Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 7 Apr 2002 16:01:18 +0200
From:      =?ISO-8859-2?Q?Pawe=B3_Jakub_Dawidek?= <nick@garage.freebsd.pl>
To:        freebsd-hackers@freebsd.org
Subject:   Patch for setgroups().
Message-ID:  <20020407160118.A84861@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help 

--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=ISO-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hey.

What do You think about this patch?
This can help non-root applications like apache etc.
For example when I got access to many files from many groups when attacker
will exploit this application he got access to all files, coz there is no
way to setgroups() if I am non-root and maybe only demon needs access to all
files - child needs only access to files owned by one group.

Here You got patch:
[15:52:00] [ttyq0] [52] leila:root:# diff /sys/kern/kern_prot.c.old /sys/ke=
rn/kern_prot.c.new
613c613
<       int error;
---
>       int error, i, j, stat, root =3D 1;
616c616
<               return (error);
---
>               root =3D 0;
633c633
<       } else {
---
>       } else if (root) {
636a637,656
>               pc->pc_ucred->cr_ngroups =3D ngrp;
>       } else {
>               if ((caddr_t)(intptr_t)fuword(uap->gidset) =3D=3D (caddr_t)=
(-1))
{
>                       return (EINVAL);
>               if (ngrp > pc->pc_ucred->cr_ngroups)
>                       return (EPERM);
>               for (i =3D 0; i < ngrp; i++) {
>                       stat =3D 0;
>                       for (j =3D 0; j < pc->pc_ucred->cr_ngroups; j++) {
>                               if (uap->gidset[i] =3D=3D
>                                   pc->pc_ucred->cr_groups[j]) {
>                                       stat =3D 1;
>                                       break;
>                               }
>                       }
>                       if (!stat)
>                               return (EPERM);
>               }
>               for (i =3D 0; i < ngrp; i++)
>                       pc->pc_ucred->cr_groups[i] =3D uap->gidset[i];

--=20
Pawe=B3 Jakub Dawidek
Network Administrator.
Am I Evil? Yes, I Am.

--ew6BAiZeqk4r7MaW
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBPLBRLj/PhmMH/Mf1AQGgYwQAnDT4DPJurjrKAJE7+4uemaAm7XdVf3VA
F+G0nreyHnM2aJB+lkY+aZpQtUQAWVBoKxsFp/IG1UEk5ZmLsEbxAjHQuOWc05I2
LXz4M435suaSv2t2wr+IYkcrJg11Euw2Y7mZvxE3p+1myrSyCANENiirl7xR9O3F
Bgr/d3YPzFk=
=mRph
-----END PGP SIGNATURE-----

--ew6BAiZeqk4r7MaW--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020407160118.A84861>