DragonFly BSD
DragonFly kernel List (threaded) for 2006-09
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Batch/At (if it wasn't broken, no worries I broke it :-) )

From: YONETANI Tomokazu <qhwt+dfly@xxxxxxxxxx>
Date: Tue, 5 Sep 2006 00:29:48 +0900

On Mon, Sep 04, 2006 at 12:36:28PM +0000, Jamie wrote:
> I don't know if batch was broken or not, but I couldn't get it to
> work on my setup.
> I patched it, removed the macros and replaced them with functions
> (to make debugging easier) as well as set a mode flag, so that
> entering priv_start() twice would return the second time without
> doing anything.

Actually, it's the fopen() in check_permission() that's tickling
something.  I attached a small C code to demonstrate this.  On DragonFly
(confirmed on 1.6 and 1.7), if you don't close a file descriptor you opened
right after the first setreuid(real_uid, effective_uid), the second one
with the same argument fails, whether you close the descriptor or not.
If you move the close() before the setreuid() above it and the program

I tried this program on a machine running FreeBSD 4.9-RELEASE, but no error
occurred, so there must be a difference in the kernel or the library.
 * usage:
 * $ gcc -W -Wall at.c
 * $ su
 * # chown root a.out; chmod u+s a.out
 * # exit
 * $ ./a.out
#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>

#define CHECK(expr) \
if ((expr) != 0) \
  err(1, #expr)

	uid_t real_uid, effective_uid;
	int fd;

	real_uid = getuid();
	effective_uid = geteuid();
	CHECK(setreuid(effective_uid, real_uid));

	CHECK(setreuid(real_uid, effective_uid));
	fd = open("/etc/hosts", O_RDONLY);
	CHECK(setreuid(effective_uid, real_uid));
	close(fd), fd = -1;	/* move this above the previous line */

	CHECK(setreuid(real_uid, effective_uid));
	printf("uid %d, euid %d\n", getuid(), geteuid());
	CHECK(setreuid(effective_uid, real_uid));
	return 0;

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]