sjb (01/10/83)
The following I recently posted to net.unix-wizards but neglected
to post it here. So sorry.
>From sjb (Adam L. Buchsbaum) Sun Jan 9 23:13:39 1983
Subject: Re: protect kmem and setgid programs
Newsgroups: net.unix-wizards
Unfortunately, 4.1bsd allows anyone who owns a file to set the
setgid bit regardless of whether or not they belong in its group,
and if you can cause a setgid program to dump core, you have a file
which belongs to a supposedly priviledged group; you can then put
anything you want in that file and make it setgid. There is a two
line fix to the kernel which I installed on our comet a few months
ago. It does not permit a person to set the setgid bit of a file
unless his/her gid matches that of the file. The fix follows:
*** osys4.c Sun Jan 9 23:01:51 1983
--- sys4.c Sun Jan 9 23:01:34 1983
***************
*** 261,266
ip->i_mode &= ~07777;
if (u.u_uid)
uap->fmode &= ~ISVTX;
ip->i_mode |= uap->fmode&07777;
ip->i_flag |= ICHG;
if (ip->i_flag&ITEXT && (ip->i_mode&ISVTX)==0)
--- 261,268 -----
ip->i_mode &= ~07777;
if (u.u_uid)
uap->fmode &= ~ISVTX;
+ if (u.u_uid && u.u_gid != ip->i_gid)
+ uap->fmode &= ~ISGID;
ip->i_mode |= uap->fmode&07777;
ip->i_flag |= ICHG;
if (ip->i_flag&ITEXT && (ip->i_mode&ISVTX)==0)