From 25b40de6a3e55c86d925d10e5f68bacc93282156 Mon Sep 17 00:00:00 2001 From: deraadt Date: Tue, 18 Feb 1997 00:16:05 +0000 Subject: [PATCH] if a P_SUGIDEXEC proc execve()'s a non-set[ug]id program while running with uid/gid mismatches, P_SUGIDEXEC should persist (in case the environment has not been cleaned). pointed out by wietse@porcupine.org --- lib/libc/sys/issetugid.2 | 5 +++-- sys/kern/kern_exec.c | 14 ++++++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/lib/libc/sys/issetugid.2 b/lib/libc/sys/issetugid.2 index 73fa737529b..aca73d10e16 100644 --- a/lib/libc/sys/issetugid.2 +++ b/lib/libc/sys/issetugid.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: issetugid.2,v 1.6 1997/02/05 22:56:43 deraadt Exp $ +.\" $OpenBSD: issetugid.2,v 1.7 1997/02/18 00:16:09 deraadt Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -65,7 +65,8 @@ the specified file. .Pp .Fn issetugid is unaffected by calls to -.Fn setuid +.Fn setuid , +.Fn fork , and other such calls. It is only controlled by .Fn execve . .Sh ERRORS diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 8b6ad57d2e0..7f06d1743be 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exec.c,v 1.7 1996/08/31 09:24:09 pefo Exp $ */ +/* $OpenBSD: kern_exec.c,v 1.8 1997/02/18 00:16:05 deraadt Exp $ */ /* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */ /*- @@ -439,6 +439,14 @@ sys_execve(p, v, retval) wakeup((caddr_t) p->p_pptr); } + /* + * If process does execve() while it has euid/uid or egid/gid + * which are mismatched, it remains P_SUGIDEXEC. + */ + if (p->p_ucred->cr_uid == p->p_cred->p_ruid && + p->p_ucred->cr_gid == p->p_cred->p_rgid) + p->p_flag &= ~P_SUGIDEXEC; + /* * deal with set[ug]id. * MNT_NOEXEC and P_TRACED have already been used to disable s[ug]id. @@ -462,10 +470,8 @@ sys_execve(p, v, retval) p->p_ucred->cr_gid = attr.va_gid; p->p_flag |= P_SUGID; p->p_flag |= P_SUGIDEXEC; - } else { + } else p->p_flag &= ~P_SUGID; - p->p_flag &= ~P_SUGIDEXEC; - } p->p_cred->p_svuid = p->p_ucred->cr_uid; p->p_cred->p_svgid = p->p_ucred->cr_gid; -- 2.20.1