From owner-freebsd-hackers  Mon Nov 27 10:14:36 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id KAA17656
          for hackers-outgoing; Mon, 27 Nov 1995 10:14:36 -0800
Received: from alpha.dsu.edu (ghelmer@alpha.dsu.edu [138.247.32.12])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id KAA17651
          for <freebsd-hackers@FreeBSD.org>; Mon, 27 Nov 1995 10:14:34 -0800
Received: (from ghelmer@localhost) by alpha.dsu.edu (8.7.1/8.7.1) id MAA03082; Mon, 27 Nov 1995 12:14:20 -0600 (CST)
Date: Mon, 27 Nov 1995 12:14:19 -0600 (CST)
From: Guy Helmer <ghelmer@alpha.dsu.edu>
To: Charles Henrich <henrich@crh.cl.msu.edu>
cc: freebsd-hackers@FreeBSD.org
Subject: Re: Security bug?
In-Reply-To: <199511270130.UAA01244@crh.cl.msu.edu>
Message-ID: <Pine.OSF.3.91.951127121022.1480A-100000@alpha.dsu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.org
Precedence: bulk

On Sun, 26 Nov 1995, Charles Henrich wrote:

> I am attempting to track down this bug, and Its driving me crazy.  I have
> modified the NCSA web server to change its uid to whomever is authenticating to
> it.  If the person authenticating is root, I force a change ownership to a
> different uid via setuid() seteuid() setgid() and setegid() calls.  The
> problem, is after all the set[ug]* calls, I am still able to execute programs
> that I shouldnt even be able to read!

Have you looked at setgroups(2)?  Your program probably still has the 
wrong group(s) in the group access list.

> [...]
> In any case, if any of you have made it this far, any ideas?
> 
> -Crh
>     Charles Henrich     Michigan State University     henrich@crh.cl.msu.edu

Hope this helps,
Guy Helmer

Guy Helmer, Dakota State University Computing Services - ghelmer@alpha.dsu.edu