From owner-freebsd-bugs  Sun Oct  7 20:50:17 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 77DA237B407
	for <freebsd-bugs@hub.freebsd.org>; Sun,  7 Oct 2001 20:50:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f983o1j83927;
	Sun, 7 Oct 2001 20:50:01 -0700 (PDT)
	(envelope-from gnats)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id D3D5937B407
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  7 Oct 2001 20:41:12 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f983fCv83034;
	Sun, 7 Oct 2001 20:41:12 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200110080341.f983fCv83034@freefall.freebsd.org>
Date: Sun, 7 Oct 2001 20:41:12 -0700 (PDT)
From: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: kern/31122: linux setre*uid() doesn't handle uid -1 properly
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         31122
>Category:       kern
>Synopsis:       linux setre*uid() doesn't handle uid -1 properly
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 07 20:50:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Takanori Saneto
>Release:        5.0-CURRENT as of 2001/10/07
>Organization:
an individual
>Environment:
FreeBSD muse.sanewo 5.0-CURRENT FreeBSD 5.0-CURRENT #2: Sun Oct  7 18:06:09 JST 2001     root@muse.sanewo:/export/usr/obj/usr/src/sys/MUSE  i386
>Description:
Although manpage of setre*uid() says that "Passing -1 as an argument causes the corresponding value to remain
     unchanged," under linux ABI, they are
treated as if 65535 was specified. (Maybe this is i386 specific)
Because of this, vmware won't start up on CURRENT.

>How-To-Repeat:
Compile following program in linux environment and run it as root.
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

void
printid()
{
  printf("ruid=%d, euid=%d\n", getuid(), geteuid());
}

int
main(int ac, char **av)
{
  printid();
  if (setreuid(-1,-1) < 0) { perror("setreuid"); exit(1); }
  printid();
}

>Fix:
Following patch should fix the problem. Yes, it's a quick hack.

Index: src/sys/compat/linux/linux_uid16.c
===================================================================
RCS file: /export/cvsup/cvs/src/sys/compat/linux/linux_uid16.c,v
retrieving revision 1.2
diff -u -u -r1.2 linux_uid16.c
--- linux_uid16.c	12 Sep 2001 08:36:57 -0000	1.2
+++ linux_uid16.c	15 Sep 2001 06:32:48 -0000
@@ -244,13 +244,16 @@
 	return (setuid(td, &bsd));
 }
 
+#define NOIDCHG16 ((l_uid16_t)-1)
+#define NOIDCHG32 ((uid_t) -1)
+
 int
 linux_setregid16(struct thread *td, struct linux_setregid16_args *args)
 {
 	struct setregid_args bsd;
 
-	bsd.rgid = args->rgid;
-	bsd.egid = args->egid;
+	bsd.rgid = args->rgid == NOIDCHG16? NOIDCHG32: args->rgid;
+	bsd.egid = args->egid == NOIDCHG16? NOIDCHG32: args->egid;
 	return (setregid(td, &bsd));
 }
 
@@ -259,8 +262,8 @@
 {
 	struct setreuid_args bsd;
 
-	bsd.ruid = args->ruid;
-	bsd.euid = args->euid;
+	bsd.ruid = args->ruid == NOIDCHG16? NOIDCHG32: args->ruid;
+	bsd.euid = args->euid == NOIDCHG16? NOIDCHG32: args->euid;
 	return (setreuid(td, &bsd));
 }
 
@@ -269,9 +272,9 @@
 {
 	struct setresgid_args bsd;
 
-	bsd.rgid = args->rgid;
-	bsd.egid = args->egid;
-	bsd.sgid = args->sgid;
+	bsd.rgid = args->rgid == NOIDCHG16? NOIDCHG32: args->rgid;
+	bsd.egid = args->egid == NOIDCHG16? NOIDCHG32: args->egid;
+	bsd.egid = args->sgid == NOIDCHG16? NOIDCHG32: args->sgid;
 	return (setresgid(td, &bsd));
 }
 
@@ -280,8 +283,8 @@
 {
 	struct setresuid_args bsd;
 
-	bsd.ruid = args->ruid;
-	bsd.euid = args->euid;
-	bsd.suid = args->suid;
+	bsd.ruid = args->ruid == NOIDCHG16? NOIDCHG32: args->ruid;
+	bsd.euid = args->euid == NOIDCHG16? NOIDCHG32: args->euid;
+	bsd.euid = args->suid == NOIDCHG16? NOIDCHG32: args->suid;
 	return (setresuid(td, &bsd));
 }


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message