DragonFly BSD
DragonFly commits List (threaded) for 2009-09
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: git: Fix chdir/fchdir for setuid/setgid binaries


From: "Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>
Date: Wed, 30 Sep 2009 17:18:00 +0200

Simon Schubert wrote:
commit 609c6f34fef1b0942cfff9f26bc1844a4858ad7c
Author: Simon 'corecode' Schubert <corecode@fs.ei.tum.de>
Date:   Wed Sep 30 17:02:24 2009 +0200

Fix chdir/fchdir for setuid/setgid binaries
Access checks for a directory have to be done using the euid/egid, not
the ruid/rgid.

There are certainly many more of these problems. We need to address those before we roll 2.4.1. I think we should audit all calls to VOP_ACCESS. Also, I suggest creating VOP_RACCESS, removing VOP_EACCESS and making the effective id check default in VOP_ACCESS, since most permission checks in the kernel refer to the effective ids, and only select ones deal with the real ids.


cheers
 simon



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]