Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Feb 1997 04:01:27 -0800
From:      David Greenman <dg@root.com>
To:        Andrew Kosyakov <caseq@magrathea.chance.ru>
Cc:        imp@village.org (Warner Losh), marcs@znep.com, security@freebsd.org
Subject:   Re: Coredumps and setuids .. interesting.. 
Message-ID:  <199702201201.EAA25095@root.com>
In-Reply-To: Your message of "Thu, 20 Feb 1997 14:31:06 %2B0300." <199702201131.OAA14947@magrathea.chance.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 

>And I'd like to ask again: is there an official patch for 2.1.* to disable
>P_SUGID process to dump core? Many people can't afford to upgrade the whole
>OS on their production machines :-(

   The patch is attached.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project

Index: sys/kern/kern_exec.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v
retrieving revision 1.21.4.6
diff -c -r1.21.4.6 kern_exec.c
*** kern_exec.c	1996/06/04 02:11:37	1.21.4.6
--- kern_exec.c	1997/02/19 18:13:53
***************
*** 259,265 ****
  			p->p_ucred->cr_groups[0] = attr.va_gid;
  		p->p_flag |= P_SUGID;
  	} else {
! 		p->p_flag &= ~P_SUGID;
  	}
  
  	/*
--- 259,267 ----
  			p->p_ucred->cr_groups[0] = attr.va_gid;
  		p->p_flag |= P_SUGID;
  	} else {
! 	        if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
! 		    p->p_ucred->cr_gid == p->p_cred->p_rgid)
! 			p->p_flag &= ~P_SUGID;
  	}
  
  	/*
Index: sys/kern/kern_fork.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_fork.c,v
retrieving revision 1.12.4.2
retrieving revision 1.12.4.3
diff -c -r1.12.4.2 -r1.12.4.3
*** kern_fork.c	1996/05/02 12:09:04	1.12.4.2
--- kern_fork.c	1997/02/17 10:58:02	1.12.4.3
***************
*** 252,257 ****
--- 252,261 ----
  		p2->p_limit->p_refcnt++;
  	}
  
+ 	/*
+ 	 * Preserve some flags in subprocess.
+ 	 */
+ 	p2->p_flag |= p1->p_flag & P_SUGID;
  	if (p1->p_session->s_ttyvp != NULL && p1->p_flag & P_CONTROLT)
  		p2->p_flag |= P_CONTROLT;
  	if (isvfork)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702201201.EAA25095>