tip shell escape (4.3BSD)
John Chambers
jbc at ghostwheel.UUCP
Fri Aug 22 08:04:45 AEST 1986
Let's suppose you have the typical setuid/gid tip.
Cf. /usr/src/usr.bin/tip/tip.c at or around line 137
.
.
gid = getgid();
egid = getegid();
uid = getuid();
euid = geteuid();
setregid(egid, gid);
setreuid(euid, uid);
.
.
and /usr/src/bin/csh/sh.c at or around line 209
.
.
if (!batch && (uid != geteuid() || getgid() != getegid())) {
errno = EACCES;
child++; /* So this ... */
Perror("csh"); /* ... doesn't return */
}
.
.
We argued that tip should reset uid's before exec'ing a shell and that
we like csh as it is, and hence added something to the effect of:
setregid( gid, gid );
setreuid( uid, uid );
in the suitable places in /usr/src/usr.bin/tip/cmd.c ....
--------
J.B. Chambers
snail: MCC/Database, P.O. Box 200195, Austin TX 78720 USA
arpa: jbc at sally.utexas.edu, db.chambers at mcc.com
uucp: {gatech,harvard,ihnp4,seismo,pyramid,...}!ut-sally!{,ghostwheel!}jbc
voice: 512 343 0860
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list