ucred when euid/egid
Anthony Pankov
ap00 at mail.ru
Fri Nov 27 16:52:45 UTC 2009
Hello,
I face some misunderstood situation related to the access permissions.
There is a program(script) with the suid/sgid (mode 6555):
r-sr-sr-x fuser:proggroup theprog
There is a file:
rw-rw---- someone:filegroup thefile
User 'fuser' (==program euid) have primary group 'filegroup'(==group,
who can read/write thefile).
Program try to read(write) thefile and fail with permissions.
I don't fully understand why.
According VOP_ACCESS(9) there is a check
/* Otherwise, check the groups. */
for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
...
So, i have only one assumption: when seteuided program executed ucred
struct and cred->cr_groups doesn't change accordingly to euid/egid and
stay the same as for executor.
Is this a bug (how can i fix it) or feature (how can i bypass it)?
--
Best regards,
Anthony mailto:ap00 at mail.ru
More information about the freebsd-hackers
mailing list