Date: Tue, 5 Nov 2002 19:09:16 +0600 (NOVT) From: Alexey Dokuchaev <danfe@regency.nsu.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/44929: Uid/gid handling code in IPFW2 userland (/sbin/ipfw) is broken Message-ID: <200211051309.gA5D9Gq9004104@regency.nsu.ru>
next in thread | raw e-mail | index | archive | help
>Number: 44929 >Category: bin >Synopsis: Uid/gid handling code in IPFW2 userland (/sbin/ipfw) is broken >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 05 05:10:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Alexey Dokuchaev >Release: FreeBSD 4.7-STABLE i386 >Organization: CNIT >Environment: System: FreeBSD regency.nsu.ru 4.7-STABLE FreeBSD 4.7-STABLE #4: Tue Oct 29 20:17:48 NOVT 2002 root@regency.nsu.ru:/usr/src/sys/compile/REGENCY i386 >Description: IPFW2 rule parser (both in -STABLE and -CURRENT) does not correctly handle uid/gid specifiers: ipfw add deny all from x.y.z.t to any uid jack ipfw add deny all from x.y.z.t to any uid mary will yield: ?ab00 0 0 deny ip from x.y.z.t to any uid root ?ac00 0 0 deny ip from x.y.z.t to any uid root See above. >How-To-Repeat: >Fix: This fix also brings IPFW2 code in question in sync with old IPFW (which does behave correctly), not to mention it corrects the described bug. Though this diff is against -STABLE, I think it is pretty clear how to apply it to -CURRENT. --- ipfw2.c.orig Tue Oct 29 10:19:15 2002 +++ ipfw2.c Tue Oct 29 10:33:55 2002 @@ -2937,7 +2937,7 @@ pwd = (*end == '\0') ? getpwuid(uid) : getpwnam(*av); if (pwd == NULL) errx(EX_DATAERR, "uid \"%s\" nonexistent", *av); - cmd32->d[0] = uid; + cmd32->d[0] = pwd->pw_uid; cmd->len = F_INSN_SIZE(ipfw_insn_u32); ac--; av++; } @@ -2956,7 +2956,7 @@ if (grp == NULL) errx(EX_DATAERR, "gid \"%s\" nonexistent", *av); - cmd32->d[0] = gid; + cmd32->d[0] = grp->gr_gid; cmd->len = F_INSN_SIZE(ipfw_insn_u32); ac--; av++; } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211051309.gA5D9Gq9004104>