setegid bug
Mike Meyer
mwm at mired.org
Thu Jun 7 22:04:38 UTC 2007
In <20070607213650.c02130bf.stas at FreeBSD.org>, Stanislav Sedov <stas at FreeBSD.org> typed:
> Recently several FreeBSD samba users reported a scary problem with
> samba (http://bugzilla.samba.org/?id=3990). Further research in
> cooperation with Timur Bakeyev (timur) showed, that we have a little
> problem with setegid implementation. In FreeBSD (and even in
> 4.4BSD-Lite2) egid of the process is merely groups[0], so calling
> seteuid function we simply override the first of supplementary groups.
> However, POSIX says that not rgid, not any of supplementary groups
> should bot be rewritten in setegid call.
>
> Probably, some of old-school committers remembered the initial
> intention of making egid equal to groups[0]? Probably, I have missed
> something?
The old school in this case is UC Berkeley. I found this behavior in
4.1BSD. Since it lets you violate ass-backwards group security
settings (wherein you create a group "undesirables", and have files
owned by that group with group bits 0 to keep them out) by removing
yourself from that group, I reported it as a security bug to
CSRG. Mike's response was that the security model was the bug, not
this problem.
I suspect it was done that way in the initial implementation, and
nobody has ever felt that it should be fixed.
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
More information about the freebsd-arch
mailing list