Bug 45066 - process looses access to files via the
Summary: process looses access to files via the
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel   
(Show other bugs)
Version: 6.2
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-06-20 00:23 UTC by Need Real Name
Modified: 2007-04-18 16:33 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-25 08:21:19 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2001-06-20 00:23:22 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.72 [en] (X11; U; Linux 2.2.14-5.0 i686)

Description of problem:
Files that are normally accessable via the "other" permission bits are no
longer accessable to applications that switch from superuser to a specific
user id via the setuid, seteuid, and setreuid function calls. 

How reproducible:
Always

Steps to Reproduce:
1.  Write a c program that looks like this:
(modify the uid/gid ids to that of a valid non-privileged user)

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>

int main(int argc, char **argv)
{
    int fd = 0;

    setgid(501);
    setuid(100);

    if (argc < 2)
        return EXIT_FAILURE;

    if ((fd = open(argv[1], O_RDWR)) == -1)
        printf("Error: %d: %s\n", errno, strerror(errno));
    else
        close(fd);

    sleep(10); // to verify with ps that the process id has switched.

    return EXIT_SUCCESS;
}

2. touch a file (as root) (# touch afile)
3. chmod 006 afile
4. run the program as root (# openTest afile)
5. verify process is owned by the user id specified with ps -ef 
6. program outputs an error message indicating permission has been denied.

Actual Results:  File cannot be opened by the program, EACCES error is in
errno.


Expected Results:  File should be opened via the "other" permissions.

Program works fine if you comment out the setuid/setgid functions and run
program as root or the non-privileged user. 

Additional info:

No apparent work around.

Comment 1 Jakub Jelinek 2001-06-25 07:43:44 UTC
This has nothing to do with glibc, the relevant function calls are stright
system calls. So I'll let kernel folks to explain this.

Comment 2 Arjan van de Ven 2001-06-25 07:51:10 UTC
Which kernel is this exactly ?

Comment 3 Arjan van de Ven 2001-06-25 08:18:45 UTC
"Other" permission bits are irrelevant if GID of file is one of your
supplementary groups. setgid(2) doesn't alter them.


Comment 4 Arjan van de Ven 2001-06-25 08:21:15 UTC
man setgroups

gives info on how to manipulate this.

Comment 5 Need Real Name 2001-06-25 16:19:43 UTC
I've made the following modifications to my test program:

insert these two lines before the setgid() call, (which probably isn't 
necessary anymore.):

const gid_t groupList[] = {501};
setgroups((sizeof(groupList) / sizeof(gid_t)), &groupList);

And now the program can access the file via the other bits, as a result of 
losing group 0. 

BTW, it is kernel 2.2.14.

Thanks.

Comment 6 Need Real Name 2001-06-25 16:28:00 UTC
Opps there was a bug in my code:

add this line:
#include <grp.h>

and  change the segroups() line to this:

setgroups((sizeof(groupList)/sizeof(gid_t)), groupList);




Note You need to log in before you can comment on or make changes to this bug.