Date: Tue, 4 Sep 2001 19:18:01 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: security@FreeBSD.org Subject: Re: at(1) sugid fixes Message-ID: <20010904191801.F1669@sunbay.com> In-Reply-To: <20010903143510.D49997@sunbay.com>; from ru@FreeBSD.org on Mon, Sep 03, 2001 at 02:35:10PM %2B0300 References: <20010903143510.D49997@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This patch has just been committed. On Mon, Sep 03, 2001 at 02:35:10PM +0300, Ruslan Ermilov wrote: > Hi! > > The attached patch fixes at(1) macros that manipulate user > and group IDs of the proccess so that they don't change the > real user and group IDs of the process, and instead use the > saved user and group IDs feature. > > The setre[ug]id() calls are still used with the REDUCE_PERM > macro (with the r[ug]id arguments of -1) so that the call > changes the saved user/group ID of the process to that > specified. > > That is to say, if the process was initially run ``setuid > root'', the call to ``REDUCE_PERM(1, ...)'' changes the > process's saved-user-ID to that of the user "daemon", and > the process then becomes ``setuid daemon'' (with effective > privileges temporarily relinquished to the real privileges). > > Also, the panic() and perr() functions had insufficient > privileges to delete the problematic file under /var/at. > > Comments/reviews are welcome. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010904191801.F1669>