derek (01/07/83)
If you protect kmem on your system and allow certain programs like ps to be setgid to read it, be sure to turn off the read permissions for ps. Otherwise, a user may start ps and issue the quit signal to dump core. The user then has a file which s/he owns but in with a group id which is able to read kmem. The user may copy any program onto the core image, turn on the setgid bit and presto - a program which can read kmem again. Derek Andrew U of Saskatchewan
ka (01/08/83)
This won't work on USG UNIXes; you can't set the setgid bit on a file if your gid differs from the gid of the file. Is Berkeley UNIX different? Kenneth Almquist
derek (01/09/83)
Further on running ps type programs with setgid ro read kmem: On 2.81BSD you are allowed to setgid a file if you own it. It has been brought to my attention that programs such as ps should be setuid rather than setgid in order to prevent them from dumping core on request. Derek Andrew U of Saskatchewan
sjb (01/10/83)
Unfortunately, 4.1bsd allows anyone who owns a file to set the setgid bit regardless of whether or not they belong in its group, and if you can cause a setgid program to dump core, you have a file which belongs to a supposedly priviledged group; you can then put anything you want in that file and make it setgid. There is a two line fix to the kernel which I installed on our comet a few months ago. It does not permit a person to set the setgid bit of a file unless his/her gid matches that of the file. The fix follows: *** osys4.c Sun Jan 9 23:01:51 1983 --- sys4.c Sun Jan 9 23:01:34 1983 *************** *** 261,266 ip->i_mode &= ~07777; if (u.u_uid) uap->fmode &= ~ISVTX; ip->i_mode |= uap->fmode&07777; ip->i_flag |= ICHG; if (ip->i_flag&ITEXT && (ip->i_mode&ISVTX)==0) --- 261,268 ----- ip->i_mode &= ~07777; if (u.u_uid) uap->fmode &= ~ISVTX; + if (u.u_uid && u.u_gid != ip->i_gid) + uap->fmode &= ~ISGID; ip->i_mode |= uap->fmode&07777; ip->i_flag |= ICHG; if (ip->i_flag&ITEXT && (ip->i_mode&ISVTX)==0)