bostic@OKEEFFE.BERKELEY.EDU (Keith Bostic) (01/18/89)
Subject: chown security problem Index: sys 4.3BSD-tahoe Description: There's a security problem associated with 4.3BSD and 4.3BSD-tahoe systems involving the chown(2) system call. It may exist in 4.3BSD derived systems; contact your vendor for more information. Fix: Apply the attached patch. *** /tmp/d24713 Sun Jan 8 08:37:32 1989 --- ufs_syscalls.c Fri Jan 6 15:19:04 1989 *************** *** 3,9 **** * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. * ! * @(#)ufs_syscalls.c 7.3 (Berkeley) 4/18/87 */ #include "param.h" --- 3,9 ---- * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. * ! * @(#)ufs_syscalls.c 7.4 (Berkeley) 1/6/89 */ #include "param.h" *************** *** 624,629 **** --- 624,631 ---- if (fp == NULL) return; ip = (struct inode *)fp->f_data; + if (u.u_uid != ip->i_uid && !suser()) + return; ILOCK(ip); u.u_error = chown1(ip, uap->uid, uap->gid); IUNLOCK(ip); *************** *** 647,654 **** uid = ip->i_uid; if (gid == -1) gid = ip->i_gid; - if (uid != ip->i_uid && !suser()) - return (u.u_error); if (gid != ip->i_gid && !groupmember((gid_t)gid) && !suser()) return (u.u_error); #ifdef QUOTA --- 649,654 ----