[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MiNT 1.11 BETA: bug in pipefs/shmfs/procfs



The pipe and shm filesystems set the owner of the created files to the
real id of the process, but denyaccess uses the effective id to test
access rights. This means that a process with different real and
effective ids cannot open the files it creates if the effective uid is
not root. For example, ftpd runs with real uid 0 and sets the
effective uid to the logged-in user, and Fpipe will fail to open the
pipe it just has created. The same problem exists on the proc fs,
where such a process could not open its own process file (not very
likely to happen, though...)

--- orig/pipefs.c	Mon Aug  8 07:00:12 1994
+++ pipefs.c	Thu Sep  1 22:00:58 1994
@@ -496,8 +496,8 @@
 	b->date = datestamp;
 	b->dosflags = attrib;
 	b->mode = ((attrib & FA_SYSTEM) ? S_IFCHR : S_IFIFO) | (mode & ~S_IFMT);
-	b->uid = curproc->ruid;
-	b->gid = curproc->rgid;
+	b->uid = curproc->euid;
+	b->gid = curproc->egid;
 
 /* the O_HEAD flag indicates that the file hasn't actually been opened
  * yet; the next open gets to be the pty master. pipe_open will
--- orig/procfs.c	Mon Aug  8 07:10:58 1994
+++ procfs.c	Thu Sep  1 22:10:44 1994
@@ -193,7 +193,7 @@
 	xattr->index = p->pid;
 	xattr->dev = xattr->rdev = PROC_RDEV_BASE | p->pid;
 	xattr->nlink = 1;
-	xattr->uid = p->ruid; xattr->gid = p->rgid;
+	xattr->uid = p->euid; xattr->gid = p->egid;
 	xattr->size = xattr->nblocks = memused(p);
 	xattr->mtime = xattr->ctime = xattr->atime = p->starttime;
 	xattr->mdate = xattr->cdate = xattr->adate = p->startdate;
--- orig/shmfs.c	Thu Feb 17 19:01:54 1994
+++ shmfs.c	Thu Sep  1 22:00:48 1994
@@ -472,8 +472,8 @@
 	s->inuse = 0;
 	strncpy(s->filename, name, SHMNAME_MAX);
 	s->filename[SHMNAME_MAX] = 0;
-	s->uid = curproc->ruid;
-	s->gid = curproc->rgid;
+	s->uid = curproc->euid;
+	s->gid = curproc->egid;
 	s->mode = mode;
 	s->next = shmroot;
 	s->reg = 0;