diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2003-03-09 01:27:51 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2003-03-09 01:27:51 +0000 |
| commit | 5c66c78b07f34ed9acddc827ceb266aae6caeac4 (patch) | |
| tree | 15f8d5cb9a404a39e781fdb5393785b09f0e9df4 /sys | |
| parent | 616c0abb0768f71a6f3153345389cdc0a713da95 (diff) | |
Make the semantics of the P_SUGIDEXEC flag match the issetugid(2)
man page. Instead of just clearing P_SUGIDEXEC if real and effective
uids/gids matched, we now set P_SUGIDEXEC if there is a mismatch in
the real, effective, or saved uid/gid and clear it otherwise.
deraadt@ and tholo@ OK.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/kern_exec.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index c925071c646..77faaf4960f 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exec.c,v 1.75 2002/12/11 00:08:08 miod Exp $ */ +/* $OpenBSD: kern_exec.c,v 1.76 2003/03/09 01:27:50 millert Exp $ */ /* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */ /*- @@ -453,11 +453,15 @@ sys_execve(p, v, retval) } /* - * If process does execve() while it has euid/uid or egid/gid - * which are mismatched, it remains P_SUGIDEXEC. + * If process does execve() while it has a mismatched real, + * effective, or saved uid/gid, we set P_SUGIDEXEC. */ - if (p->p_ucred->cr_uid == p->p_cred->p_ruid && - p->p_ucred->cr_gid == p->p_cred->p_rgid) + if (p->p_ucred->cr_uid != p->p_cred->p_ruid || + p->p_ucred->cr_uid != p->p_cred->p_svuid || + p->p_ucred->cr_gid != p->p_cred->p_rgid || + p->p_ucred->cr_gid != p->p_cred->p_svgid) + p->p_flag |= P_SUGIDEXEC; + else p->p_flag &= ~P_SUGIDEXEC; /* |