Yes. Also, I found one more bug: fsuid wasn't reset to euid -
so, filesystem access was still possible under the old fsuid
after setresuid(uid, uid, uid). Or was this intentional?
> Yes, that's quite correct. Do you want to supply the patches, or should
> I? The changes you've suggested are quite simple, and IMO are the Right
> Thing.
OK, sorry it took so long, here is the patch for 2.1.13. It adds
the uid 0 check, clears the dumpable flag, and resets fsuid.
setresgid() should be similar but it needs a new syscall number
- I'm not sure what is the proper way to allocate one.
Marek
--- linux/kernel/sys.c.orig Fri Nov 22 10:49:58 1996
+++ linux/kernel/sys.c Wed Nov 27 00:42:23 1996
@@ -514,19 +514,25 @@
old_euid = current->euid;
old_suid = current->suid;
- if ((ruid != (uid_t) -1) && (ruid != current->uid) &&
- (ruid != current->euid) && (ruid != current->suid))
- return -EPERM;
- if ((euid != (uid_t) -1) && (euid != current->uid) &&
- (euid != current->euid) && (euid != current->suid))
- return -EPERM;
- if ((suid != (uid_t) -1) && (suid != current->uid) &&
- (suid != current->euid) && (suid != current->suid))
- return -EPERM;
+ if ((old_ruid != 0) && (old_euid != 0) && (old_suid != 0)) {
+ if ((ruid != (uid_t) -1) && (ruid != old_ruid) &&
+ (ruid != old_euid) && (ruid != old_suid))
+ return -EPERM;
+ if ((euid != (uid_t) -1) && (euid != old_ruid) &&
+ (euid != old_euid) && (euid != old_suid))
+ return -EPERM;
+ if ((suid != (uid_t) -1) && (suid != old_ruid) &&
+ (suid != old_euid) && (suid != old_suid))
+ return -EPERM;
+ }
if (ruid != (uid_t) -1)
current->uid = ruid;
- if (euid != (uid_t) -1)
+ if (euid != (uid_t) -1) {
current->euid = euid;
+ current->fsuid = euid;
+ if (euid != old_euid)
+ current->dumpable = 0;
+ }
if (suid != (uid_t) -1)
current->suid = suid;
return 0;