From owner-freebsd-bugs  Mon May  8  7:20: 4 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id E9A4937B8C0
	for <freebsd-bugs@FreeBSD.org>; Mon,  8 May 2000 07:20:00 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id HAA13717;
	Mon, 8 May 2000 07:20:00 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4])
	by hub.freebsd.org (Postfix) with ESMTP id 87D1E37B97B
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  8 May 2000 07:11:02 -0700 (PDT)
	(envelope-from netch@nn.kiev.ua)
Received: from nn.kiev.ua (nn.kiev.ua [193.193.193.203])
	by segfault.kiev.ua (8) with ESMTP id REF99581
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 8 May 2000 17:10:56 +0300 (EEST)
	(envelope-from netch@nn.kiev.ua)
Received: (from netch@localhost)
	by nn.kiev.ua (8.9.3/8.9.3) id RAA05863;
	Mon, 8 May 2000 17:10:50 +0300 (EEST)
	(envelope-from netch)
Message-Id: <200005081410.RAA05863@nn.kiev.ua>
Date: Mon, 8 May 2000 17:10:50 +0300 (EEST)
From: netch@segfault.kiev.ua (Valentin Nechayev)
Reply-To: netch@segfault.kiev.ua
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: kern/18450: issetugid() does not follow syscall conventions
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         18450
>Category:       kern
>Synopsis:       issetugid() does not follow syscall conventions
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 08 07:20:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     netch@netch.kiev.ua (Valentin Nechayev)
>Release:        FreeBSD 4.0-RELENG-20000506 i386
>Organization:
Lucky Netch Incorporated ;)
>Environment:

FreeBSD 4.0-RELENG-20000506 i386

>Description:

When process is "tainted" (see issetugid(2)), issetugid() returns -1
and sets errno to 1 instead of returning 1 without error.

>How-To-Repeat:

netch@nn:~/tmp>cat 9.c
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
int main() {
   int rc, se;
   errno = 0;
   rc = issetugid();
   se = errno;
   printf( "%d; (%d) %s\n", rc, se, strerror( se ) );
   return 1;
}
netch@nn:~/tmp>gcc -o 9 9.c
netch@nn:~/tmp>ls -l 9
-rwxr-xr-x  1 netch  wheel  7763 May  8 17:01 9
netch@nn:~/tmp>./9
0; (0) Undefined error: 0

netch@nn:~/tmp>ls -l 9
-rwsr-xr-x  1 root  wheel  7763 May  8 17:01 9
netch@nn:~/tmp>./9
-1; (1) Operation not permitted

>Fix:

--- kern_prot.c.orig	Mon May  8 17:02:50 2000
+++ kern_prot.c	Mon May  8 17:04:14 2000
@@ -893,8 +893,7 @@
 	 * a user without an exec - programs cannot know *everything*
 	 * that libc *might* have put in their data segment.
 	 */
-	if (p->p_flag & P_SUGID)
-		return (1);
+	p->p_retval[0] = (p->p_flag & P_SUGID) ? 1 : 0;
 	return (0);
 }
 

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message