Calling "mkdir" from SUID program (SysV)

A. Keith Bloom akbloom at oss670.UUCP
Sat Oct 20 06:06:57 AEST 1990


I am writing an application for Xenix SysV (release 2.2.3) in which a user 
(call him 'B') must be able to create files and sometimes directories which 
are to be owned by another user ('A').  B will not have general permission 
to write to A's directories, but must do so through a special program which 
will be SUID to A.  Creating files is no problem, but Xenix has no "mkdir" 
system call, and the /bin/mkdir program loses the original effective UID 
because it is SUID to root.

So far I've thought of two methods for giving B the ability to create
directories owned by A, without giving B the general ability to write to
A's directories.

Method 1:  write a specialized version of the /bin/mkdir program which will
make the ownership and permissions what I wish them to be, have it run SUID
root, and call it from my SUID-to-A program.

Method 2:  the following Rube Goldbergish procedure (non-essential details 
are omitted):

  if (access(child_directory, 0) < 0)
  {
   if (chmod(parent_directory, 0775) < 0) /* allow user to write to parent */
      return -1;
   switch (fork())                 /* create child directory */
   {
    case (-1):
       return -1;
    case (0):
       execl("/bin/mkdir", "mkdir", child_directory, NULL);
       return -1;
    default:
       if (wait(&status) < 0 || status != 0)
	  return -1;
       switch(fork())     /* must create another child process */
       {
	case (-1):
	   return -1;
	case (0):         /* to keep effective uid same in parent */
	   if (setuid(getuid()) < 0)
	      exit(-1);
	                  /* because chown checks effective uid */
	   if (chown(child_directory, DBADM_UID, DBADM_GID) < 0)  
	      exit(-1);
	   exit(0);       /* exit from child process */
	default:
           if (wait(&status) < 0 || status != 0)
	      return -1;
       }
   }
   if (chmod(parent_directory, 0755) < 0) /* deny user write perm to parent */
      return -1;
  }


Method 2 works, and I'm not overly concerned about the possible security
hole (method 1 also has one), but ... can anyone think of a better (simpler)
way to do this?  

-- 
UUCP 		...!{rutgers|ames|uunet}!mimsy!woodb!akbloom
INTERNET	akbloom%woodb at mimsy.umd.edu   PHONE:  (301) 965-3066
Disclaimer:	I do not speak for the Social Security Administration or
		any other government agency.



More information about the Comp.unix.programmer mailing list