ado@elsie.UUCP (Arthur David Olson) (09/15/84)
Defendant-- /sys/sys/sy4.c Charge-- The "chmod" function in /sys/sys/sys4.c fails to let the invoking process know about bum arguments. Evidence-- As a "normal" (as distinct from "super") user type: cp /dev/null testing123 chmod +t testing123 chmod 60666 testing123 The first chmod command asks for the sticky bit to be set, which only the super user is supposed to be able to do. The sticky bit is not set--but no diagnostic is produced. The second chmod command tries to set a nonsensical mode. The nonsense bits are silently ignored. Verdict-- Not guilty by reason of insanity. Sentence-- Here are the lines that show how to fix "/sys/sys/sys4.c": #ifdef OLDVERSION ip->i_mode &= ~07777; if (u.u_uid) uap->fmode &= ~ISVTX; ip->i_mode |= uap->fmode&07777; ip->i_flag |= ICHG; #else if ((uap->fmode & ~07777) != 0 && (uap->fmode & ~07777) != (ip->i_mode & ~07777)) u.u_error = EINVAL; else if (u.u_uid && (uap->fmode & ISVTX) != 0) u.u_error = EPERM; else { ip->i_mode &= ~07777; ip->i_mode |= uap->fmode & 07777; ip->i_flag |= ICHG; } #endif The fix is done in such a way that code like: #include <sys/types.h> #include <sys/stat.h> main() { struct stat s; stat("testing123", &s); chmod("testing123", s.st_mode | 01); } -- ...decvax!seismo!umcp-cs!elsie!ado (301) 496-5688 (DEC, VAX and Elsie are Digital Equipment Corp. and Borden's trademarks)