ado@elsie.UUCP (Arthur David Olson) (09/15/84)
Defendant-- /sys/sys/sy4.c
Charge-- The "chmod" function in /sys/sys/sys4.c fails to
let the invoking process know about bum arguments.
Evidence-- As a "normal" (as distinct from "super") user type:
cp /dev/null testing123
chmod +t testing123
chmod 60666 testing123
The first chmod command asks for the sticky bit to be set,
which only the super user is supposed to be able to do.
The sticky bit is not set--but no diagnostic is produced.
The second chmod command tries to set a nonsensical mode.
The nonsense bits are silently ignored.
Verdict-- Not guilty by reason of insanity.
Sentence-- Here are the lines that show how to fix "/sys/sys/sys4.c":
#ifdef OLDVERSION
ip->i_mode &= ~07777;
if (u.u_uid)
uap->fmode &= ~ISVTX;
ip->i_mode |= uap->fmode&07777;
ip->i_flag |= ICHG;
#else
if ((uap->fmode & ~07777) != 0 &&
(uap->fmode & ~07777) != (ip->i_mode & ~07777))
u.u_error = EINVAL;
else if (u.u_uid && (uap->fmode & ISVTX) != 0)
u.u_error = EPERM;
else {
ip->i_mode &= ~07777;
ip->i_mode |= uap->fmode & 07777;
ip->i_flag |= ICHG;
}
#endif
The fix is done in such a way that code like:
#include <sys/types.h>
#include <sys/stat.h>
main()
{
struct stat s;
stat("testing123", &s);
chmod("testing123", s.st_mode | 01);
}
--
...decvax!seismo!umcp-cs!elsie!ado (301) 496-5688
(DEC, VAX and Elsie are Digital Equipment Corp. and Borden's trademarks)