[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setgid programs

To: benni@phil15.uni-sb.de
Subject: Re: setgid programs
From: bousch@topo.matups.fr (Thierry Bousch)
Date: Thu, 28 Apr 1994 09:02:35 +0200 (MET DST)
Cc: mint@atari.archive.umich.edu (Liste MiNT)
In-reply-to: <9404271713.AA03822@pfsparc01.phil15.uni-sb.de> from "Benjamin Lorenz" at Apr 27, 94 07:13:42 pm

Hello Benjamin,

> MiNT 1.10 seems to be unable to run programs with setgid-flag!
> 
> To test this, I copied `rm' to my home and made a chmod 2755:
> -rwxr-sr-x   1 benni    mail        29018 Apr 27 18:34 rm
> 
> In my spool dir, there is a lockfile, produced by elm:
> -r--------   1 benni    wheel       31322 Apr 27 17:45 benni.lock

I have also noticed the problem when porting Sokoban to the Atari; the
program had been made setuid-daemon (just like on the Sun), and wasn't
unable to remove the lock file it had just created in /tmp.

Apparently, the problem is that files are created with the real uid and
gid of the program, while only the effective uid/gid are considered for
filesystem permissions. This is undoubtedly a problem, but the
filesystems (minixfs & ramfs) are also responsible for this situation,
since they should create files with the effective uid/gid, not the real
ones... (I plead guilty for ramfs.)

Quick fix: make the program setuid-root (You don't care about intruders,
not on MiNT, do you?), since MiNT doesn't check permissions at all when
euid==0. Sokoban works fine with that.

Thierry.

Follow-Ups:
- Re: setgid programs
  - From: benni@phil15.uni-sb.de (Benjamin Lorenz)

References:
- setgid programs
  - From: benni@phil15.uni-sb.de (Benjamin Lorenz)

Prev by Date: Boot-strap Code
Next by Date: Re: mint library fgetc
Previous by thread: setgid programs
Next by thread: Re: setgid programs
Index(es):
- Date
- Thread