Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Jun 2001 22:41:03 -0600 (MDT)
From:      Brad Huntting <huntting@glarp.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/28333: rtprio/idprio setuid problems
Message-ID:  <200106220441.f5M4f3i73166@hunkular.glarp.com>
next in thread | raw e-mail | index | archive | help 

>Number:         28333
>Category:       bin
>Synopsis:       rtprio/idprio setuid problems
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 21 21:50:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Brad Huntting
>Release:        4.3 & 5.0
>Organization:
>Environment:
System: FreeBSD hunkular.glarp.com 4.3-STABLE FreeBSD 4.3-STABLE #0: Tue Jun 19 21:59:34 MDT 2001 root@hunkular.glarp.com:/usr/src/sys/compile/HUNKULAR i386


	
>Description:
	On some (but by no means all) systems it is desireable to
	allow non-root users the ability to start realtime processes.
	The obvious way to allow this is to "chmod u+s /usr/sbin/rtprio".
	Unfortunatly, this causes all programs started with rtprio
	(and idprio) to run as root.  The included patch adds a
	line to reset the euid before exec()ing the program.

	Note:  I am NOT advocating that rtprio should be installed
	setuid-root by default!  However, if the sysadmin wants to
	allow non-root users this privledge, then making a setuid-root
	program (perhaps executable by only one group) is the "unix
	way".

	This patch allows non-root users to change the priority of
	any process.  If this is not desireable, then another
	setuid(getuid()) should be added after the "case 1:" line
	as well.

>How-To-Repeat:
	$ id
	uid=1967(huntting) gid=0(wheel) groups=0(wheel)
	$ sudo chmod u+s /usr/sbin/rtprio
	$ /usr/sbin/rtprio 5 id
	uid=1967(huntting) euid=0(root) gid=0(wheel) groups=0(wheel)
			   ^^^^^^^^^^^^
			   Anoying side effect


>Fix:

--- rtprio.c.orig	Thu Jan 25 06:25:41 2001
+++ rtprio.c	Thu Jun 21 22:09:26 2001
@@ -119,6 +119,7 @@
 		if (rtprio(RTP_SET, proc, &rtp) != 0)
 			err(1, "%s", argv[0]);
 
+		setuid(getuid());		/* In case we are set-uid */
 		if (proc == 0) {
 			execvp(argv[2], &argv[2]);
 			err(1, "%s", argv[2]);
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106220441.f5M4f3i73166>