n62@nikhefh.nikhef.nl (Klamer Schutte) (09/22/89)
In the fixes to FS as posted by Simon Poole which made fnctl & fifo's possible there is a bug. The result is that anybody can mknod if he wants to -- a security hole. The file with the bug is fs/open.c Here is the fix. Patch (can be done by hand), compile, build & reboot. Note: only tested on a ST. I am not running out of the box minix. Klamer. (.signature at end) ----------------------------------------------------------------------- *** open.c~ Thu Mar 16 08:20:08 1989 --- open.c Thu Sep 21 17:04:50 1989 *************** *** 48,54 **** struct inode *new_node(); /* only super_user may make nodes other than fifo's */ ! if (!super_user && (mode & I_TYPE != I_NAMED_PIPE)) return(EPERM); if (fetch_name(name1, name1_length, M1) != OK) return(err_code); bits = (mode & I_TYPE) | (mode & ALL_MODES & fp->fp_umask); put_inode(new_node(user_path, bits, (zone_nr) addr)); --- 48,54 ---- struct inode *new_node(); /* only super_user may make nodes other than fifo's */ ! if (!super_user && ((mode & I_TYPE) != I_NAMED_PIPE)) return(EPERM); if (fetch_name(name1, name1_length, M1) != OK) return(err_code); bits = (mode & I_TYPE) | (mode & ALL_MODES & fp->fp_umask); put_inode(new_node(user_path, bits, (zone_nr) addr)); -- ____________________Yes, mail address changed again :-(_________________________ Klamer Schutte mcvax!nikhefh!{n62,Schutte} {Schutte,n62}@nikhef.nl