Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Feb 1997 04:15:22 +0100 (MET)
From:      Tor Egge <Tor.Egge@idt.ntnu.no>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/2757: execve() does not handle the P_SUGID flag correctly.
Message-ID:  <199702180315.EAA15772@presis.idt.ntnu.no>
Resent-Message-ID: <199702180320.TAA08592@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         2757
>Category:       kern
>Synopsis:       execve() does not handle the P_SUGID process flag correctly.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 17 19:20:01 PST 1997
>Last-Modified:
>Originator:     Tor Egge
>Organization:
Norwegian University of Science and Technology, Trondheim, Norway
>Release:        FreeBSD 3.0-CURRENT i386
>Environment:

FreeBSD presis.idt.ntnu.no 3.0-CURRENT FreeBSD 3.0-CURRENT #0: Sun Feb  2 18:59:48 MET 1997     root@ikke.idt.unit.no:/usr/src/sys-UP/compile/PRESIS  i386

>Description:

execve() clears the P_SUGID process flag in execve() if the binary
executed does not have suid or sgid permission bits set.

This also happens when the effective uid is different from the real
uid or the effective gid is different from the real gid. Under
these circumstances, the process still has set id privileges and
the P_SUGID flag should not be cleared.

>How-To-Repeat:

>Fix:
	
Index: kern_exec.c
===================================================================
RCS file: /export/akg1/cvs/src/sys/kern/kern_exec.c,v
retrieving revision 1.49
diff -c -r1.49 kern_exec.c
*** kern_exec.c	1997/01/14 06:43:19	1.49
--- kern_exec.c	1997/01/26 16:36:08
***************
*** 285,291 ****
  			p->p_ucred->cr_groups[0] = attr.va_gid;
  		p->p_flag |= P_SUGID;
  	} else {
! 		p->p_flag &= ~P_SUGID;
  	}
  
  	/*
--- 285,293 ----
  			p->p_ucred->cr_groups[0] = attr.va_gid;
  		p->p_flag |= P_SUGID;
  	} else {
! 	        if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
! 		    p->p_ucred->cr_gid == p->p_cred->p_rgid)
! 			p->p_flag &= ~P_SUGID;
  	}
  
  	/*


>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702180315.EAA15772>