From mark@linus.demon.co.uk  Tue May  6 19:47:08 1997
Received: from linus.demon.co.uk (linus.demon.co.uk [158.152.10.220])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA25667
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 6 May 1997 19:47:06 -0700 (PDT)
Received: (from mark@localhost)
	by linus.demon.co.uk (8.8.5/8.8.5) id DAA20678;
	Wed, 7 May 1997 03:47:38 +0100 (BST)
Message-Id: <199705070247.DAA20678@linus.demon.co.uk>
Date: Wed, 7 May 1997 03:47:38 +0100 (BST)
From: Mark Valentine <mark@linus.demon.co.uk>
Reply-To: mark@linus.demon.co.uk
To: FreeBSD-gnats-submit@freebsd.org
Subject: rlogin doesn't read $HOSTALIASES for non-root users
X-Send-Pr-Version: 3.2

>Number:         3524
>Category:       bin
>Synopsis:       rlogin doesn't read $HOSTALIASES for non-root users
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    imp
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May  6 19:50:02 PDT 1997
>Closed-Date:    Mon Jan 10 18:21:40 MST 2005
>Last-Modified:  Mon Jan 10 18:21:40 MST 2005
>Originator:     Mark Valentine
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
>Environment:
>Description:

	Revision 1.13 of libc/net/res_query.c breaks usage of user HOSTALIASES
	file with setuid/setgid programs (such as rlogin), unless the user is
	root.

>How-To-Repeat:

	$ echo foohost foohost.some.domain >>$HOME/.hosts
	$ export HOSTALIASES=$HOME/.hosts
	$ rlogin foohost
	foohost: Unknown host

>Fix:
	
	Perhaps the security check might be a little more clever (along
	the lines of the ~/.rhosts check in iruserok()) - don't fail if
	the file is world readable, or if the real user is the owner of
	the file.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->imp 
Responsible-Changed-By: imp 
Responsible-Changed-When: Wed Sep 16 11:01:32 MDT 1998 
Responsible-Changed-Why:  
I broke it, I'll try to fix it. 
State-Changed-From-To: open->closed 
State-Changed-By: imp 
State-Changed-When: Mon Jan 10 18:21:07 MST 2005 
State-Changed-Why:  
This is too hard to fix, so I'm going to close it. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=3524 
>Unformatted:

Note: This is hard to fix.

In the absence of setreuid(2), we could do a setuid(getuid()) before
the open and restore after.  However, setreuid swapping breaks this by
giving us the wrong uid as the real uid that getuid() returns.  Since
we control libc, we might be able to note that setreuid was called,
and refuse to work in that case.  This would break nothing in the
tree, but might break third party applications.  That's likely the
line of attack I'd take.

The problem with checking things is that you can race the checks, or
maybe cause bad things to happen.  Between the stat and the open, etc.
The usualy solution of opening the file then stating it causes the
"Tape rewind" problem.  Someone could set $HOSTALIASES to /dev/rst0,
for example.  Checking beforehand is raceable.  If one were to
introduce O_NODEV flag, then would could get around this, but who
knows what other side effects opening files could have.

Yes, this is still a bug as of 4.3 release and may 30, 2001 current.

Warner
