@timing.com>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
In-Reply-To: <17983.38516.966371.23214@gromit.timing.com>
References: <200705020011.l420BC2t051835@gromit.timing.com>
	<200705020050.l420o3qI065567@freefall.freebsd.org>
	<17983.38516.966371.23214@gromit.timing.com>
X-Mailer: VM 7.19 under Emacs 22.0.99.1
X-Virus-Scanned: ClamAV version 0.91.2,
	clamav-milter version 0.91.2 on Daffy.timing.com
X-Virus-Status: Clean
Cc: 
Subject: Re: bin/112336: install -S (safe copy) with -C or -p is not so safe
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Dec 2007 20:57:31 -0000

Here is an update to the patch to refresh it after a recent commit to
xinstall.c and to additionally check euid which is important in some
non-superuser cases.

Index: xinstall.c
===================================================================
RCS file: /base/FreeBSD-CVS/src/usr.bin/xinstall/xinstall.c,v
retrieving revision 1.68
diff -u -p -r1.68 xinstall.c
--- xinstall.c	14 Dec 2007 08:46:57 -0000	1.68
+++ xinstall.c	15 Dec 2007 20:21:35 -0000
@@ -278,6 +278,7 @@ install(const char *from_name, const cha
 	int devnull, files_match, from_fd, serrno, target;
 	int tempcopy, temp_fd, to_fd;
 	char backup[MAXPATHLEN], *p, pathbuf[MAXPATHLEN], tempfile[MAXPATHLEN];
+	uid_t euid;
 
 	files_match = 0;
 	from_fd = -1;
@@ -322,7 +323,20 @@ install(const char *from_name, const cha
 	if (docompare && !dostrip && target) {
 		if ((to_fd = open(to_name, O_RDONLY, 0)) < 0)
 			err(EX_OSERR, "%s", to_name);
-		if (devnull)
+		/*
+		 * Even if the contents are the same, we want to rename
+		 * temp files when doing a "safe" copy if the
+		 * permissions and ownership need to change.  We may
+		 * not have permission to chown/chmod the "to" file
+		 * directly.
+		 */
+		if (tempcopy && (euid = geteuid()) != 0 &&
+		    euid != to_sb.st_uid &&
+		    ((gid != (gid_t)-1 && gid != to_sb.st_gid) ||
+		    (uid != (uid_t)-1 && uid != to_sb.st_uid) ||
+		    (mode != (to_sb.st_mode & ALLPERMS))))
+		    files_match = 0;
+		else if (devnull)
 			files_match = to_sb.st_size == 0;
 		else
 			files_match = !(compare(from_fd, from_name,