From owner-freebsd-current  Wed Feb  5 13:11:29 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C374B37B401
	for <freebsd-current@freebsd.org>; Wed,  5 Feb 2003 13:11:27 -0800 (PST)
Received: from mother.thoughtworks.com (mother.thoughtworks.com [204.178.39.204])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 22D0643F79
	for <freebsd-current@freebsd.org>; Wed,  5 Feb 2003 13:11:27 -0800 (PST)
	(envelope-from anoop@ranganath.com)
Received: from ranganath ([10.4.2.12])
          by mother.thoughtworks.com (Lotus Domino Release 5.0.11)
          with SMTP id 2003020515345261:8473 ;
          Wed, 5 Feb 2003 15:34:52 -0600 
Message-ID: <00e201c2cd5b$14f31c30$0c02040a@ranganath>
From: "Anoop Ranganath" <anoop@ranganath.com>
To: <freebsd-current@freebsd.org>
Subject: tmpfile breakage on setuid executables
Date: Wed, 5 Feb 2003 15:10:54 -0600
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-MIMETrack: Itemize by SMTP Server on Mother/ThoughtWorks.COM/US(Release 5.0.11  |July
 24, 2002) at 02/05/2003 03:34:52 PM,
	Serialize by Router on Mother/ThoughtWorks.COM/US(Release 5.0.11  |July 24, 2002) at
 02/05/2003 03:34:54 PM,
	Serialize complete at 02/05/2003 03:34:54 PM
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

The problem reared it's ugly head when maildrop started mishandling
mesasges.  Here is what I've tracked it down to:

I've used the code at the bottom of this message to isolate this
bug.  The summary is that when I compile the code as root, and then
make it setuid (chmod u+s a.out) and then try to run it as a user, the
tmpfile() fails.  If I run it as root, it works fine.  Conversely, I
can give user ownership of the executable, and then run it as user, and
it works great, but if fails for root.  Again this is only with the
setuid bit set.

My system is FreeBSD 5.0-RELEASE (GENERIC) #0: Thu Jan 16 22:16:53 GMT
2003

Thanks,
Anoop

#include <stdlib.h>
#include <stdio.h>

int main( void )
{
     FILE *stream;

     stream = tmpfile();
     if( stream != NULL ) {
         printf( "File number is %d.\n", fileno( stream ) );
         fclose( stream );

         return EXIT_SUCCESS;
     }

     return EXIT_FAILURE;
}



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message