From owner-freebsd-hackers Sun Apr 7 7: 0: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from milla.33net.fdns.net (milla.33net.fdns.net [217.197.166.58]) by hub.freebsd.org (Postfix) with ESMTP id 2A69A37B41A for ; Sun, 7 Apr 2002 06:59:56 -0700 (PDT) Received: (from nick@localhost) by milla.33net.fdns.net (8.11.6/8.11.6) id g37E1IJ93225 for freebsd-hackers@freebsd.org; Sun, 7 Apr 2002 16:01:18 +0200 (CEST) (envelope-from nick) Date: Sun, 7 Apr 2002 16:01:18 +0200 From: =?ISO-8859-2?Q?Pawe=B3_Jakub_Dawidek?= To: freebsd-hackers@freebsd.org Subject: Patch for setgroups(). Message-ID: <20020407160118.A84861@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ew6BAiZeqk4r7MaW" Content-Disposition: inline User-Agent: Mutt/1.2.5i X-PGP-Key-URL: http://garage.freebsd.pl/keys/PGP.txt X-OS: FreeBSD 4.5-STABLE i386 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --ew6BAiZeqk4r7MaW Content-Type: text/plain; charset=ISO-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey. What do You think about this patch? This can help non-root applications like apache etc. For example when I got access to many files from many groups when attacker will exploit this application he got access to all files, coz there is no way to setgroups() if I am non-root and maybe only demon needs access to all files - child needs only access to files owned by one group. Here You got patch: [15:52:00] [ttyq0] [52] leila:root:# diff /sys/kern/kern_prot.c.old /sys/ke= rn/kern_prot.c.new 613c613 < int error; --- > int error, i, j, stat, root =3D 1; 616c616 < return (error); --- > root =3D 0; 633c633 < } else { --- > } else if (root) { 636a637,656 > pc->pc_ucred->cr_ngroups =3D ngrp; > } else { > if ((caddr_t)(intptr_t)fuword(uap->gidset) =3D=3D (caddr_t)= (-1)) { > return (EINVAL); > if (ngrp > pc->pc_ucred->cr_ngroups) > return (EPERM); > for (i =3D 0; i < ngrp; i++) { > stat =3D 0; > for (j =3D 0; j < pc->pc_ucred->cr_ngroups; j++) { > if (uap->gidset[i] =3D=3D > pc->pc_ucred->cr_groups[j]) { > stat =3D 1; > break; > } > } > if (!stat) > return (EPERM); > } > for (i =3D 0; i < ngrp; i++) > pc->pc_ucred->cr_groups[i] =3D uap->gidset[i]; --=20 Pawe=B3 Jakub Dawidek Network Administrator. Am I Evil? Yes, I Am. --ew6BAiZeqk4r7MaW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBPLBRLj/PhmMH/Mf1AQGgYwQAnDT4DPJurjrKAJE7+4uemaAm7XdVf3VA F+G0nreyHnM2aJB+lkY+aZpQtUQAWVBoKxsFp/IG1UEk5ZmLsEbxAjHQuOWc05I2 LXz4M435suaSv2t2wr+IYkcrJg11Euw2Y7mZvxE3p+1myrSyCANENiirl7xR9O3F Bgr/d3YPzFk= =mRph -----END PGP SIGNATURE----- --ew6BAiZeqk4r7MaW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message