Date: Sun, 7 Apr 2002 16:01:18 +0200 From: =?ISO-8859-2?Q?Pawe=B3_Jakub_Dawidek?= <nick@garage.freebsd.pl> To: freebsd-hackers@freebsd.org Subject: Patch for setgroups(). Message-ID: <20020407160118.A84861@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hey.
What do You think about this patch?
This can help non-root applications like apache etc.
For example when I got access to many files from many groups when attacker
will exploit this application he got access to all files, coz there is no
way to setgroups() if I am non-root and maybe only demon needs access to all
files - child needs only access to files owned by one group.
Here You got patch:
[15:52:00] [ttyq0] [52] leila:root:# diff /sys/kern/kern_prot.c.old /sys/kern/kern_prot.c.new
613c613
< int error;
---
> int error, i, j, stat, root = 1;
616c616
< return (error);
---
> root = 0;
633c633
< } else {
---
> } else if (root) {
636a637,656
> pc->pc_ucred->cr_ngroups = ngrp;
> } else {
> if ((caddr_t)(intptr_t)fuword(uap->gidset) == (caddr_t)(-1))
{
> return (EINVAL);
> if (ngrp > pc->pc_ucred->cr_ngroups)
> return (EPERM);
> for (i = 0; i < ngrp; i++) {
> stat = 0;
> for (j = 0; j < pc->pc_ucred->cr_ngroups; j++) {
> if (uap->gidset[i] ==
> pc->pc_ucred->cr_groups[j]) {
> stat = 1;
> break;
> }
> }
> if (!stat)
> return (EPERM);
> }
> for (i = 0; i < ngrp; i++)
> pc->pc_ucred->cr_groups[i] = uap->gidset[i];
--
Paweł Jakub Dawidek
Network Administrator.
Am I Evil? Yes, I Am.
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBPLBRLj/PhmMH/Mf1AQGgYwQAnDT4DPJurjrKAJE7+4uemaAm7XdVf3VA
F+G0nreyHnM2aJB+lkY+aZpQtUQAWVBoKxsFp/IG1UEk5ZmLsEbxAjHQuOWc05I2
LXz4M435suaSv2t2wr+IYkcrJg11Euw2Y7mZvxE3p+1myrSyCANENiirl7xR9O3F
Bgr/d3YPzFk=
=mRph
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020407160118.A84861>