V1.75 (chown security problem)
Keith Bostic
bostic at OKEEFFE.BERKELEY.EDU
Wed Jan 18 09:53:08 AEST 1989
Subject: chown security problem
Index: sys 4.3BSD-tahoe
Description:
There's a security problem associated with 4.3BSD and 4.3BSD-tahoe
systems involving the chown(2) system call. It may exist in
4.3BSD derived systems; contact your vendor for more information.
Fix:
Apply the attached patch.
*** /tmp/d24713 Sun Jan 8 08:37:32 1989
--- ufs_syscalls.c Fri Jan 6 15:19:04 1989
***************
*** 3,9 ****
* All rights reserved. The Berkeley software License Agreement
* specifies the terms and conditions for redistribution.
*
! * @(#)ufs_syscalls.c 7.3 (Berkeley) 4/18/87
*/
#include "param.h"
--- 3,9 ----
* All rights reserved. The Berkeley software License Agreement
* specifies the terms and conditions for redistribution.
*
! * @(#)ufs_syscalls.c 7.4 (Berkeley) 1/6/89
*/
#include "param.h"
***************
*** 624,629 ****
--- 624,631 ----
if (fp == NULL)
return;
ip = (struct inode *)fp->f_data;
+ if (u.u_uid != ip->i_uid && !suser())
+ return;
ILOCK(ip);
u.u_error = chown1(ip, uap->uid, uap->gid);
IUNLOCK(ip);
***************
*** 647,654 ****
uid = ip->i_uid;
if (gid == -1)
gid = ip->i_gid;
- if (uid != ip->i_uid && !suser())
- return (u.u_error);
if (gid != ip->i_gid && !groupmember((gid_t)gid) && !suser())
return (u.u_error);
#ifdef QUOTA
--- 649,654 ----
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list